b94033a09f7a98afd8d9b2672175e967315ebc1e5cb75fc7632d381114e66666

Sharing

Copy URL Twitter E-mail

General

Target

b94033a09f7a98afd8d9b2672175e967315ebc1e5cb75fc7632d381114e66666
Size

144KB
MD5

097a9d006012ec33fdf25a81e9421650
SHA1

cbd1865e754600f794535e36af2b5873f2ffaefe
SHA256

b94033a09f7a98afd8d9b2672175e967315ebc1e5cb75fc7632d381114e66666
SHA512

4a2ae7853f33fd1df0928b756ed4d2684392c01a0caa3c20ff295f185d2ac000ce7e420727736875962d32d890cfd3b3c8a27dd73679ecd1b3b1668526254a74
SSDEEP

3072:oEXxT2TU4IL2MVHWCEdq1AYv+UEF58itbuHPlAn0AY:oJULKA2CqqeDJjDyPlk0AY

Score

N/A

Malware Config

Signatures

Files

b94033a09f7a98afd8d9b2672175e967315ebc1e5cb75fc7632d381114e66666
.exe windows x86

c66d4429c76a9bc75ae543d0a27f03c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
QueryPerformanceFrequency
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
DeviceIoControl
GlobalMemoryStatus
GetSystemInfo
SetFileAttributesA
GlobalAlloc
DefineDosDeviceA
ExitProcess
ReleaseMutex
OpenEventA
SetErrorMode
WinExec
lstrcpyW
GlobalMemoryStatusEx
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
GetModuleHandleA
GetCurrentThreadId
RaiseException
GlobalLock
GlobalUnlock
TerminateThread
GlobalFree
LocalSize
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
GetSystemDirectoryA
SetLastError
GetModuleFileNameA
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
LoadLibraryA
GetProcAddress
GetWindowsDirectoryA
lstrcpyA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
CancelIo
InterlockedExchange
ResetEvent
UnmapViewOfFile
HeapAlloc
GetProcessHeap
HeapFree
CreateFileMappingA
MapViewOfFile
GetLocalTime
OpenProcess
GetTickCount
Sleep
CreateEventA
CloseHandle
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
CopyFileA

user32

GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorPos
GetCursorInfo
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
GetWindowThreadProcessId
IsWindowVisible
OpenClipboard
ExitWindowsEx
CloseDesktop
SetThreadDesktop
IsWindow
DispatchMessageA
EmptyClipboard
SetClipboardData
CloseClipboard
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
CreateWindowExA
CloseWindow
CharNextA
wsprintfA
GetMessageA
TranslateMessage
MapVirtualKeyA
SystemParametersInfoA
SendMessageA
BlockInput
DestroyCursor
LoadCursorA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetKeyNameTextA
GetActiveWindow
GetWindowTextA
EnumWindows

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

LookupAccountNameA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
IsValidSid
OpenSCManagerA
RegSetValueExA
RegCreateKeyA
SetNamedSecurityInfoA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetEntriesInAclA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetKeySecurity
RegEnumKeyExA
RegEnumValueA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryInfoKeyA
RegRestoreKeyA
RegSaveKeyA
EnumServicesStatusA
QueryServiceConfigA
ChangeServiceConfigA
LockServiceDatabase
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
ChangeServiceConfig2A
CreateServiceA
AbortSystemShutdownA
GetUserNameA
LookupAccountSidA
GetTokenInformation
OpenServiceA

shell32

ShellExecuteA
SHGetFileInfoA

shlwapi

SHDeleteKeyA

msvcrt

_errno
_strnicmp
_onexit
__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_snprintf
_beginthreadex
atol
_mbscmp
_mbsstr
wcscpy
wcstombs
wcslen
mbstowcs
_strcmpi
strncmp
atoi
sprintf
rand
realloc
strncat
exit
strncpy
strcat
strrchr
_except_handler3
free
strcmp
strcpy
malloc
strchr
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
__CxxFrameHandler
_CxxThrowException
memmove
ceil
_ftol
strlen
strstr

winmm

waveInGetNumDevs
waveOutWrite
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveInOpen
waveInPrepareHeader
waveInAddBuffer
waveInStart

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringA

iphlpapi

GetIfTable

msvfw32

ICSendMessage
ICSeqCompressFrameStart
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSeqCompressFrame

netapi32

NetLocalGroupAddMembers
NetUserAdd
NetUserDel
NetApiBufferFree
NetUserGetLocalGroups
NetUserSetInfo
NetUserGetInfo
NetUserEnum

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsA
WTSDisconnectSession
WTSLogoffSession

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c66d4429c76a9bc75ae543d0a27f03c3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

winmm

msvcp60

imm32

iphlpapi

msvfw32

netapi32

psapi

wtsapi32

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 496B

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 496B