49c330381af61aa66fb5f0565414dde356837bf04b3f3252b509a3f9e9234a0c

Sharing

Copy URL Twitter E-mail

General

Target

49c330381af61aa66fb5f0565414dde356837bf04b3f3252b509a3f9e9234a0c
Size

716KB
MD5

ccb585ab96505f37dce639f08a43cf15
SHA1

7c8819855d4aee14a62bcc9d883aff441507f4ca
SHA256

49c330381af61aa66fb5f0565414dde356837bf04b3f3252b509a3f9e9234a0c
SHA512

e29e02f3176218895bf3cb6b21601d64ac8e8f032d037bd5ddf2aab04afd27d37cad654d3c786a9a231243e4f2bceb87d46f4d60de94ed82a4a6e8a1eb7cf8b4
SSDEEP

12288:XXqN14NgZb/ZLDRa6j3Jcw0ZzM3ujXwBjyQX0SK+lC/YUDJ6l2QbJ32S1yubz:2ASDFDRrqwEM36ExtA/Y26jbJGw3

Score

N/A

Malware Config

Signatures

Files

49c330381af61aa66fb5f0565414dde356837bf04b3f3252b509a3f9e9234a0c
.rar
avto_sbor_wmr/Halyava/freeWMR.doc
avto_sbor_wmr/Halyava/sbor_bonus1/ReadMe.txt
.js
avto_sbor_wmr/Halyava/sbor_bonus1/sbor.html
.html .js
avto_sbor_wmr/Halyava/sbor_bonus2/sbor_bonus2.html
.html
avto_sbor_wmr/Halyava/sbor_bonus_sar/ReadMe.txt
.js
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/elucky.html
.html
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/elucky.js
.js
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/games.html
.html
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/games.js
.js
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/index.html
.html .js
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/lotowm.html
.html
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/lotowm.js
.js
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/migudachi.html
.html
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/migudachi.js
.js
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/style.css
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/wmbingo.html
.html
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/wmbingo.js
.js
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/wmloto.html
.html
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/wmloto.js
.js
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/wmprize.html
.html
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/wmprize.js
.js
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/ydacha.html
.html
avto_sbor_wmr/Halyava/sbor_bonus_sar/sbor/ydacha.js
.js
avto_sbor_wmr/Halyava/Бесплатные деньги.DOC
.doc windows office2003
avto_sbor_wmr/Halyava/Бонус.txt
avto_sbor_wmr/Halyava/авторубль №1/pass.mpz
avto_sbor_wmr/Halyava/авторубль №2/DATA.INI
avto_sbor_wmr/Halyava/авторубль №2/wmr2.0.exe
.exe windows x86

6e8fd21d99026a815fe7411aad984aaf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
FindClose
FindFirstFileA
GetModuleFileNameA
GetModuleHandleA
OutputDebugStringA
GetLastError
FindNextFileA
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
LoadLibraryA
LockResource
LoadResource
FindResourceA
UnmapViewOfFile
CloseHandle
MapViewOfFile
GetSystemInfo
CreateFileMappingA
FreeLibrary
GetTempPathA

user32

MessageBoxA

advapi32

GetUserNameA

msvcrt

_pctype
abort
free
fprintf
_iob
malloc
fclose
strlen
fgets
fopen
sprintf
strcat
strcpy
getenv
memcpy
memcmp
strchr
strstr
localtime
time
_ftol
atol
_putenv
_isctype
__mb_cur_max
atoi
strcmp
fwrite
strncpy
fflush
fputs
vsprintf
_errno
__p__environ
perror
_open
memset
_setjmp3
_assert
_get_osfhandle
_stat
_strdup
_mkdir
_getpid
_chmod
_strnicmp
_initterm
_rmdir
_unlink
_close
_read
_lseek
__p__commode
_exit
_XcptFilter
exit
__p___initenv
__getmainargs
_except_handler3
__setusermatherr
_adjust_fdiv
__p__fmode
__set_app_type
_controlfp
calloc

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
avto_sbor_wmr/Halyava/авторубль №3/pass.mpz
avto_sbor_wmr/Halyava/бонус2.doc
.doc windows office2003
avto_sbor_wmr/readme.txt
avto_sbor_wmr/vzlom/vzlom.exe
.exe windows x86

b3d29233cd1c57407196568c02e25388

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLateIdCall
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord593
ord594
__vbaObjSet
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaAryConstruct2
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaStrMove
__vbaR8IntI4
_allmul
__vbaLateIdSt
_CItan
__vbaFPInt
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
avto_sbor_wmr/Накрутчик вход/README.TXT
avto_sbor_wmr/Накрутчик вход/nBxod1.54.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 531KB - Virtual size: 531KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e8fd21d99026a815fe7411aad984aaf

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 404KB - Virtual size: 401KB

b3d29233cd1c57407196568c02e25388

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 56KB - Virtual size: 53KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 28KB - Virtual size: 24KB

Headers

File Characteristics

Sections

CODE Size: 531KB - Virtual size: 531KB

DATA Size: 13KB - Virtual size: 12KB

BSS Size: - Virtual size: 7KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 36KB - Virtual size: 35KB

.rsrc Size: 31KB - Virtual size: 31KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 404KB - Virtual size: 401KB

.text
Size: 56KB - Virtual size: 53KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 24KB

CODE
Size: 531KB - Virtual size: 531KB

DATA
Size: 13KB - Virtual size: 12KB

BSS
Size: - Virtual size: 7KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 36KB - Virtual size: 35KB

.rsrc
Size: 31KB - Virtual size: 31KB