c11b7af216b73c832f9e6fab7b1b15a4609bfbbed06b45be798a1283e3cdd644

Sharing

Copy URL Twitter E-mail

General

Target

c11b7af216b73c832f9e6fab7b1b15a4609bfbbed06b45be798a1283e3cdd644
Size

136KB
MD5

6a62878866f57c739121b8ccd6e7b914
SHA1

4c0843ff371fd09daa481ee514d8dfe5a0c25ceb
SHA256

c11b7af216b73c832f9e6fab7b1b15a4609bfbbed06b45be798a1283e3cdd644
SHA512

da465200d0a57193d69013e06486b47eddac82ea8b5992d92da7f41bca293c91a272d7d7cc020b7567a7d2c43dab2e3c08b243982750826021e3bf8df823b3f1
SSDEEP

1536:MZLehnakoZZuzO+5VHJWdLGtDTcQBv8qhQmc+wCX23hF8IITmhvCHD5AExhbuTBD:8uppWR04AIITYO5AExhVdtA/

Score

N/A

Malware Config

Signatures

Files

c11b7af216b73c832f9e6fab7b1b15a4609bfbbed06b45be798a1283e3cdd644
.exe windows x86

16be74ed0c593ecbac830f192507cbad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
FindFirstFileW
lstrlenW
lstrcpyW
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
lstrcmpiW
GetModuleFileNameW
GetCurrentThread
InterlockedIncrement
lstrcpynW
lstrcatW
GetCurrentThreadId
FindClose
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetCommandLineW
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
GetStartupInfoW
GetModuleHandleA
LocalFree
lstrcmpW
CreateIoCompletionPort
CloseHandle
ResumeThread
DeleteFileW
ReadDirectoryChangesW
GetQueuedCompletionStatus
GetLongPathNameW
GetFileAttributesW
CreateEventW
SetEvent
GetTickCount
PostQueuedCompletionStatus
WaitForSingleObject
Sleep
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
CreateFileW
DeviceIoControl
GetLastError
GetWindowsDirectoryW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateDirectoryW
FreeLibrary

user32

UnregisterClassA
DestroyWindow
CallWindowProcW
UnregisterClassW
wsprintfW
PostMessageW
SetWindowLongW
CharNextW
GetClassInfoExW
LoadCursorW
GetWindowLongW
PostThreadMessageW
DefWindowProcW
RegisterClassExW
DispatchMessageW
GetMessageW
CreateWindowExW

advapi32

RegisterServiceCtrlHandlerExW
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey
OpenServiceW
OpenSCManagerW
CreateServiceW
DeleteService
ControlService
SetServiceStatus
OpenProcessToken
OpenThreadToken
StartServiceCtrlDispatcherW
CloseServiceHandle

ole32

CoTaskMemAlloc
CoUninitialize
CoInitialize
CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
StringFromGUID2
CoInitializeSecurity
CoTaskMemRealloc

shell32

SHGetSpecialFolderPathW

oleaut32

LoadRegTypeLi
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysReAllocString
SysAllocStringLen
VariantClear
SysStringLen
SysFreeString
SysAllocString
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

shlwapi

PathFindExtensionW

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Nomemory@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr71

__security_error_handler
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_controlfp
_exit
malloc
memcmp
_wcsicmp
fwrite
_wfopen
fread
fclose
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove
wcsncpy
_c_exit
_callnewh
wcscpy
memcpy
_purecall
realloc
_XcptFilter
memset
_wtol
swprintf
??3@YAXPAX@Z
_except_handler3
??_V@YAXPAX@Z
free
wcscat
wcslen
wcschr
wcsncat
_beginthreadex
__CxxFrameHandler
wcsrchr
wcsstr
_wcsnicmp
_endthreadex
_resetstkoflw

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16be74ed0c593ecbac830f192507cbad

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

msvcp71

msvcr71

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 44KB - Virtual size: 41KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 44KB - Virtual size: 41KB