5f548df2df66cf058080e72e5b6ff4f1a37a333553f56bf3e8249094a5461f72

Sharing

Copy URL Twitter E-mail

General

Target

5f548df2df66cf058080e72e5b6ff4f1a37a333553f56bf3e8249094a5461f72
Size

276KB
MD5

797ba0cb778ffca6b25f56d91598748b
SHA1

4bf9a3665848fd51d118749a40a25b1d1575304e
SHA256

5f548df2df66cf058080e72e5b6ff4f1a37a333553f56bf3e8249094a5461f72
SHA512

bd2645e0999006ba21367ab3d0631dd7255ffcebadbb4e9411e7240f2e5e800024ae05bd89f64537ef8a1e3865365953190c33fdcb73fe01693061b97f3445d3
SSDEEP

6144:dNopXpsYLUYk6m2dpdqiYJXsQEgKFn/VOIZzF6Na:dWR9M6m2dpdJfFnNPZgN

Score

1^/10

Malware Config

Signatures

Files

5f548df2df66cf058080e72e5b6ff4f1a37a333553f56bf3e8249094a5461f72
.exe windows x86

880f67f12eadc926cd7e167d60cb3b44

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

__WSAFDIsSet
select
send
sendto
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
WSAStartup
getsockopt
getpeername
WSAIoctl
connect
WSAGetLastError
htons
ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
WSACleanup

kernel32

GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
HeapDestroy
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
GetCommandLineW
InterlockedCompareExchange
Sleep
InterlockedExchange
CloseHandle
GetProcAddress
GetModuleHandleW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
GetCurrentProcessId
CreateProcessW
WaitForSingleObject
LoadLibraryW
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
EncodePointer
GetModuleFileNameW
WritePrivateProfileStringW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
VerSetConditionMask
SleepEx
VerifyVersionInfoW
InitializeCriticalSection
SetLastError
GetTickCount
PeekNamedPipe
ReadFile
GetStdHandle
GetFileType
FormatMessageA
IsDebuggerPresent
OutputDebugStringW

advapi32

OpenProcessToken
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

CommandLineToArgvW

shlwapi

StrCmpNIW

msvcp120

?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr120

_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_XcptFilter
_except1
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_strdup
_read
_write
_close
_open
_strnicmp
_stricmp
_CxxThrowException
__CxxFrameHandler3
memcpy
?terminate@@YAXXZ
??3@YAXPAX@Z
memmove
free
??_V@YAXPAX@Z
_purecall
??2@YAPAXI@Z
tolower
toupper
_snwprintf_s
_time64
fwrite
fclose
malloc
fread
_vscwprintf
memcpy_s
vswprintf_s
_wcsicmp
wcschr
sprintf
memchr
_beginthreadex
fputc
fflush
realloc
sscanf
strchr
calloc
strncmp
strstr
__iob_func
strtol
strncpy
isalpha
strrchr
strtoul
isxdigit
_errno
qsort
strtoll
fopen
fseek
isspace
isdigit
_lseeki64
_fstat64
isalnum
atoi
_getpid
strerror
__sys_nerr
_gmtime64
_stat64
isupper
isgraph
isprint
islower
memset

wldap32

ord133
ord142
ord46
ord301
ord27
ord147
ord167
ord208
ord145
ord14
ord118
ord127
ord41
ord26
ord79
ord216

psapi

GetModuleFileNameExW
GetProcessImageFileNameW

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

880f67f12eadc926cd7e167d60cb3b44

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

advapi32

shell32

shlwapi

msvcp120

msvcr120

wldap32

psapi

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 71KB - Virtual size: 70KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 71KB - Virtual size: 70KB

.reloc
Size: 8KB - Virtual size: 7KB