3fb16b25747f8014773930141da70844dad4f157b791f5a552382f321b2a5563

Sharing

Copy URL Twitter E-mail

General

Target

3fb16b25747f8014773930141da70844dad4f157b791f5a552382f321b2a5563
Size

198KB
MD5

ad3f8ea866b6de20de1158c04af9fcc9
SHA1

b79363b5087d023103c83387258da792d2355327
SHA256

3fb16b25747f8014773930141da70844dad4f157b791f5a552382f321b2a5563
SHA512

86553b33e5613974dca5d1f68bde9d0512874dd459b4dafb7d776ad4734af7b04ee4855b45407aa1fe76403b45a7241441f42aecf732913c054c83db80042eb2
SSDEEP

6144:cxr4BxXkYY4yr+ITasnVGRdZshlYYKIJbu4RQky:2sTY4yjTasV8Cj3JAB

Score

N/A

Malware Config

Signatures

Files

3fb16b25747f8014773930141da70844dad4f157b791f5a552382f321b2a5563
.exe windows x86

b9983dcad843590f232110336c80b064

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

bsearch
_wcsnicmp
_wcsicmp
wcsncmp
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
free
malloc
_XcptFilter
strncmp
memcpy
_vsnprintf
_vsnwprintf
memset

ntdll

RtlUnwind

user32

SendDlgItemMessageA
LoadIconA
LoadStringA
DestroyMenu
PostMessageA
CharUpperA
GetClientRect
SetDlgItemTextA
DestroyIcon
LoadCursorA
SetCursor
DialogBoxParamA
GetWindowLongA
SendMessageA
EndDialog
SetWindowLongA
SetWindowTextA
MessageBoxA
RegisterClipboardFormatA
CheckMenuItem
SetMenuDefaultItem
CreatePopupMenu
LoadMenuA
GetSubMenu
RemoveMenu

kernel32

FindResourceExW
LoadLibraryExW
MapViewOfFile
InitializeCriticalSectionAndSpinCount
CreateFileW
GetLocaleInfoW
GetVersionExW
LoadResource
CreateFileMappingW
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceW
SearchPathW
RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
HeapAlloc
GetProcessHeap
HeapFree
lstrcmpiA
CompareFileTime
lstrcmpA
FindClose
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
LocalFree
LocalAlloc
GlobalAlloc
lstrlenA
FreeLibrary
GetProcAddress
MultiByteToWideChar
LoadLibraryA
FormatMessageA
VerLanguageNameA
VirtualFree
VirtualAlloc
GetPrivateProfileStringA
GetSystemDirectoryA
DeleteFileA
WideCharToMultiByte
lstrlenW
GetEnvironmentVariableA
CloseHandle
GetLastError
CreateFileA
FindNextFileA
GetShortPathNameA
RemoveDirectoryA
CompareStringA
SystemTimeToFileTime
GetLocalTime
SetFileTime
GetFileTime
GetFileAttributesA
SetErrorMode
GetDiskFreeSpaceA
GetWindowsDirectoryA
LeaveCriticalSection
GetCurrentThread
EnterCriticalSection
VirtualQuery
VirtualProtect
FlushInstructionCache
GetCurrentProcess
InterlockedCompareExchange
GetCurrentThreadId
ResumeThread
GetThreadContext
SetThreadContext
SuspendThread
SetLastError
InterlockedExchange
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

advapi32

RegQueryValueExW
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsA
UnregisterTraceGuids
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumValueA
RegEnumKeyA
RegSetValueExA
RegQueryValueA
RegDeleteKeyA
RegEnumKeyExA
RegDeleteValueA
RegSetValueA
RegCreateKeyExA
GetTraceEnableFlags
RegOpenKeyExW
RegOverridePredefKey
RegOpenCurrentUser

shlwapi

StrChrA
PathFindFileNameA
PathFileExistsA
StrStrIA
PathRenameExtensionA
StrCmpNIA
PathGetDriveNumberA
PathGetDriveNumberW
PathCompactPathA
PathAppendA
StrToIntA
StrRetToBufA
PathCombineA

shell32

SHBindToParent
SHGetDesktopFolder
ShellExecuteA
SHChangeNotify
SHGetFolderPathA
ExtractIconA

wininet

InternetGetConnectedState
InternetQueryOptionA

ole32

CoCreateInstance
StgCreateDocfile
OleLoadFromStream
HENHMETAFILE_UserUnmarshal
CoReleaseServerProcess
CoIsOle1Class
GetClassFile
HBRUSH_UserFree
OleConvertOLESTREAMToIStorageEx
CoRegisterClassObject
CoGetTreatAsClass
CoAllowSetForegroundWindow
CoGetCurrentProcess
OleDoAutoConvert
MonikerCommonPrefixWith
CoMarshalInterThreadInterfaceInStream
StringFromCLSID
CoGetInterceptorFromTypeInfo
CLIPFORMAT_UserSize
StgCreateStorageEx
StgOpenStorageEx
SNB_UserFree
HGLOBAL_UserMarshal
CoRegisterMallocSpy

cmutil

CmStrchrW
IsLogonAsSystem
CmAtolW
WzToSzWithAlloc
CmStripPathAndExtW

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 151KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 17KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9983dcad843590f232110336c80b064

Headers

File Characteristics

Imports

msvcrt

ntdll

user32

kernel32

advapi32

shlwapi

shell32

wininet

ole32

cmutil

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 151KB - Virtual size: 330KB

.bss Size: 17KB - Virtual size: 168KB

.rsrc Size: 1024B - Virtual size: 612B

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 151KB - Virtual size: 330KB

.bss
Size: 17KB - Virtual size: 168KB

.rsrc
Size: 1024B - Virtual size: 612B