3554fa33c3ef629a54d449aeb0fa1c59fe33b714e60f3de260e3184891c34103

Sharing

Copy URL Twitter E-mail

General

Target

3554fa33c3ef629a54d449aeb0fa1c59fe33b714e60f3de260e3184891c34103
Size

201KB
MD5

f5676665054561d24f7a0771389069a4
SHA1

efaa9aedf7f46f2bc88981238320e23b5a86b7fa
SHA256

3554fa33c3ef629a54d449aeb0fa1c59fe33b714e60f3de260e3184891c34103
SHA512

6fb4aa312ef2e2c87a656c05ef4f13244e7d5deb78ebc6a0fa53c2c79d7e0dda0927edd0cf59f487b6341d43a295e0e7d4ca245ec0af30ebb8a7da02b53ad3cb
SSDEEP

3072:xMomdTHQ27K+WX+BBxxIbU0pi4KYOtAOTIHiuLnpG9IOvHgA/YL:wdT/FjIw0pidt289IOvHgAAL

Score

N/A

Malware Config

Signatures

Files

3554fa33c3ef629a54d449aeb0fa1c59fe33b714e60f3de260e3184891c34103
.exe windows x86

49f69bc32c30f0695ad7d5c15bdc6771

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExpandEnvironmentStringsW
ReadFile
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeW
CreateFileW
LoadLibraryW
GetProcAddress
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesW
InterlockedDecrement
InterlockedCompareExchange
GetTickCount
GetModuleFileNameW
TlsAlloc
TlsSetValue
TlsGetValue
InterlockedIncrement
GetCurrentThreadId
WriteFile
DeleteFileW
OutputDebugStringA
GetThreadTimes
OutputDebugStringW
GetCurrentThread
MoveFileW
GetProcessHeap
lstrlenW
HeapAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
HeapFree
GetFileSizeEx
InterlockedExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
DisconnectNamedPipe
CancelIo
GetOverlappedResult
Sleep
LocalAlloc
TerminateThread
GetExitCodeThread
WaitForMultipleObjects
ReleaseMutex
LocalFree
CloseHandle
SetEvent
WaitForSingleObject
ResumeThread
CreateThread
GetLastError
CreateEventW
FormatMessageW
CreateMutexW
LoadLibraryExW

user32

UnregisterDeviceNotification
wsprintfW

advapi32

OpenSCManagerW
CloseServiceHandle
RegCreateKeyExW
ControlService
StartServiceW
SetServiceStatus
StartServiceCtrlDispatcherW
ReportEventW
RegisterEventSourceW
DeleteService
DeregisterEventSource
CreateServiceW
OpenServiceW
FreeSid
SetSecurityDescriptorDacl
SetEntriesInAclW
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

msvcp80

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
?_Widen_s@?$ctype@_W@std@@QBEPBDPBD0PA_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?id@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@SAIPAPBVfacet@locale@2@@Z
??4locale@std@@QAEAAV01@ABV01@@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?put@?$time_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@2@V32@AAVios_base@2@_WPBUtm@@PB_W4@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?widen@?$ctype@_W@std@@QBE_WD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
??Bid@locale@std@@QAEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?_Register@facet@locale@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?toupper@?$ctype@_W@std@@QBE_W_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?_Narrow_s@?$ctype@_W@std@@QBEPB_WPB_W0DPADI@Z
??0locale@std@@QAE@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0locale@std@@QAE@PBDH@Z
??1locale@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??1_Lockit@std@@QAE@XZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0_Lockit@std@@QAE@H@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z

msvcr80

??3@YAXPAX@Z
_purecall
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_wtoi
memmove
wcsncpy_s
memset
_CxxThrowException
swprintf_s
??_V@YAXPAX@Z
div
_ultow_s
_ultoa_s
memcpy
?what@exception@std@@UBEPBDXZ
_vswprintf_c_l
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
memmove_s
__RTDynamicCast
??2@YAPAXI@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
__CxxFrameHandler3
wcscpy_s
wcscat_s
free
malloc

oleaut32

SysFreeString

Exports

Exports

?g_TraceObj@@3VCTraceSink@@A
_SetAMSTraceOptions@8

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49f69bc32c30f0695ad7d5c15bdc6771

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcp80

msvcr80

oleaut32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 8KB - Virtual size: 4KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 8KB - Virtual size: 4KB