General

Malware Config

Signatures

Files

• 1bdbf56cc827f362a689eced94a4ee30N.exe

  .exe windows:5 windows x86 arch:x86

  a1cc9a2071a86c4c3d3a5d9cd417437d

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ws2_32

  recvfrom

  setsockopt

  sendto

  bind

  send

  recv

  WSAStartup

  ioctlsocket

  WSACloseEvent

  WSARecv

  WSASend

  WSAGetLastError

  WSAEnumNetworkEvents

  gethostname

  connect

  inet_ntoa

  inet_addr

  htons

  getsockname

  shutdown

  socket

  closesocket

  gethostbyname

  WSAEventSelect

  WSAGetOverlappedResult

  WSAWaitForMultipleEvents

  getpeername

  accept

  WSACreateEvent

  WSASocketA

  listen

  shlwapi

  PathFileExistsW

  StrCmpNW

  PathMatchSpecW

  PathFindFileNameW

  StrStrIA

  StrChrA

  StrCmpNIA

  StrStrW

  urlmon

  URLDownloadToFileW

  wininet

  InternetReadFile

  InternetOpenUrlW

  InternetOpenW

  InternetCloseHandle

  InternetOpenA

  HttpSendRequestA

  HttpAddRequestHeadersA

  HttpOpenRequestA

  InternetConnectA

  InternetCrackUrlA

  ntdll

  memcpy

  _chkstk

  _aulldiv

  RtlUnwind

  memmove

  mbstowcs

  RtlTimeToSecondsSince1980

  NtQuerySystemTime

  NtQueryVirtualMemory

  strstr

  isdigit

  isalpha

  _allshl

  _aullshr

  memset

  msvcrt

  rand

  srand

  _vscprintf

  kernel32

  CreateEventA

  CreateProcessW

  GetLocaleInfoA

  DuplicateHandle

  DeleteCriticalSection

  GetThreadPriority

  SetThreadPriority

  GetCurrentThread

  GetCurrentProcess

  InterlockedExchangeAdd

  InterlockedIncrement

  InterlockedExchange

  WaitForSingleObject

  InterlockedDecrement

  GetCurrentProcessId

  HeapSetInformation

  GetSystemInfo

  PostQueuedCompletionStatus

  GetProcessHeaps

  HeapValidate

  HeapCreate

  HeapFree

  HeapAlloc

  HeapReAlloc

  ExpandEnvironmentStringsW

  CreateThread

  CreateMutexA

  GetLastError

  ExitProcess

  GetQueuedCompletionStatus

  CreateIoCompletionPort

  SetEvent

  GetVolumeInformationW

  SetFileAttributesW

  lstrcpyW

  DeleteFileW

  GetDiskFreeSpaceExW

  FindNextFileW

  lstrcmpiW

  QueryDosDeviceW

  RemoveDirectoryW

  FindClose

  lstrlenA

  GlobalLock

  GetModuleHandleW

  GetTickCount

  GlobalAlloc

  Sleep

  lstrcpynW

  ExitThread

  MultiByteToWideChar

  lstrlenW

  GlobalUnlock

  GetFileSize

  MapViewOfFile

  UnmapViewOfFile

  WriteFile

  InitializeCriticalSection

  LeaveCriticalSection

  CreateFileW

  FlushFileBuffers

  EnterCriticalSection

  CreateFileMappingW

  CloseHandle

  FindFirstFileW

  GetDriveTypeW

  MoveFileExW

  CreateDirectoryW

  GetLogicalDrives

  CopyFileW

  GetModuleFileNameW

  lstrcmpW

  user32

  RegisterClassExW

  TranslateMessage

  GetClipboardData

  EmptyClipboard

  ChangeClipboardChain

  SetWindowLongW

  DefWindowProcA

  RegisterRawInputDevices

  wsprintfW

  SendMessageA

  IsClipboardFormatAvailable

  CloseClipboard

  GetMessageA

  wvsprintfA

  GetWindowLongW

  CreateWindowExW

  DispatchMessageA

  OpenClipboard

  SetClipboardData

  SetClipboardViewer

  advapi32

  RegSetValueExW

  CryptGenRandom

  CryptReleaseContext

  CryptAcquireContextW

  RegQueryValueExW

  RegOpenKeyExA

  RegSetValueExA

  RegCloseKey

  RegOpenKeyExW

  shell32

  ShellExecuteW

  ole32

  CoInitializeEx

  CoCreateInstance

  CoInitialize

  CoUninitialize

  oleaut32

  SysFreeString

  SysAllocString

  Sections

  .text

  Size: 52KB - Virtual size: 52KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .text

  Size: 222KB - Virtual size: 224KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE