c886cfc4c80c83cb47f18101dd9066b274743e61addb0e44f6396383e57f6ef0

Sharing

Copy URL Twitter E-mail

General

Target

c886cfc4c80c83cb47f18101dd9066b274743e61addb0e44f6396383e57f6ef0
Size

1.5MB
MD5

4b80514f283a78a32095063e41b6c8c1
SHA1

93bffda3ed5ce5a9485d89a33f8764543cf3d568
SHA256

c886cfc4c80c83cb47f18101dd9066b274743e61addb0e44f6396383e57f6ef0
SHA512

323680cdaaf2d84838295d53e4fc9b4b72f8ac0bbc7db9950c8be4b2213e4d88a718a707f4a51cc033aebc96801222db27be1e1521cc7f307f0a6b1d9e7599dc
SSDEEP

6144:lkqzOXjiSZSHGysvy4/TBib2OIRrX57RaT:pOTiSZSHGZvy4/TAbq57Y

Score

N/A

Malware Config

Signatures

Files

c886cfc4c80c83cb47f18101dd9066b274743e61addb0e44f6396383e57f6ef0
.exe windows x86

4bdf852026054e16a88261b666333cae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80ud

ord5922
ord1917
ord5499
ord2176
ord2179
ord8120
ord9158
ord2133
ord2209
ord908
ord840
ord855
ord6998
ord8389
ord1116
ord2319
ord621
ord3469
ord673
ord2760
ord7787
ord8323
ord3187
ord299
ord832
ord694
ord1358
ord2547
ord3102
ord2322
ord347
ord573
ord8205
ord8168
ord8288
ord8451
ord693
ord711
ord8384
ord7637
ord2165
ord2166
ord5539
ord340
ord379
ord4485
ord1668
ord2783
ord7756
ord8132
ord7358
ord7372
ord7575
ord7507
ord7648
ord7642
ord7776
ord8069
ord8374
ord5830
ord8369
ord7595
ord8382
ord7598
ord3489
ord7042
ord7257
ord8484
ord3090
ord8478
ord2761
ord2756
ord5232
ord3036
ord1821
ord270
ord267
ord893
ord6147
ord4827
ord348
ord5910
ord2094
ord2731
ord695
ord7664
ord4332
ord6378
ord5087
ord6237
ord662
ord4638
ord1757
ord2891
ord6174
ord3975
ord7553
ord7011
ord7046
ord6266
ord5503
ord3080
ord7036
ord7034
ord4114
ord2522
ord5313
ord7276
ord8601
ord6873
ord1341
ord5287
ord7570
ord2644
ord2689
ord6946
ord8669
ord5279
ord8667
ord5613
ord5655
ord888
ord2646
ord8227
ord1396
ord5311
ord714
ord870
ord729
ord5045
ord386
ord4487
ord1669
ord2784
ord5941
ord7001
ord1916
ord8117
ord9157
ord2100
ord2101
ord2244
ord2245
ord6278
ord6638
ord6468
ord5884
ord6977
ord5633
ord1416
ord407
ord640
ord2394
ord922
ord8391
ord921
ord8424
ord7769
ord7770
ord1431
ord5784
ord3696
ord7991
ord1089
ord1641
ord5468
ord5649
ord4777
ord6712
ord6482
ord3105
ord2725
ord4646
ord5502
ord3693
ord6003
ord6346
ord6343
ord7813
ord5785
ord5214
ord742
ord1975
ord286
ord3401
ord919
ord5585
ord3110
ord7547
ord4068
ord7513
ord3111
ord3826
ord5453
ord3822
ord5465
ord3131
ord3121
ord422
ord1142
ord5756
ord768
ord1978
ord739
ord1974
ord8679
ord418
ord7104
ord7108
ord6883
ord8127
ord462
ord5753
ord5398
ord289
ord5219
ord4648
ord1433
ord1145
ord3402
ord2029
ord288
ord9137
ord8463
ord2022
ord296
ord1558
ord1554
ord1435
ord1578
ord2508
ord6841
ord8666
ord5856
ord7012
ord2994
ord1802
ord2634
ord4775
ord6455
ord5961
ord2153
ord8194
ord7052
ord7050
ord1173
ord1178
ord1182
ord1180
ord1184
ord3271
ord3291
ord3275
ord3281
ord3279
ord3277
ord3294
ord3289
ord3273
ord3296
ord3284
ord3266
ord3268
ord3286
ord3002
ord2992
ord2064
ord8668
ord5280
ord8670
ord4655
ord6730
ord1864
ord6970
ord2580
ord2222
ord2221
ord2152
ord3508
ord3803
ord3972
ord5990
ord3780
ord3999
ord3511
ord3684
ord3503
ord5151
ord5152
ord5142
ord3682
ord5506
ord6179
ord5940
ord2894
ord1760
ord7685
ord4597
ord586
ord5088
ord6009
ord901

msvcr80d

__wgetmainargs
_close
_strdup
__CxxFrameHandler3
abs
_findclose
_findfirst64i32
_mkdir
memset
_amsg_exit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_exit
strcmp
fclose
fread
fopen
_findnext64i32
_recalloc
calloc
strlen
atoi
fwrite
strcat
strcpy
_invalid_parameter
_CrtDbgReportW
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_XcptFilter
_cexit
exit
_wcmdln
_CrtSetCheckCount
_initterm
_initterm_e
_CRT_RTC_INITW
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_wassert
memcpy
rand
srand
_time64
_errno
_stat64i32
strrchr
_stricmp
memcmp
ftell
fseek
ferror
strerror
_lseek
_read
_fstat64i32
_snprintf_s
_CrtDbgReport
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
wcscpy_s
wcsncpy_s
strcpy_s
_wcsicmp
memmove_s
wcslen
malloc
free
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_open

kernel32

SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
DebugBreak
IsDebuggerPresent
lstrlenA
GetStartupInfoW
LoadLibraryA
WideCharToMultiByte
GetCurrentProcess
UnhandledExceptionFilter
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
FreeLibrary
GetDiskFreeSpaceExW
lstrlenW
GetProcAddress
OutputDebugStringW
GetModuleFileNameW
DeleteFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetLastError
MultiByteToWideChar
FindClose
TerminateProcess
FindFirstFileW
MulDiv
GetVersionExA
GetACP
GetLocaleInfoA
GetThreadLocale
CloseHandle
SetEvent
OpenEventA
OutputDebugStringA
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
GetVersion
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
InterlockedExchange
InterlockedCompareExchange
Sleep

user32

SetRect
GetSysColor
SetRectEmpty
LoadBitmapW
CopyRect
IsRectEmpty
GetSystemMetrics
PtInRect
EqualRect
InflateRect
OffsetRect
IntersectRect
UnionRect
SubtractRect
PeekMessageW
PostQuitMessage
ReleaseCapture

gdi32

GetStockObject
CreateSolidBrush

advapi32

OpenThreadToken
SetThreadToken
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RevertToSelf

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString

msvcp80d

?_Orphan_all@_Container_base@std@@QBEXXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0_Container_base@std@@QAE@XZ
??1_Container_base@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Debug_message@std@@YAXPB_W0I@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@U_Has_debug_it@01@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bdf852026054e16a88261b666333cae

Headers

File Characteristics

Imports

mfc80ud

msvcr80d

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp80d

Sections

.text Size: 164KB - Virtual size: 161KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 164KB - Virtual size: 161KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB