4bbf9118a3bb9bcda93c87130cdbcc6d952047f6977b3bab3e141ad78f3be256

Sharing

Copy URL Twitter E-mail

General

Target

4bbf9118a3bb9bcda93c87130cdbcc6d952047f6977b3bab3e141ad78f3be256
Size

40KB
MD5

6a48ad00531ed6017acaafbe260935f2
SHA1

62343a679ac884bfa6a396477b976fb86b6129a5
SHA256

4bbf9118a3bb9bcda93c87130cdbcc6d952047f6977b3bab3e141ad78f3be256
SHA512

2cb71fc006af6d08c5e810af754fad2fed18f6513ef193006df3bfce69346cb4edb6e2d785b3e8bf94266256b5b007a74fd521fd7e6fd24c2abac45933ceb45d
SSDEEP

768:ZVgvnG7/tMxWUDzUaIvRYpTFTwPwwgkkhOHOL59wB:Z+YtQWcc2TFTYXg3OuL59u

Score

N/A

Malware Config

Signatures

Files

4bbf9118a3bb9bcda93c87130cdbcc6d952047f6977b3bab3e141ad78f3be256
.exe windows x86

3dab77e13288c9a454681f56955c12f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA

ndsapi

NDS_EnableDevice
NDS_SetLanManServerStatus

mfc80

ord310
ord5441
ord370
ord618
ord783
ord1482
ord578
ord5712
ord1185
ord764

msvcr80

_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
printf
_exit
atol
memset
sprintf
_splitpath
fopen
fgets
fprintf
ftell
fseek
atoi
fclose
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_CxxThrowException
_stricmp
_strnicmp
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
__CxxFrameHandler3
_controlfp_s

kernel32

GetProcessHeap
GetACP
GetLocaleInfoA
GetCurrentProcess
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InitializeCriticalSection
CreateEventA
CreateThread
CallNamedPipeA
SetEvent
DeleteCriticalSection
Sleep
GetTickCount
CreateNamedPipeA
SetProcessWorkingSetSize
ConnectNamedPipe
ReadFile
DisconnectNamedPipe
WriteFile
OpenProcess
GetThreadLocale
DuplicateHandle
EnterCriticalSection
LeaveCriticalSection
CreateFileA
CreateProcessA
WaitForSingleObject
CloseHandle
GetCurrentThreadId
GetVersionExA
GetModuleFileNameA
InterlockedExchange
GetLastError
GetLocalTime

user32

CloseDesktop
SetThreadDesktop
CloseWindowStation
OpenDesktopA
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
ControlService
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
SetServiceStatus
CreateServiceA
QueryServiceStatus
DeleteService
RegCloseKey
RegSetValueExA
RegCreateKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerA
OpenServiceA
StartServiceA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantClear
VariantInit

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dab77e13288c9a454681f56955c12f5

Headers

File Characteristics

Imports

shlwapi

ndsapi

mfc80

msvcr80

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB