2d12231ca93b29b02046eaca53627038c41ffe04fa20dbda7c22f2f8b7b14808

Sharing

Copy URL Twitter E-mail

General

Target

2d12231ca93b29b02046eaca53627038c41ffe04fa20dbda7c22f2f8b7b14808
Size

78KB
MD5

5309fcbdc9b280d2d951a59178d8c5f5
SHA1

ba0f1ed80cd973feef6564586f23f27bbb5a0625
SHA256

2d12231ca93b29b02046eaca53627038c41ffe04fa20dbda7c22f2f8b7b14808
SHA512

e0ad0bbaa993808f7fe7c06cddc618755e821ffce7ce3b862005331a8227dabe0c13e3117dc9269f3616f346c2dec17ac86d8e5da7236f571860ef1bce9b5296
SSDEEP

1536:OYeuAYCKPc+5cLw/C9N5pftlGfgAt4yRbc3ffRyLzGvNSdU5SYs/O1TTqng+Wm1e:FIZKU+5ektvRbCfRyLyFk4ts/O1TTqnm

Score

N/A

Malware Config

Signatures

Files

2d12231ca93b29b02046eaca53627038c41ffe04fa20dbda7c22f2f8b7b14808
.dll windows x86

018bc9f7acfc6cdb9c9b28aba18f1c55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_itoa
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_except_handler4_common
calloc
_beginthreadex
wcslen
memset
realloc
strrchr
strchr
wcsncat
_wcsnicmp
wcschr
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
wcscmp
malloc
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
wcsstr
wcsrchr
_CxxThrowException
memcmp
strcpy
strcat
memmove
strlen
ceil
strstr
__CxxFrameHandler3
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
atoi
_strrev

avicap32

capGetDriverDescriptionW
capCreateCaptureWindowW

msvfw32

ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICSeqCompressFrame
ICOpen
ICSendMessage
ICSeqCompressFrameStart

kernel32

QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedCompareExchange
GetCurrentThreadId
GetVersionExW
lstrcmpiW
CreateToolhelp32Snapshot
GetCurrentProcessId
OpenProcess
LocalSize
Process32NextW
GetCurrentProcess
SetUnhandledExceptionFilter
CreateMutexA
SetErrorMode
OpenEventW
ReleaseMutex
GetSystemTimeAsFileTime
Process32FirstW
ExitProcess
CopyFileW
GetVersionExA
WideCharToMultiByte
CreatePipe
GetStartupInfoW
GetSystemDirectoryW
WaitForMultipleObjects
CreateEventW
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
CancelIo
Sleep
FreeLibrary
GetProcAddress
LoadLibraryW
ResetEvent
GetLastError
CreateDirectoryW
GetFileAttributesW
lstrcpyW
lstrlenW
CreateProcessW
lstrcatW
GetDriveTypeW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetLogicalDriveStringsW
FindClose
LocalFree
FindNextFileW
LocalReAlloc
FindFirstFileW
LocalAlloc
RemoveDirectoryW
DeleteFileW
GetFileSize
CreateFileW
WriteFile
SetFilePointer
MoveFileW
ReadFile
GetModuleFileNameW
MoveFileExW
GetTickCount
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
GlobalMemoryStatus

user32

wsprintfW
CharNextW
GetUserObjectInformationW
SetProcessWindowStation
DispatchMessageW
OpenWindowStationW
SetThreadDesktop
GetThreadDesktop
GetProcessWindowStation
CloseDesktop
TranslateMessage
OpenInputDesktop
OpenDesktopW
CloseWindow
SendMessageW
IsWindow
CreateWindowExW
GetMessageW

advapi32

OpenEventLogW
ClearEventLogW
CloseEventLog
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueW
RegCloseKey
RegEnumKeyExW
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
GetTokenInformation

shell32

SHGetSpecialFolderPathW

winmm

waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveInAddBuffer
waveInStart

wsock32

getsockname
socket
htons
WSACleanup
setsockopt
gethostbyname
ntohs
send
select
closesocket
recv
WSAStartup
gethostname

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

psapi

EnumProcessModules
GetModuleFileNameExW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

018bc9f7acfc6cdb9c9b28aba18f1c55

Headers

File Characteristics

Imports

msvcr90

avicap32

msvfw32

kernel32

user32

advapi32

shell32

winmm

wsock32

msvcp90

psapi

wtsapi32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB