haloceded[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

haloceded.exe
Size

1.8MB
MD5

d02bae81ab695b94688ca9496924b6c8
SHA1

14d36c2c63f32110a9049d963a6c4b2902283e84
SHA256

1248aa625f2e121e59f3c1a29a343a2db279b3e4528eaea976f4899e3f0f6392
SHA512

6ec327cbf63baaa35b9cc794ed0a9e4e114c93806e16f9f9daded18d340fa7124f8e9688b1a1ea3589091a0ce332545f885cd549cf660e521e312be6084b4d2c
SSDEEP

24576:soUSf1niBheNfRCAyvN1pEP0WnCzlxZ/Y+zFri5HoZiY4mV7CDwTuqhC8Db5514d:soU6iveNfkAyvNfOSJZicewfEk5v8tF

Score

1^/10

Malware Config

Signatures

Files

haloceded.exe
.exe windows x86

9389216da339939f122e1f050f0af0ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
sendto
gethostname
WSAGetLastError
recvfrom
WSAStartup
gethostbyname
inet_addr
inet_ntoa
setsockopt

kernel32

SleepEx
WaitForSingleObjectEx
CreateEventA
GetLastError
SetLastError
ReadFileEx
SystemTimeToFileTime
CompareFileTime
SetFileTime
ReadFile
GetFileTime
GetSystemTime
WriteFile
GetOverlappedResult
ExitProcess
FreeLibrary
GetCurrentProcess
VirtualFree
GetProcAddress
VirtualAlloc
LoadLibraryA
GlobalMemoryStatus
SetErrorMode
QueryPerformanceCounter
GlobalAlloc
GetFileAttributesA
CreateDirectoryA
GlobalFree
QueryPerformanceFrequency
GetCurrentProcessId
GlobalReAlloc
GetCurrentThread
GetTickCount
FindFirstFileA
FindClose
FindNextFileA
FillConsoleOutputCharacterA
GetNumberOfConsoleInputEvents
WriteConsoleOutputCharacterA
ReadConsoleInputA
FreeConsole
SetConsoleMode
SetConsoleCursorPosition
SetConsoleTitleA
GetStdHandle
WriteConsoleA
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
SetConsoleCursorInfo
FillConsoleOutputAttribute
GetConsoleCursorInfo
GetTimeFormatA
GetDateFormatA
VirtualQuery
GetLocalTime
CopyFileA
DeleteFileA
GetDiskFreeSpaceExA
SetProcessAffinityMask
GlobalLock
GlobalUnlock
LocalAlloc
GetModuleFileNameA
GetVersionExA
GetTempPathA
LocalFree
SetEndOfFile
GetPriorityClass
CreateProcessA
TerminateProcess
MultiByteToWideChar
SetEvent
GetCurrentDirectoryA
GetCurrentThreadId
DuplicateHandle
RemoveDirectoryA
GetFileAttributesExA
FormatMessageA
SetFileAttributesA
MoveFileA
WideCharToMultiByte
GetThreadPriority
LoadResource
FindResourceExA
LockResource
TlsSetValue
TlsFree
TlsAlloc
GetStartupInfoA
GetFileType
TlsGetValue
SetHandleCount
FlushFileBuffers
HeapReAlloc
HeapFree
HeapAlloc
GetCommandLineA
GetSystemTimeAsFileTime
RaiseException
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LCMapStringA
LCMapStringW
HeapSize
GetTimeZoneInformation
GetSystemInfo
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
CompareStringA
CompareStringW
SetStdHandle
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
RtlUnwind
GetLocaleInfoA
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetFileSize
CreateFileA
ExitThread
TerminateThread
CreateThread
ResumeThread
CloseHandle
VirtualProtect
Sleep
CreateFileMappingA
GetModuleHandleA
ReleaseMutex
CreateMutexA
GetExitCodeThread
SetThreadPriority
WaitForSingleObject
SetEnvironmentVariableA
SetUnhandledExceptionFilter
SetPriorityClass
IsBadCodePtr

user32

LoadStringA
DestroyWindow
GetWindowRect
wsprintfA
GetClientRect
ShowCursor
CreateDialogIndirectParamA
PeekMessageA
GetDesktopWindow
SetWindowPos
DispatchMessageA
MoveWindow
SetForegroundWindow
GetWindowPlacement
FindWindowA
CloseClipboard
IsClipboardFormatAvailable
GetDoubleClickTime
GetClipboardData
ShowWindow
OpenClipboard
MsgWaitForMultipleObjects
GetCursorPos
GetAsyncKeyState
MessageBoxA
GetKeyState

advapi32

IsValidSecurityDescriptor
AddAccessAllowedAce
SetSecurityDescriptorOwner
AllocateAndInitializeSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DuplicateToken
AccessCheck
SetSecurityDescriptorGroup
OpenThreadToken
OpenProcessToken
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
GetLengthSid
RegSetValueExA
RegCreateKeyExA
FreeSid

ole32

StringFromGUID2
CLSIDFromString

winmm

timeBeginPeriod
timeEndPeriod

wininet

InternetQueryOptionA

wsock32

ntohl
htonl
ntohs
htons
__WSAFDIsSet
shutdown
recv
send
getsockname
closesocket
bind
select
WSACleanup
inet_ntoa
connect

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9389216da339939f122e1f050f0af0ff

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

ole32

winmm

wininet

wsock32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 144KB - Virtual size: 140KB

.data Size: 252KB - Virtual size: 1.5MB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 60KB - Virtual size: 59KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 144KB - Virtual size: 140KB

.data
Size: 252KB - Virtual size: 1.5MB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 60KB - Virtual size: 59KB