3991f7f8fb3c96b7ca8daa2d3272b6a65665dd6fbe6bf9fab480ba6c0bba4a23

Sharing

Copy URL Twitter E-mail

General

Target

3991f7f8fb3c96b7ca8daa2d3272b6a65665dd6fbe6bf9fab480ba6c0bba4a23
Size

152KB
MD5

5edbbd5374b880376564247e144f4ada
SHA1

ac6b5c1381e789ba908e23bfb125d8728af8753b
SHA256

3991f7f8fb3c96b7ca8daa2d3272b6a65665dd6fbe6bf9fab480ba6c0bba4a23
SHA512

8b83e2add40560bcafc7c231c88db91177c856358b3cd050835ff87084731a4ba7e99e3b8c585db31e10a47123115738c26b5d8a6aff692df8d5e73b1381cd69
SSDEEP

1536:fno1E2tnawMgYR+qGTxSi9TqpmmRRK/89JQIt+owVREQfMuvyycmeUZyW0UlnLbi:wjeFRA/uQTHnRlnHLy/0lIDM+

Score

N/A

Malware Config

Signatures

Files

3991f7f8fb3c96b7ca8daa2d3272b6a65665dd6fbe6bf9fab480ba6c0bba4a23
.dll windows x86

0978061d803762d805e8a32d85140032

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71

ord1098
ord371
ord1175
ord1084
ord293
ord577
ord266
ord265
ord1917
ord1187
ord1191
ord762
ord764

msvcr71

malloc
free
_resetstkoflw
_except_handler3
_vscwprintf
vswprintf
wcslen
strstr
printf
_snprintf
__CppXcptFilter
_adjust_fdiv
_initterm
_open
_lseek
_close
_write
_stricmp
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
memset
memmove
strncpy
realloc
srand
rand
_access
isspace
strchr
strpbrk
time
atoi
sprintf
_CxxThrowException
__CxxFrameHandler

kernel32

HeapReAlloc
OutputDebugStringW
HeapDestroy
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
LocalFree
LoadLibraryA
CreateThread
GetCurrentThreadId
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FreeLibrary
GetModuleHandleA
lstrcmpA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
GetCurrentProcess
FlushInstructionCache
MulDiv
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapFree
DeleteFileA
GetWindowsDirectoryA
CreateProcessA
GetProcessId
Thread32First
Thread32Next
GetModuleFileNameA
Sleep
WritePrivateProfileStringA
GetTickCount
HeapSize
OpenProcess
GetPriorityClass
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetPrivateProfileStringA
LeaveCriticalSection
EnterCriticalSection
lstrlenA
lstrlenW
lstrcmpiA
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
RegisterClassA
LoadIconA
MessageBoxA
PeekMessageA
IsChild
GetWindow
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
DispatchMessageA
InvalidateRect
ReleaseDC
GetWindowTextA
GetClientRect
FillRect
SetCapture
ReleaseCapture
GetSysColor
DefWindowProcA
CreateWindowExA
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
IsWindow
PostQuitMessage
RegisterWindowMessageA
InvalidateRgn
GetWindowTextLengthA
UnregisterClassA
GetWindowLongA
SetWindowTextA
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CreateAcceleratorTableA
CharNextA
GetParent
GetClassNameA
SetWindowPos
DestroyWindow
RedrawWindow
DestroyAcceleratorTable
GetDlgItem
SetFocus
GetDC
GetFocus
SendMessageA

gdi32

DeleteObject
SelectObject
DeleteDC
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

shlwapi

PathFileExistsA

ole32

OleUninitialize
OleInitialize
CoTaskMemRealloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysStringByteLen
SysAllocString
SysAllocStringLen
VariantInit
VariantChangeType
VariantCopy
VariantClear
SysFreeString
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen

Exports

Exports

?process4@@YAHH@Z
EngineProc
process1
process2
process3

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HookData
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

Sharing

General

Malware Config

Signatures

Files

0978061d803762d805e8a32d85140032

Headers

File Characteristics

Imports

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 96KB - Virtual size: 95KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 70KB

HookData Size: 4KB - Virtual size: 4B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 96KB - Virtual size: 95KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 70KB

HookData
Size: 4KB - Virtual size: 4B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 12KB - Virtual size: 10KB