68b77a412ecd29374ae10dc5faf0dd5f3062c6f5a17ab8ed3ed14bfb6a62fa31

Sharing

Copy URL

Twitter E-mail

General

Target

68b77a412ecd29374ae10dc5faf0dd5f3062c6f5a17ab8ed3ed14bfb6a62fa31
Size

600KB
MD5

41ce5eb5a43777a6a050d2725e993380
SHA1

eedb64402d1f945d3d0e16018aaeedc41c6b5818
SHA256

68b77a412ecd29374ae10dc5faf0dd5f3062c6f5a17ab8ed3ed14bfb6a62fa31
SHA512

aa51ad35e0438138410d489cb380ea6f724cdebec687401af4338dea2efbfe38d145dc11c1dad918c38a984309a79580324c8a045d71eadaa10524e38ec0c0cc
SSDEEP

12288:rdj2gNcwgGws6yCDHkBnEuIJrp3DWJtbZU8JFtrymB:dNfgG3iDogFp3DKtb/JFwE

Score

N/A

Malware Config

Signatures

Files

68b77a412ecd29374ae10dc5faf0dd5f3062c6f5a17ab8ed3ed14bfb6a62fa31
.exe windows x86

b71af717888bd57e3ea66cbf5d04c70f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentDirectoryA
FindNextChangeNotification
CreateFileA
CreateDirectoryA
CopyFileA
MoveFileA
DeleteFileA
GetFullPathNameA
GetFileSize
SetFilePointer
WriteFile
ReadFile
WaitForSingleObject
FindClose
FindFirstFileA
FindNextFileA
GetComputerNameA
CreateProcessA
Sleep
CreateEventA
SetEvent
OpenProcess
CloseHandle
GetExitCodeProcess
TerminateProcess
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetModuleHandleA

ws2_32

WSACleanup
WSAStartup
WSAIoctl
socket

bfcprt

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_Ptrit@DHPADAADPADAAD@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_Ptrit@DHPADAADPADAAD@2@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_Ptrit@DHPADAADPADAAD@2@0ABV12@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Raise@exception@std@@QBEXXZ
?_Throw@std@@YAXABVexception@1@@Z
??_7exception@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Nomemory@std@@YAXXZ

mfc70

ord1443
ord5669
ord1472
ord1469
ord3748
ord1273
ord4021
ord4933
ord1760
ord4854
ord5989
ord3966
ord4986
ord3208
ord4503
ord4063
ord1452
ord5714
ord5007
ord5005
ord812
ord817
ord821
ord819
ord823
ord2219
ord2239
ord2223
ord2229
ord2227
ord2225
ord2242
ord2237
ord2221
ord2244
ord2232
ord2214
ord2216
ord2234
ord2026
ord2020
ord1377
ord5993
ord3610
ord5991
ord3152
ord4748
ord1234
ord4954
ord1814
ord1508
ord1507
ord1451
ord1945
ord2356
ord2546
ord2648
ord4088
ord2529
ord2675
ord2359
ord2463
ord2352
ord2799
ord3522
ord3523
ord3513
ord2461
ord3751
ord4267
ord4042
ord3124
ord518
ord705
ord682
ord1936
ord1397
ord4013
ord2972
ord528
ord1781
ord1344
ord3884
ord1939
ord1399
ord4015
ord2979
ord532
ord1406
ord4025
ord3003
ord561
ord1499
ord1441
ord3122
ord680
ord2201
ord1498
ord1440
ord3119
ord677
ord1646
ord4975
ord5815
ord2012
ord957
ord982
ord4958
ord3993
ord4671
ord1870
ord1523
ord1522
ord1403
ord5666
ord1272
ord4043
ord2990
ord300
ord546
ord5838
ord5723
ord4361
ord3566
ord3565
ord4322
ord3487
ord3832
ord3814
ord5992
ord3609
ord5990
ord4107
ord1913
ord1868
ord5339
ord3614
ord899
ord4883
ord5933
ord5152
ord3640
ord1770
ord2741
ord4996
ord4998
ord2096
ord3750
ord4349
ord5002
ord4985
ord5322
ord2651
ord4262
ord3140
ord512
ord698
ord689
ord534
ord4900
ord280
ord947
ord977
ord2200
ord2196
ord956
ord1948
ord1502
ord1446
ord4024
ord2791
ord3131
ord3685
ord4516
ord4530
ord3562
ord650
ord447
ord2474
ord5813
ord5996
ord3890
ord257
ord1491
ord1420
ord3034
ord597
ord2261
ord1942
ord1493
ord1423
ord4019
ord2766
ord3037
ord599
ord2712
ord699
ord3601
ord513
ord265
ord525
ord263
ord1306
ord570
ord4870
ord330
ord1755
ord3445
ord4972
ord1097

msvcr70

memmove
atof
atoi
tolower
sscanf
strtok
fclose
fscanf
fopen
_vscprintf
vsprintf
fprintf
fread
ftell
fseek
wcstombs
printf
_mbsinc
_mbsstr
_mbslwr
toupper
exit
_strnicmp
isdigit
_callnewh
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_setmbcp
_stricmp
malloc
free
_purecall
sprintf
_mbscmp

user32

IsIconic
GetClientRect
GetDC
ReleaseDC
LoadIconA
GetSystemMetrics
GetFocus
GetSystemMenu
AppendMenuA
DrawIcon
SendMessageA
EnableWindow
SetTimer
CopyRect

oleaut32

OleLoadPicture

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�9n
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b71af717888bd57e3ea66cbf5d04c70f

Headers

File Characteristics

Imports

kernel32

ws2_32

bfcprt

mfc70

msvcr70

user32

oleaut32

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 17KB

.rsrc Size: 172KB - Virtual size: 171KB

�9n Size: 240KB - Virtual size: 240KB

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 17KB

.rsrc
Size: 172KB - Virtual size: 171KB

�9n
Size: 240KB - Virtual size: 240KB