f0135e4bf7f6342a15a061e6a91081ea4487b1791cc52182e1f9af52acedaac0

Sharing

Copy URL Twitter E-mail

General

Target

f0135e4bf7f6342a15a061e6a91081ea4487b1791cc52182e1f9af52acedaac0
Size

5.9MB
MD5

5a17a7d7a5950bf717128df16b67e561
SHA1

943352ee3286c7b545abcc72b2f39a525c1c4635
SHA256

f0135e4bf7f6342a15a061e6a91081ea4487b1791cc52182e1f9af52acedaac0
SHA512

a31c1f93024d7bf3e612961d9c48a328230aa7211781f3864c3360c2318793317a290d78c5f77eaf31c66117ab8e91e7984bf634dc191560df9d8f29feec0cae
SSDEEP

98304:hTv8iiXCLEaHA6Dzc9rtbcTI0FOmoAwGANXzcu5PN/7HFT2EAGfHJ7K:hT0bSL7Hyttbcj7wGANDDbDdyUU

Score

1^/10

Malware Config

Signatures

Files

f0135e4bf7f6342a15a061e6a91081ea4487b1791cc52182e1f9af52acedaac0
.exe windows x64

072978fe42d965ab94f8ea8ded92a0d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

ws2_32

WSAStartup
socket
send
recv
inet_addr
htons
connect
closesocket

mfc140u

ord8507
ord13864
ord5245
ord8947
ord11902
ord3713
ord3718
ord13401
ord6002
ord5916
ord10727
ord6303
ord2222
ord2187
ord6596
ord3167
ord3273
ord7783
ord4098
ord8829
ord5904
ord6287
ord11933
ord11625
ord14209
ord8656
ord6729
ord10691
ord3173
ord13513
ord11944
ord11940
ord1700
ord1722
ord1748
ord1734
ord1755
ord4776
ord4843
ord4788
ord4806
ord4800
ord4794
ord4853
ord4837
ord11901
ord4859
ord4814
ord4726
ord4767
ord4828
ord4360
ord5582
ord9384
ord4352
ord2967
ord14211
ord8468
ord14217
ord6631
ord11406
ord13354
ord5723
ord2629
ord11806
ord3812
ord3278
ord3279
ord3172
ord11850
ord5080
ord5363
ord5552
ord9041
ord5339
ord5083
ord5229
ord1111
ord5555
ord9941
ord8900
ord13136
ord290
ord7235
ord8926
ord11855
ord450
ord6850
ord1091
ord2270
ord11813
ord6000
ord5062
ord7460
ord7461
ord7450
ord13397
ord2697
ord4752
ord990
ord8901
ord1089
ord8731
ord10704
ord11085
ord10163
ord3951
ord3307
ord3308
ord3071
ord3212
ord3209
ord9946
ord7913
ord14360
ord9976
ord9978
ord3599
ord4725
ord1369
ord878
ord2212
ord8161
ord280
ord12240
ord7893
ord4946
ord7054
ord940
ord13109
ord1432
ord2178
ord8167
ord7393
ord1450
ord8084
ord11929
ord10124
ord12606
ord12544
ord4445
ord7716
ord8023
ord5183
ord10070
ord2439
ord12223
ord12222
ord14210
ord7650
ord14216
ord9089
ord4011
ord3949
ord12625
ord7668
ord2011
ord11665
ord11664
ord14088
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord14289
ord6122
ord13545
ord983
ord6614
ord3731
ord5706
ord11921
ord7651
ord2370
ord5227
ord7922
ord6250
ord3756
ord6320
ord4656
ord1033
ord296
ord1641
ord7920
ord9977
ord9975
ord9979
ord5451
ord11414
ord11415
ord8830
ord4782
ord11771
ord2698

kernel32

DeleteFileA
GetModuleHandleA
GetFullPathNameA
SetFilePointer
WriteFile
OutputDebugStringW
EnterCriticalSection
LoadLibraryA
CreateFileA
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetProcAddress
GetModuleHandleW
CreateEventW
InitializeCriticalSectionAndSpinCount
CloseHandle
WideCharToMultiByte
GetModuleFileNameA
CreateProcessA
Sleep
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
GetComputerNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
InitializeCriticalSection

user32

EnableWindow
SendMessageW
IsIconic
GetSystemMetrics
AppendMenuW
SetParent
FindWindowA
GetWindowThreadProcessId
LoadIconW
MessageBoxA
GetSystemMenu
GetClientRect
DrawIcon

comctl32

InitCommonControlsEx

vcruntime140

memcpy
_CxxThrowException
__std_exception_destroy
__std_exception_copy
strstr
memset
memcmp
__C_specific_handler
__current_exception
__current_exception_context
memmove

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_get_wide_winmain_command_line
_configure_wide_argv
_c_exit
_register_thread_local_exe_atexit_callback
_exit
_seh_filter_exe
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_wide_environment
exit
terminate
_set_app_type
_cexit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-string-l1-1-0

strcat_s
strcpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
_set_fmode
__acrt_iob_func
__p__commode

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-utility-l1-1-0

rand
srand

advapi32

OpenSCManagerW
OpenServiceA
CreateServiceA
CloseServiceHandle
DeleteService
StartServiceW

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

072978fe42d965ab94f8ea8ded92a0d7

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

ws2_32

mfc140u

kernel32

user32

comctl32

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

advapi32

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 5.8MB - Virtual size: 5.8MB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 77KB - Virtual size: 77KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 5.8MB - Virtual size: 5.8MB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 77KB - Virtual size: 77KB

.reloc
Size: 2KB - Virtual size: 1KB