raccoon | Raccoon[.]Stealer[.]v2[.]sha[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Raccoon.Stealer.v2.sha.zip
Size

589KB
MD5

0831d0df9d7696f6aed73600539cdb3f
SHA1

a36cc1fde961edc0de12a70235517fcb9d8fe930
SHA256

2b574142c27e20f6fd8a1285772104c9e13774631d3173f2eb825dae4a6ffe65
SHA512

8618a315967c12116503a711030c6c3c1d6207b6ce121865944202556a1ea3ed7eca31fdf0b6f91193c38e352ad165b9a767514535c59a18cf056cf0472cd995
SSDEEP

12288:3T0zBDiyKxxceujRPQFW0WuKDHI9yWAryOMIAxQ2UvO5v6xATr0xEQB:oRiyKL4jR4c0oYFOMrUvOZV0xP

Malware Config

Extracted

Family

raccoon

Botnet

403f7b121a3afd9e8d27f945140b8a92

http://2.58.56.247

Attributes

user_agent
record

rc4.plain

1
403f7b121a3afd9e8d27f945140b8a92

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

59c9737264c0b3209d9193b8ded6c127

http://51.195.166.184/

Attributes

user_agent
record

rc4.plain

1
59c9737264c0b3209d9193b8ded6c127

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

e2586fb50f7434bfb05d10accaefc49b

http://194.156.98.151

http://178.128.94.180

Attributes

user_agent
record

rc4.plain

1
e2586fb50f7434bfb05d10accaefc49b

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

3ed895c4ff5dc5ec85caa2a9d1bed0f2

http://51.195.166.184/

Attributes

user_agent
record

rc4.plain

1
3ed895c4ff5dc5ec85caa2a9d1bed0f2

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

5f3e2ed386ddeccffbb4e34c56fc2efd

http://192.248.184.34/

http://140.82.52.55/

Attributes

user_agent
record

rc4.plain

1
5f3e2ed386ddeccffbb4e34c56fc2efd

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

e585741d6b0b8a4e8192f16d8039618c

http://51.195.166.184/

Attributes

user_agent
record

rc4.plain

1
e585741d6b0b8a4e8192f16d8039618c

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

493cd800ef7e79f58f8ff5358ddf39e3

http://85.202.169.112/

Attributes

user_agent
record

rc4.plain

1
493cd800ef7e79f58f8ff5358ddf39e3

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

b695af1820665d4dec830ca4a9dcca08

http://91.194.11.43/

Attributes

user_agent
record

rc4.plain

1
b695af1820665d4dec830ca4a9dcca08

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

501a1e4179cf717ac47928b0babb659b

http://51.195.166.184/

Attributes

user_agent
record

rc4.plain

1
501a1e4179cf717ac47928b0babb659b

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

e659c40e6a0038a59a752ff4d0ceb719

http://51.195.166.184/

Attributes

user_agent
record

rc4.plain

1
e659c40e6a0038a59a752ff4d0ceb719

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

251130064569c4e8c0c5b31929396cc7

http://142.132.180.233/

Attributes

user_agent
record

rc4.plain

1
251130064569c4e8c0c5b31929396cc7

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

fb389acc0c06486bd2eaf61e0a781e10

http://51.195.166.184/

Attributes

user_agent
record

rc4.plain

1
fb389acc0c06486bd2eaf61e0a781e10

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

918c80e5f68acd2d6e7bb4b7d37a9190

http://185.225.19.198/

Attributes

user_agent
record

rc4.plain

1
918c80e5f68acd2d6e7bb4b7d37a9190

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

3ae13dbd91e0fa85463715dc48979fb2

http://51.195.166.184/

Attributes

user_agent
record

rc4.plain

1
3ae13dbd91e0fa85463715dc48979fb2

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

8dfaf19d5f208c09ef40073e938545f5

http://51.195.166.184/

Attributes

user_agent
record

rc4.plain

1
8dfaf19d5f208c09ef40073e938545f5

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

b9418e8977fce1050745c6371e5d9b89

http://51.195.166.184/

Attributes

user_agent
record

rc4.plain

1
b9418e8977fce1050745c6371e5d9b89

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

0d78fe0763f83f0ac733762de262c556

http://142.132.225.253/

Attributes

user_agent
record

rc4.plain

1
0d78fe0763f83f0ac733762de262c556

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

77975b9923aa5e257840086ae38f4f7c

http://31.13.195.44

Attributes

user_agent
record

rc4.plain

1
77975b9923aa5e257840086ae38f4f7c

rc4.plain

1
edinayarossiya

Extracted

Family

raccoon

Botnet

e2ae951b7762cdae39d49918c5b3283d

http://51.195.166.201/

Attributes

user_agent
record

rc4.plain

1
e2ae951b7762cdae39d49918c5b3283d

rc4.plain

1
edinayarossiya

Signatures

Raccoon family
raccoon

Unsigned PE 21 IoCs

Checks for missing Authenticode signature.

resource
unpack001/0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909
unpack001/022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03
unpack001/048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059
unpack001/0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256
unpack001/2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc
unpack001/263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693
unpack001/27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577
unpack001/2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e
unpack001/47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1
unpack001/516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e
unpack001/5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99
unpack001/62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975
unpack001/7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269
unpack001/7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0
unpack001/960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63
unpack001/99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac
unpack001/9ee50e94a731872a74f47780317850ae2b9fae9d6c53a957ed7187173feb4f42
unpack001/bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e
unpack001/c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a
unpack001/e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5
unpack001/f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27

Files

Raccoon.Stealer.v2.sha.zip
.zip

Password: infected
0123b26df3c79bac0a3fda79072e36c159cfd1824ae3fd4b7f9dea9bda9c7909
.exe windows:6 windows x86 arch:x86

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
022432f770bf0e7c5260100fcde2ec7c49f68716751fd7d8b9e113bf06167e03
.exe windows:6 windows x86 arch:x86

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
048c0113233ddc1250c269c74c9c9b8e9ad3e4dae3533ff0412d02b06bdf4059
.exe windows:6 windows x86 arch:x86

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
0c722728ca1a996bbb83455332fa27018158cef21ad35dc057191a0353960256
.exe windows:6 windows x86 arch:x86

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2106b6f94cebb55b1d55eb4b91fa83aef051c8866c54bb75ea4fd304711c4dfc
.exe windows:6 windows x86 arch:x86

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
263c18c86071d085c69f2096460c6b418ae414d3ea92c0c2e75ef7cb47bbe693
.exe windows:6 windows x86 arch:x86

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
27e02b973771d43531c97eb5d3fb662f9247e85c4135fe4c030587a8dea72577
.exe windows:6 windows x86 arch:x86

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2911be45ad496dd1945f95c47b7f7738ad03849329fcec9c464dfaeb5081f67e
.exe windows:6 windows x86 arch:x86

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
47f3c8bf3329c2ef862cf12567849555b17b930c8d7c0d571f4e112dae1453b1
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
516c81438ac269de2b632fb1c59f4e36c3d714e0929a969ec971430d2d63ac4e
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5d66919291b68ab8563deedf8d5575fd91460d1adfbd12dba292262a764a5c99
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
62049575053b432e93b176da7afcbe49387111b3a3d927b06c5b251ea82e5975
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7299026b22e61b0f9765eb63e42253f7e5d6ec4657008ea60aad220bbc7e2269
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7322fbc16e20a7ef2a3188638014a053c6948d9e34ecd42cb9771bdcd0f82db0
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
960ce3cc26c8313b0fe41197e2aff5533f5f3efb1ba2970190779bc9a07bea63
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
99f510990f240215e24ef4dd1d22d485bf8c79f8ef3e963c4787a8eb6bf0b9ac
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
9ee50e94a731872a74f47780317850ae2b9fae9d6c53a957ed7187173feb4f42
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bd8c1068561d366831e5712c2d58aecb21e2dbc2ae7c76102da6b00ea15e259e
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
c6e669806594be6ab9b46434f196a61418484ba1eda3496789840bec0dff119a
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e309a7a942d390801e8fedc129c6e3c34e44aae3d1aced1d723bc531730b08f5
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
f7b1aaae018d5287444990606fc43a0f2deb4ac0c7b2712cc28331781d43ae27
.exe windows:6 windows x86 arch:x86

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
GetUserDefaultLCID
GetSystemInfo
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryW

advapi32

GetUserNameW

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Files

Password: infected

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 5KB

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 5KB

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 5KB

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 42KB - Virtual size: 41KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 5KB

Password: infected

4ec5227a81c3e90d891321c143c67557

Headers

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 42KB - Virtual size: 41KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 42KB - Virtual size: 41KB