1c5b78afa205fa108e364ef18b241221de473f79fe92f7fb162680496819d95d

Sharing

Copy URL Twitter E-mail

General

Target

1c5b78afa205fa108e364ef18b241221de473f79fe92f7fb162680496819d95d
Size

420KB
MD5

a033106b20f26221343e545aea756ad8
SHA1

8f809c85c0724fa1932949a9db3ff364ee016fa3
SHA256

1c5b78afa205fa108e364ef18b241221de473f79fe92f7fb162680496819d95d
SHA512

6e90de08f6046af14761f48628087efc949e8748d32f4ceb9fe2e100d50f2c91ffd10841952c4e71f12c3991215ca752e9a0950207f2ba4a9df25ae823183e5c
SSDEEP

6144:b+tgfWRvqT2iD2d1CPUDIAQyKhN9GOULAy4DkxT9Sd:6tfRvqT2iD2dGUDIAQyKfgOoAPDE9Sd

Score

N/A

Malware Config

Signatures

Files

1c5b78afa205fa108e364ef18b241221de473f79fe92f7fb162680496819d95d
.exe windows x86

e50bd7c5a72ef3033d1964cfbb9a1f7a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
CreateProcessW
MoveFileExW
lstrlenW
lstrlenA
GetLastError
WaitForSingleObject
TerminateProcess
Sleep
GetPrivateProfileStringW
MultiByteToWideChar
WideCharToMultiByte
FormatMessageW
SetLastError
SetFileAttributesW
GetFileAttributesW
Process32NextW
CloseHandle
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
FindClose
FindNextFileW
FindFirstFileW
UnmapViewOfFile
MapViewOfFile
GetCurrentThreadId
CreateDirectoryW
DeleteFileW
CreateFileW
OpenFileMappingW
QueryDosDeviceW
GetLogicalDriveStringsW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcessTimes
GetCurrentProcess
GetLocalTime
WriteFile
SetFilePointer
WritePrivateProfileStringW
GetLocaleInfoW
GetVersionExW
VirtualFree
VirtualAlloc
lstrcmpiW
lstrcpyW
TerminateThread
CreateThread
DuplicateHandle
lstrcatW
FreeLibrary
CreateRemoteThread
SleepEx
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCommandLineW
OpenFileMappingA
OutputDebugStringW
LoadLibraryA
SetEndOfFile
TlsAlloc
InterlockedIncrement
TlsGetValue
TlsSetValue
ExitProcess
GenerateConsoleCtrlEvent
CopyFileA
CreateDirectoryA
GetFileAttributesA
GetFileSize
FlushFileBuffers
ReadFile
DeleteFileA
CreateFileA
UnlockFileEx
UnlockFile
LockFileEx
Process32Next
Process32First
GetSystemInfo
GetVersionExA
Module32First
LockFile
GetStartupInfoW
GetTickCount

user32

MessageBoxW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHFileOperationW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleFileNameExA
GetProcessImageFileNameW

ws2_32

closesocket
send
inet_addr
select
__WSAFDIsSet
WSAStartup
ntohs
htonl
ntohl
WSACleanup
socket
setsockopt
ioctlsocket
listen
bind
WSAGetLastError
connect
accept
recv
getsockopt
gethostbyname
htons
inet_ntoa

shlwapi

PathFileExistsW

msvcp60

?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

msvcrt

_wtoi
memset
wcschr
??2@YAPAXI@Z
wcsncpy
strlen
_wcsicmp
_waccess
memcpy
_snprintf
_wcslwr
wcsstr
wcscpy
memmove
wcstok
getenv
localtime
time
_itow
strncpy
swprintf
swscanf
malloc
free
rand
srand
calloc
_ftol
__dllonexit
_onexit
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_snwprintf
wcsncat
wcsrchr
wcscmp
wcslen
_vsnwprintf
_wcsnicmp
_utime
_close
_open
_stricmp
tolower
_pctype
_isctype
__mb_cur_max
strspn
atoi
strchr
memchr
strstr
_errno
asctime
gmtime
_lseeki64
_pipe
_popen
_pclose
_get_osfhandle
_fullpath
toupper
strrchr
signal
fclose
fflush
fprintf
fopen
fscanf
_mkdir
_getcwd
_chdir
_stat
_fstat
_iob
sprintf
strtol
strtod
atof
mbstowcs
setlocale
wcstombs
mktime
vfprintf
_vsnprintf
_strdup
__CxxFrameHandler
_strnicmp

winmm

timeKillEvent
timeBeginPeriod
timeGetDevCaps
timeSetEvent

Sections

.text
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.trdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e50bd7c5a72ef3033d1964cfbb9a1f7a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

psapi

ws2_32

shlwapi

msvcp60

msvcrt

winmm

Sections

.text Size: 244KB - Virtual size: 240KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 64KB - Virtual size: 74KB

.idata Size: 12KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 8KB - Virtual size: 7KB

.trdata Size: 72KB - Virtual size: 72KB

.text
Size: 244KB - Virtual size: 240KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 64KB - Virtual size: 74KB

.idata
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 8KB - Virtual size: 7KB

.trdata
Size: 72KB - Virtual size: 72KB