30ddaac8915473917ac613fa0a0504ed1d999185f734c8fe7acdf324c63a7934

Sharing

Copy URL

Twitter E-mail

General

Target

30ddaac8915473917ac613fa0a0504ed1d999185f734c8fe7acdf324c63a7934
Size

104KB
MD5

869db670730b83f7af5f645a88191d3a
SHA1

35137335fc740027439db2067c637450337b3f9d
SHA256

30ddaac8915473917ac613fa0a0504ed1d999185f734c8fe7acdf324c63a7934
SHA512

91a7f728d6ef8156b345dc45d5fbe7a5d834e05267fbc10b3dcfb17f3ad826d583b82064e3724cde42b19c6cc3802dec31576ecce5e4c5e3b23854d17edf75f7
SSDEEP

3072:aw0Z45xOFF15pKItysmbjLUv+GGJOO9QK7PlN7DTAOaOhw3S/U:a9Z4aX15pKItysmbjLUv+GGJOO9QEr1k

Score

N/A

Malware Config

Signatures

Files

30ddaac8915473917ac613fa0a0504ed1d999185f734c8fe7acdf324c63a7934
.exe windows x86

203b46a881ec4388599946aca6f108f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
CreateEventW
CreateMutexW
GetLastError
WaitForSingleObject
SetEvent
GetTickCount
MoveFileW
RaiseException
WaitForMultipleObjects
ResetEvent
GetFileAttributesW
GetPrivateProfileIntW
Sleep
GetSystemDirectoryW
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
LocalAlloc
GetCurrentProcess
ProcessIdToSessionId
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
lstrlenA
ReadFile
GetFileSize
CreateFileW
LockResource
SizeofResource
GetModuleHandleW
GetPrivateProfileStringW
FindResourceW
InitializeCriticalSection
GetModuleFileNameW
GetCurrentThreadId
GetLocalTime
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
DeleteCriticalSection
FindClose
LoadLibraryW
FindFirstFileW
CreateDirectoryW
CloseHandle
DeleteFileW
FindResourceExW
LoadResource
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA

user32

TranslateMessage
PostThreadMessageW
GetMessageW
UnregisterClassA
DispatchMessageW
PeekMessageW

advapi32

RevertToSelf
GetLengthSid
SetTokenInformation
DuplicateTokenEx
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegOpenCurrentUser
RegOpenKeyW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
DeleteService
ControlService
StartServiceW
RegSetValueExW
RegCreateKeyW
ChangeServiceConfig2W
CreateServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CreateProcessAsUserW
ImpersonateLoggedOnUser

shell32

CommandLineToArgvW

ole32

CoInitialize

shlwapi

PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW
PathAppendW

msvcp80

?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z

msvcr80

??3@YAXPAX@Z
??2@YAPAXI@Z
_vscwprintf
vswprintf_s
fclose
fflush
_wfopen
fwprintf
memcpy_s
_purecall
wcsstr
memmove_s
wcsrchr
_wcslwr_s
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??_V@YAXPAX@Z
wcschr
_wtoi
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
iswspace
?what@exception@std@@UBEPBDXZ
_beginthreadex
wcsncpy_s
_wcsicmp
wcscpy_s
wcscat_s
free
_recalloc
calloc
_localtime64_s
_mktime64
_time64
wcsncpy
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
_CxxThrowException

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

203b46a881ec4388599946aca6f108f0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

msvcp80

msvcr80

version

wtsapi32

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB