515aea3c8c4c14588f78710e7c8610ada3f1a2935b510771a9678f223413fe79

Sharing

Copy URL

Twitter E-mail

General

Target

515aea3c8c4c14588f78710e7c8610ada3f1a2935b510771a9678f223413fe79
Size

576KB
MD5

63ff8c620f86bf4db835bdf637f82857
SHA1

c26d940dd4168f8ac7fe8ec06a54eb70e9e72621
SHA256

515aea3c8c4c14588f78710e7c8610ada3f1a2935b510771a9678f223413fe79
SHA512

d08edcaaa25e5208685beb9a9231f04c7768e2848e91a52e3d7cc53dfd07f74343354722d49a9dc77e813af7f9f64c941c4c7bf2dff33e3844b21cd7ff50dc88
SSDEEP

12288:QGs3AZNQSY2ckbgRfKEr5EZU3rEFc1MSAdsvFrTsdccBt3qKi27V:QGsXNmE7gGlAdqFrTMcStalqV

Score

N/A

Malware Config

Signatures

Files

515aea3c8c4c14588f78710e7c8610ada3f1a2935b510771a9678f223413fe79
.exe windows x86

24437e197764d5f8d14985cc1c866d1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_configthreadlocale
__setusermatherr
__RTDynamicCast
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_initterm_e
wcscat_s
_getdrive
_chdrive
toupper
_beginthreadex
qsort
_strnicmp
atoi
strncpy_s
strcat_s
__iob_func
fwprintf
iswalnum
wcsncmp
iswdigit
wcscpy_s
strtok_s
wcstombs
_swprintf
_wcsupr
_vsnwprintf_s
_wsopen
strtoul
realloc
srand
rand
clock
swprintf_s
_wmakepath
_wcsdup
fopen
ftell
ferror
wcscat
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
wcsftime
_snwprintf
_wctime64_s
mbstowcs
strncpy
_wcsupr_s
_wfopen_s
fwrite
_wcsnicmp
fgets
_recalloc
calloc
strnlen
_errno
sscanf
strcmp
wcscpy
?_wopen@@YAHPB_WHH@Z
_lseek
_read
swscanf
strchr
strlen
memcpy
fseek
sprintf
strstr
mbstowcs_s
_wfsopen
fread
malloc
free
wcsncat_s
_wsplitpath_s
_ltow_s
_wfopen
feof
fgetws
fclose
wcsrchr
_time64
wcsncpy
swscanf_s
wcsncpy_s
??_U@YAPAXI@Z
??_V@YAXPAX@Z
wcschr
_wcslwr_s
_wsplitpath
wcsncat
?_wsopen@@YAHPB_WHHH@Z
_filelength
_close
wcscspn
wcsspn
_itow_s
_wtoi
_waccess
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
wcsnlen
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
wcslen
vswprintf_s
_vscwprintf
wcsstr
_wcsicmp
wcscmp
iswspace
memmove_s
_CxxThrowException
memcpy_s
memset
_snwprintf_s
__CxxFrameHandler3
_purecall
??3@YAXPAX@Z

scewxmlw

ord70
ord111
ord93
ord103
ord104

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSACleanup
gethostbyname
gethostname
WSAStartup
inet_ntoa

kernel32

GetVersionExW
GetFileSize
GetFullPathNameW
GetPrivateProfileIntW
TerminateThread
TryEnterCriticalSection
GetFileTime
MoveFileW
UnlockFile
LockFile
SetFilePointer
DuplicateHandle
SetLastError
WriteFile
ReadFile
RemoveDirectoryW
WideCharToMultiByte
CreateDirectoryW
GetFileAttributesExW
LocalFileTimeToFileTime
GetTimeFormatW
GetDateFormatW
CompareFileTime
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
CreateMutexW
ReleaseMutex
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetLocaleInfoW
CreateProcessW
GlobalAlloc
GlobalFree
VerifyVersionInfoW
VerSetConditionMask
DeviceIoControl
SetErrorMode
GetExitCodeThread
GetSystemTime
WritePrivateProfileStringW
LoadLibraryExW
SetFileAttributesW
GetFileAttributesW
lstrlenW
lstrcmpiW
SetFileTime
DosDateTimeToFileTime
LoadLibraryA
ExpandEnvironmentStringsA
InterlockedDecrement
CloseHandle
WaitForSingleObject
Sleep
CreateEventW
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetCurrentProcess
GetDiskFreeSpaceExW
GetLastError
CopyFileW
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
FormatMessageW
GetModuleFileNameW
OpenEventW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
OutputDebugStringW
MoveFileExW
GetTempPathW
GetSystemWindowsDirectoryW
GetModuleHandleW
SetProcessShutdownParameters
GetCommandLineW
SetProcessAffinityMask
SetEvent
MultiByteToWideChar
lstrlenA
CreateFileW
TerminateProcess
GetExitCodeProcess
OpenProcess
GetComputerNameW
GetPrivateProfileStringW
GetSystemDirectoryW
PulseEvent
GetWindowsDirectoryW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
InterlockedExchangeAdd
LeaveCriticalSection

advapi32

AddAce
InitializeAcl
IsValidSid
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetAclInformation
GetAce
GetSecurityInfo
SetSecurityInfo
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
AllocateAndInitializeSid
DeregisterEventSource
CreateProcessAsUserW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityDescriptorDacl
LookupAccountSidW
DuplicateTokenEx
RegQueryValueExA
RegOpenKeyExA
RegisterEventSourceW
GetTokenInformation
OpenProcessToken
GetUserNameW
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
QueryServiceConfigW
ImpersonateLoggedOnUser
RevertToSelf
SetThreadToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
ReportEventW

shell32

CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathW

shlwapi

PathGetDriveNumberW

msvcp90

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
?open@?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXPB_WHH@Z
??_D?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?close@?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ

user32

GetSystemMetrics
ExitWindowsEx
GetForegroundWindow
LoadStringW

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 11KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

24437e197764d5f8d14985cc1c866d1f

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

scewxmlw

version

ws2_32

kernel32

advapi32

shell32

shlwapi

msvcp90

user32

Sections

.text Size: 384KB - Virtual size: 383KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 11KB - Virtual size: 15KB

.rsrc Size: 74KB - Virtual size: 76KB

.text
Size: 384KB - Virtual size: 383KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 11KB - Virtual size: 15KB

.rsrc
Size: 74KB - Virtual size: 76KB