1850b39fb9cb9abb8fad21bf83d5263b4a4999a850d7a195276f016169dafd4b

Sharing

Copy URL Twitter E-mail

General

Target

1850b39fb9cb9abb8fad21bf83d5263b4a4999a850d7a195276f016169dafd4b
Size

141KB
MD5

631855b7d0a8a4802a1d577311756060
SHA1

4dab223a4fabb85d6d483a163d62c2b93edbec31
SHA256

1850b39fb9cb9abb8fad21bf83d5263b4a4999a850d7a195276f016169dafd4b
SHA512

d555488a84b464ba3ed02e39131d6d0ff12b66d15e78acd3e4fa6a892e55803ef73bf3b596bb0a510d08ed9dad99247da30e5c4d35e99b7dee3d759fbf2df916
SSDEEP

3072:X2ObYDPICndrOCndQ/SOsP5/rpn30n8t15s3lrwyoq:X2YYDPICdrOCnrtrZ08f6lWq

Score

N/A

Malware Config

Signatures

Files

1850b39fb9cb9abb8fad21bf83d5263b4a4999a850d7a195276f016169dafd4b
.exe windows x86

5e14d0d710abc4d00e8223f2f8f660fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

credui

CredUIPromptForCredentialsA
CredUIParseUserNameA

mfc80

ord6180
ord310
ord266
ord265
ord2902
ord5403
ord2468
ord1916
ord6174
ord911
ord1482
ord5529
ord4035
ord4085
ord304
ord876
ord784
ord386
ord2280
ord631
ord4038
ord4014
ord6278
ord3801
ord6276
ord1207
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord2248
ord3948
ord4568
ord5230
ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord566
ord1084
ord287
ord2467
ord577
ord4081
ord297
ord3934
ord2272
ord578
ord757
ord3683
ord764
ord2322

msvcr80

_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strrchr
_getpid
fopen_s
fprintf
fflush
fclose
atoi
_ismbcdigit
sprintf_s
_mbclen
_mbsinc
strcpy_s
_setmbcp
strcat_s
_access
vsprintf_s
sprintf
memset
_mbsrchr
__CxxFrameHandler3
_mbsnbcmp

kernel32

lstrlenA
GetSystemTime
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrcpyA
GetPrivateProfileStringA
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
InterlockedExchange
CreateProcessA
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
FreeLibrary
GetModuleFileNameA
GetVersionExA
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GetLastError
GetLocaleInfoA
GetThreadLocale
CloseHandle

user32

GetForegroundWindow

advapi32

CreateProcessWithLogonW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCloseKey

shell32

ord680
ShellExecuteExA

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5e14d0d710abc4d00e8223f2f8f660fd

Headers

File Characteristics

Imports

credui

mfc80

msvcr80

kernel32

user32

advapi32

shell32

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 84KB - Virtual size: 84KB