45a7548caefdaba416661503999d6f303b34df6ff1986dea142fcc59649888f8

Sharing

Copy URL

Twitter E-mail

General

Target

45a7548caefdaba416661503999d6f303b34df6ff1986dea142fcc59649888f8
Size

206KB
MD5

6e2cdfe740807c1cc60eec6073e0e8cd
SHA1

c96f8a90c6d6724aad13d7e3eb30ff04d68f284f
SHA256

45a7548caefdaba416661503999d6f303b34df6ff1986dea142fcc59649888f8
SHA512

12cd8dd5f1c9b4e9e6833bf0a129c227fab1563921e223d5f0efabf732cac04add2b248f51634512e658ccc9aceb54534f97082057db30771c21f3283c5230b8
SSDEEP

3072:f0cwXTxous8CC127+fBc9stVT6lnldlkpAUIfbDzV2aaoUXL1gC7DRxeGYlbWa3D:kBd12FyfTXpQJ4zhxeEm

Score

N/A

Malware Config

Signatures

Files

45a7548caefdaba416661503999d6f303b34df6ff1986dea142fcc59649888f8
.exe windows x86

817459dfe90a4e9e5c1ffbf10e16c69d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LeaveCriticalSection
GetQueuedCompletionStatus
GetTempPathW
WaitForSingleObject
PostQueuedCompletionStatus
CreateEventW
Sleep
GetLastError
SetEvent
TerminateThread
TlsAlloc
CloseHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
VerSetConditionMask
CreateProcessW
GetConsoleWindow
SleepEx
VerifyVersionInfoW
TlsGetValue
TlsFree
CreateIoCompletionPort
FormatMessageA
WaitForMultipleObjects
EnterCriticalSection
SetLastError
TlsSetValue
QueueUserAPC
SetWaitableTimer
CreateDirectoryW
CreateFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
ResetEvent
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree

user32

ShowWindow

advapi32

RegCreateKeyExW
RegSetValueExW
RegSetValueExA
RegCreateKeyW
RegCloseKey

msvcp140

?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?setf@ios_base@std@@QAEHH@Z
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
??7ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z

ws2_32

WSACleanup
WSAGetLastError
__WSAFDIsSet
accept
bind
WSAIoctl
closesocket
WSASend
select
listen
WSASocketW
getaddrinfo
WSAStartup
getsockname
connect
WSARecv
getsockopt
htonl
freeaddrinfo
ioctlsocket
setsockopt
WSASetLastError

vcruntime140

_except_handler4_common
memcpy
_CxxThrowException
memmove
__std_terminate
__current_exception
__std_type_info_compare
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memcmp
memset
__current_exception_context
_purecall

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fflush
fclose
_set_fmode
fgetc
__stdio_common_vfprintf
_get_stream_buffer_pointers
fgetpos
setvbuf
__p__commode
ungetc
fsetpos
fread
_fseeki64
fwrite
fputc

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_cexit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
__p___argv
__p___argc
system
strerror
_get_initial_narrow_environment
_exit
_beginthreadex
terminate
_getpid
_controlfp_s
exit
_initterm_e
_crt_atexit
_initterm
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

817459dfe90a4e9e5c1ffbf10e16c69d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

ws2_32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 153KB - Virtual size: 153KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 14KB - Virtual size: 14KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 14KB - Virtual size: 14KB

.reloc
Size: 7KB - Virtual size: 7KB