c3a0778af5fbde9be0eee9d9b68bed8f477d6e8c20d4e953b15dd67fb5bdfdd0

Sharing

Copy URL Twitter E-mail

General

Target

c3a0778af5fbde9be0eee9d9b68bed8f477d6e8c20d4e953b15dd67fb5bdfdd0
Size

1.6MB
MD5

dbeed458e55ddcf56a8b2f9ba2619711
SHA1

454906f5017f471d44e45d425f9bd5d7e8ded7b3
SHA256

c3a0778af5fbde9be0eee9d9b68bed8f477d6e8c20d4e953b15dd67fb5bdfdd0
SHA512

35b6ff085013b15bfb5baf1ded5159f82010a77864e6a930363f3108ecf4c4a04fad0c3a50366cd0b1088b3d6f33eeca60c1f281afcf843bfc546c9b59173db2
SSDEEP

24576:MVVnkjWbvaHbrAyiWnB5hH7WAqnb9GcqXKAtak0mR7eB9deBwPb+uX:gVkjav4gyiWn5H7W9pGxtaEE9fKg

Score

N/A

Malware Config

Signatures

Files

c3a0778af5fbde9be0eee9d9b68bed8f477d6e8c20d4e953b15dd67fb5bdfdd0
.exe windows x86

7904393652294b77a69e95fa6d78bafd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
LoadLibraryA
GetProcAddress
CreateFileW
GetVersionExA
WriteFile
GetFileTime
GetComputerNameA
GetACP
GetTempPathA
FormatMessageA
GetFileAttributesA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
GetTimeZoneInformation
GetOEMCP
SetFileAttributesW
SetFilePointer
GetFileAttributesW
DeleteFileW
GetTempPathW
GetCurrentDirectoryW
GetFullPathNameA
GetFullPathNameW
LocalFree
GetFileSize
GetLogicalDrives
CreateThread
CloseHandle
GetTickCount
GetCurrentDirectoryA
SetFileAttributesA
CreateDirectoryA
GetModuleHandleA
GetModuleFileNameA
FindClose
GetLastError
DeleteFileA
CopyFileA
Sleep
FindNextFileA
FindFirstFileA
GetComputerNameExA
ReadFile
CreateFileA
GetLogicalDriveStringsA
IsDebuggerPresent

user32

CreateWindowExA
DialogBoxParamA
DestroyWindow
DefWindowProcA
BeginPaint
RegisterClassExA
PostQuitMessage
EndDialog
GetMessageA
LoadAcceleratorsA
LoadStringA
DispatchMessageA
TranslateMessage
EndPaint
TranslateAcceleratorA

advapi32

RegCreateKeyExA
RegOpenKeyExA
CryptAcquireContextA
GetUserNameA
RegCloseKey
CryptReleaseContext
CryptGenRandom
RegQueryValueExA
CryptGetProvParam
CryptEnumProvidersA
RegSetValueExA

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

msvcr90

_localtime64
_time64
__timezone
_mktime64
memmove
srand
isalnum
towlower
towupper
fseek
_telli64
ferror
fread
_filelengthi64
_atoi64
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
strcat
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_wcsicmp
memcpy
strncpy
strchr
strrchr
sscanf
_stricmp
strlen
__CxxFrameHandler3
printf
fgets
fclose
fwrite
fopen
sprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
toupper
tolower
_strnicmp
strcmp
strcpy
strncmp
rand
memcmp
memset
?terminate@@YAXXZ
strstr
_fileno

ws2_32

inet_ntoa
ntohs
htons
inet_addr
getsockname
WSAGetLastError
setsockopt
WSAStartup
gethostbyname
connect
ioctlsocket
select
__WSAFDIsSet
bind
closesocket
shutdown
send
recv
socket

crypt32

CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptDecodeObject
CertGetCertificateChain
CertCreateCertificateChainEngine
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertSetCertificateContextProperty
CertFreeCertificateContext
CertNameToStrA
CryptEncodeObject
CryptDecodeMessage
CryptDecryptMessage
CryptEncryptMessage
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CertVerifyCertificateChainPolicy

Sections

.text
Size: 900KB - Virtual size: 899KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 571KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7904393652294b77a69e95fa6d78bafd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp90

msvcr90

ws2_32

crypt32

Sections

.text Size: 900KB - Virtual size: 899KB

.rdata Size: 571KB - Virtual size: 570KB

.data Size: 50KB - Virtual size: 128KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 99KB - Virtual size: 99KB

.text
Size: 900KB - Virtual size: 899KB

.rdata
Size: 571KB - Virtual size: 570KB

.data
Size: 50KB - Virtual size: 128KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 99KB - Virtual size: 99KB