ed3a685ca65de70b79faf95bbd94c343e73a150e83184f67e0bdb35b11d05791

Sharing

Copy URL Twitter E-mail

General

Target

ed3a685ca65de70b79faf95bbd94c343e73a150e83184f67e0bdb35b11d05791
Size

1.2MB
MD5

0ced87772881b63caf95f1d828ba40c5
SHA1

6e5fca51a018272d1b1003b16dce6ee9e836908c
SHA256

ed3a685ca65de70b79faf95bbd94c343e73a150e83184f67e0bdb35b11d05791
SHA512

65f3a52930dd560cf27a9a6e7386ae1bba22d663a1112b44fa1db043bd0b980f7dcb1d5fe21b873bb93db69c5c4d0b3c7dcf13ea110836970454b56dc16e57bb
SSDEEP

24576:DxIWmj1GwuqWt6GoXrxv7EJoD7p1YQzA+GdctrOvpk5P4TB5tP9P6F:Dnqqo5PzA+Gda4TB5tFP6F

Score

1^/10

Malware Config

Signatures

Files

ed3a685ca65de70b79faf95bbd94c343e73a150e83184f67e0bdb35b11d05791
.exe windows x86

528498246e893d454b0afdebdb745c46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wldap32

ord46
ord211
ord60
ord50
ord41
ord22
ord26
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord301
ord143

urlmon

URLDownloadToFileW

ws2_32

connect
closesocket
bind
send
getpeername
WSASetLastError
select
__WSAFDIsSet
WSAGetLastError
WSACleanup
WSAStartup
gethostname
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
recvfrom
sendto
accept
listen
ioctlsocket
recv

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetCurrentProcessId
FileTimeToSystemTime
GetCurrentProcess
CreateDirectoryW
WaitForSingleObject
GetModuleHandleW
FlushFileBuffers
Sleep
GetModuleFileNameW
lstrlenW
CloseHandle
GetVersion
GetLastError
QueryPerformanceCounter
GetTickCount
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VerSetConditionMask
SleepEx
VerifyVersionInfoA
FormatMessageA
FreeLibrary
GetProcAddress
WaitForMultipleObjects
GetFileType
GetStdHandle
ReadFile
PeekNamedPipe
LoadLibraryA
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
LoadLibraryExW
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetACP
GetOEMCP
OutputDebugStringW
HeapSize
ReadConsoleW
SetStdHandle
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SetEnvironmentVariableW
SetEnvironmentVariableA
CopyFileW
ExitThread
GetCurrentThreadId
CreateThread
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
GetCurrentDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
DeviceIoControl
GetModuleHandleA
AreFileApisANSI
LocalFree
HeapFree
HeapAlloc
GetModuleHandleExW
WriteConsoleW
GetCPInfo
GetSystemTimeAsFileTime
ExitProcess
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc

advapi32

CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueExA
GetTokenInformation
RegCreateKeyW
OpenProcessToken

shell32

ShellExecuteW
ShellExecuteExW

Sections

.text
Size: 914KB - Virtual size: 913KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

528498246e893d454b0afdebdb745c46

Headers

DLL Characteristics

File Characteristics

Imports

wldap32

urlmon

ws2_32

kernel32

advapi32

shell32

Sections

.text Size: 914KB - Virtual size: 913KB

.rdata Size: 225KB - Virtual size: 224KB

.data Size: 30KB - Virtual size: 46KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 49KB - Virtual size: 49KB

.text
Size: 914KB - Virtual size: 913KB

.rdata
Size: 225KB - Virtual size: 224KB

.data
Size: 30KB - Virtual size: 46KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 49KB - Virtual size: 49KB