fc3333d4cad4b03033fd545fcb7217345bc91d9ed5e3a625ccb916b78462ee33

Sharing

Copy URL Twitter E-mail

General

Target

fc3333d4cad4b03033fd545fcb7217345bc91d9ed5e3a625ccb916b78462ee33
Size

60KB
MD5

722a900eb7bf7631c9b208455a359c16
SHA1

826ec43843b39265d7ce55193a00b63e9d87772d
SHA256

fc3333d4cad4b03033fd545fcb7217345bc91d9ed5e3a625ccb916b78462ee33
SHA512

6f9beddf986a7cf1c30d2a32fb8c1ab4f66c0893c19a2ef0500aa14b01d332717d772bfeda52ca38845e57c9ff06f900b1f1bc5e429cc57b32045b3cb26439e7
SSDEEP

1536:u4KVsGHX0Qg3wimtJlgNGwZvqS6+NvPKTzoPC:u4K+3wim2NGwVqS6+NvPK4P

Score

N/A

Malware Config

Signatures

Files

fc3333d4cad4b03033fd545fcb7217345bc91d9ed5e3a625ccb916b78462ee33
.exe windows x86

c38c49e81b068daa6e8a5740e6592fc6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

free
??2@YAPAXI@Z
_CxxThrowException
__CxxFrameHandler
wcscmp
_c_exit
_exit
_XcptFilter
wcschr
??3@YAXPAX@Z
_wtol
malloc
_purecall
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_controlfp
_except_handler3
realloc
wcslen
wcstok
_wtoi

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

advapi32

FreeSid
LookupAccountNameW
EqualSid
AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAce
GetSecurityDescriptorDacl
OpenThreadToken
OpenProcessToken
RegEnumKeyExW
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
ConvertSidToStringSidW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW

kernel32

LeaveCriticalSection
EnterCriticalSection
DisconnectNamedPipe
FlushFileBuffers
GetOverlappedResult
WriteFile
ReadFile
SetLastError
ConnectNamedPipe
CreateNamedPipeW
LocalFree
WideCharToMultiByte
GetACP
LocalAlloc
ProcessIdToSessionId
GetCurrentProcessId
GetModuleHandleA
GetStartupInfoW
ResetEvent
GetShortPathNameW
MultiByteToWideChar
lstrlenW
lstrcpyW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
SetEvent
CloseHandle
WaitForSingleObject
lstrcmpiW
lstrcpynW
HeapDestroy
lstrcatW
GetModuleFileNameW
GetLastError
CreateThread
CreateEventW
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
GetCurrentThread
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
Sleep
GetCurrentThreadId
GetCommandLineW

user32

wsprintfW
GetMessageW
DispatchMessageW
PostThreadMessageW
CharNextW

winsta

WinStationConnectCallback

ole32

CoImpersonateClient
CoSetProxyBlanket
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoInitialize
CoInitializeSecurity
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoRevertToSelf

oleaut32

SysAllocString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysFreeString

wsock32

gethostbyname
WSAStartup
ioctlsocket
htons
WSACleanup

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c38c49e81b068daa6e8a5740e6592fc6

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

msvcp60

advapi32

kernel32

user32

winsta

ole32

oleaut32

wsock32

Sections

.text Size: 46KB - Virtual size: 46KB

.data Size: 512B - Virtual size: 608B

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 46KB - Virtual size: 46KB

.data
Size: 512B - Virtual size: 608B

.rsrc
Size: 12KB - Virtual size: 12KB