85a79628c147fff1d0e2264f90b773fa9794595bdd22853e551126c52b81b9ac

Sharing

Copy URL Twitter E-mail

General

Target

85a79628c147fff1d0e2264f90b773fa9794595bdd22853e551126c52b81b9ac
Size

906KB
MD5

6a145dc9a06f35e5d2ab8509d7d172f0
SHA1

427c748e86dc476c328f6766efb322606565a446
SHA256

85a79628c147fff1d0e2264f90b773fa9794595bdd22853e551126c52b81b9ac
SHA512

3eb80a98463e23d3b534cf924cada5dfd91e26d3af05023ba9fedd1ac779aa7dfc8e78cebd87a255bbed157a43d8cda4eeb3a3fe09c4c2ebf91b72aa1d45a847
SSDEEP

24576:gz1rKKCLcb09xsOIE8zvkMWkMU8I/w3j0Mp5x182ACG+XsLlP+piY:81rKK9I84+zqsLlWoY

Score

N/A

Malware Config

Signatures

Files

85a79628c147fff1d0e2264f90b773fa9794595bdd22853e551126c52b81b9ac
.exe windows x86

9456b067236526fa68cecca6aabd153a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
LoadLibraryExA
Sleep
SetDllDirectoryW
OutputDebugStringW
GetPrivateProfileStringW
CreateProcessW
OpenEventW
CloseHandle
GetModuleFileNameW
FindFirstFileW
FormatMessageW
SetLastError
InterlockedExchange
GetModuleHandleW
CreateEventA
GetTickCount
LoadLibraryExW
GetSystemTimeAsFileTime
QueryPerformanceCounter
DecodePointer
EncodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
HeapSize
HeapReAlloc
HeapDestroy
LocalFree
LocalAlloc
GetCurrentThreadId
WaitForSingleObject
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetUserDefaultLCID
IsValidLocale
GetUserDefaultUILanguage
GetProcessHeap
CreateEventW
GetTempPathW
GetCurrentProcessId
HeapFree
HeapAlloc
GetFullPathNameW
SetEvent
FindClose
CreateFileW
GetVersionExW
GetLocalTime
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
WideCharToMultiByte
MultiByteToWideChar

advapi32

GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeSelfRelativeSD
GetSecurityDescriptorLength
GetSecurityDescriptorControl
MakeAbsoluteSD
InitializeSecurityDescriptor
RegDeleteKeyW
RegEnumKeyExW
RegEnumValueW
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetLengthSid
IsValidSid
InitializeAcl
AddAce
GetAclInformation
GetSecurityDescriptorOwner
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegFlushKey
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
GetSecurityDescriptorGroup
SetSecurityDescriptorDacl
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptDestroyKey
CryptDeriveKey
CryptReleaseContext
CryptAcquireContextW
StartServiceW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteW

msvcp110

??_7ios_base@std@@6B@
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Add_vtordisp1@?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Add_vtordisp2@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ

shlwapi

PathFindFileNameA

msvcr110

fputc
_CxxThrowException
memcpy
memset
fprintf
??3@YAXPAX@Z
free
memmove
memcpy_s
??2@YAPAXI@Z
wcsncpy_s
_snprintf_s
strncmp
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
wcsnlen
_wtoi
strncpy
wcsncpy
_recalloc
calloc
_purecall
swprintf_s
_vscwprintf
vswprintf_s
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
fgetc
ungetc
_lock_file
_unlock_file
fwrite
_fseeki64
fgetpos
fsetpos
setvbuf
fflush
fclose
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
_wgetenv
_wputenv
??8type_info@@QBE_NABV0@@Z
_errno
atof
isalpha
tolower
strchr
ceil
strstr
floor
isdigit
atoi
qsort
sprintf
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
__CxxFrameHandler3
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
memmove_s
malloc
_vsnprintf_s
isspace
isalnum
wcscpy_s
strncpy_s
_vsnwprintf_s
wcstol
_itow_s
_waccess
_wsplitpath

crypt32

CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptQueryObject
CryptMsgGetParam

wintrust

WinVerifyTrust

user32

FindWindowW
RegisterWindowMessageW
PostMessageW

Sections

.text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 604KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9456b067236526fa68cecca6aabd153a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

msvcp110

shlwapi

msvcr110

crypt32

wintrust

user32

Sections

.text Size: 200KB - Virtual size: 200KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 31KB - Virtual size: 35KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 604KB - Virtual size: 2.3MB

.text
Size: 200KB - Virtual size: 200KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 31KB - Virtual size: 35KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 604KB - Virtual size: 2.3MB