2f0c4c379242096fc36146f33affaa14ffe220d294dbba5b1c38276ff3893565

Sharing

Copy URL Twitter E-mail

General

Target

2f0c4c379242096fc36146f33affaa14ffe220d294dbba5b1c38276ff3893565
Size

168KB
MD5

6d1632ca705a4591c06b2408cb37a000
SHA1

e6c66a845cfe19b09866aea896094fbccbb0b5b8
SHA256

2f0c4c379242096fc36146f33affaa14ffe220d294dbba5b1c38276ff3893565
SHA512

4621f46e9dc24fc51d1ac8fe644960132621efa9d52da20533f14c26d911fbdb7f17cf340e34c790f9045a0b6aa1d7572ee8e91b2ab1b68d5b948b649fd0ed02
SSDEEP

3072:fedOswsD09FL5sYulYi9dJ64NrOUGpRYJj3QvUiazLE3h6quH2GR7/+cz:fBH4t64pOUGbYKcias3KZR7zz

Score

N/A

Malware Config

Signatures

Files

2f0c4c379242096fc36146f33affaa14ffe220d294dbba5b1c38276ff3893565
.exe windows x86

c4517d7d29abbae1c7d60c74949c3b70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
SetFilePointer
WriteFile
ReadFile
CopyFileA
GetStdHandle
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
FindNextFileA
FindFirstFileA
FindClose
GetVersion
LoadLibraryA
GetCurrentProcess
GetModuleFileNameA
lstrcmpA
lstrlenA
LocalFree
LocalAlloc
FreeLibrary
GetEnvironmentVariableA
InterlockedIncrement
VirtualFree
VirtualAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetSystemInfo
InterlockedExchangeAdd
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress

advapi32

RegOpenKeyExA
RegCloseKey
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA

ole32

CoCreateGuid

fbclient

ord190
ord194
ord181
ord103
ord122
ord182
ord169
ord186
ord115
ord160
ord128
ord151
ord180
ord197
ord178
ord173
ord165
ord42
ord1

msvcr80

memmove
abort
fopen
strchr
isprint
getc
_access
feof
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
memset
sscanf
atoi
sprintf
_snprintf
scanf
remove
strncmp
memcpy
printf
_errno
_CxxThrowException
_vsnprintf
__CxxFrameHandler3
strncpy
__iob_func
fprintf
exit
_time64
_localtime64
_purecall
fclose
_strnicmp

user32

MessageBoxA
CharLowerBuffA
CharUpperBuffA

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c4517d7d29abbae1c7d60c74949c3b70

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

fbclient

msvcr80

user32

Sections

.text Size: 64KB - Virtual size: 60KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 64KB - Virtual size: 60KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 80KB - Virtual size: 80KB