5e1d3ecf9d02bc73f0bfab3bcf25ba424b578a2394b97992323e906f942881c9

Sharing

Copy URL Twitter E-mail

General

Target

5e1d3ecf9d02bc73f0bfab3bcf25ba424b578a2394b97992323e906f942881c9
Size

320KB
MD5

0502619765506417af3d8000a43a84ea
SHA1

823e17a70b3a66fd17c55793a776d94d5ebe4a7e
SHA256

5e1d3ecf9d02bc73f0bfab3bcf25ba424b578a2394b97992323e906f942881c9
SHA512

09b3a6d02d37c5f2b315d868abaa90d5623dd8cc858b23e6dd398c5533a3bb70e65ca62c77f73ec61b40a2da19090e197f8dbdd8c5e324a3007ceceee30e5daf
SSDEEP

3072:A4B13YjFqSI0AgtwoiembhcYUPRrbB/NEjD1UAdsElGUKDr/4BOu0LB:AnI55oWUJnhNEj5HllWr4BOv

Score

N/A

Malware Config

Signatures

Files

5e1d3ecf9d02bc73f0bfab3bcf25ba424b578a2394b97992323e906f942881c9
.exe windows x86

ffd75c7a45c627072e8d17d5a8e02dec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

afccomm

LogOutLastError
SystemTimeToTime
IsValidTime
IsValidDate
TimeToSystemTime
DateTimeToTime
FormatStrToDateTime
InitializeLog
GetFileMapAddress
CreateFileMap
CloseFileMap
FlushFileMap
LockFileMap
UnlockFileMap
OpenMutualExclusion
CreateMutualExclusion
TimeToDateTime
LogOut

mfc80d

ord903
ord1940
ord1404
ord1588
ord483
ord662
ord888
ord929
ord303
ord5477
ord674
ord926
ord1095
ord316
ord310
ord1563
ord3200
ord893
ord270
ord7407
ord1153
ord3359
ord4724
ord1214
ord8683
ord9203
ord908
ord1724
ord2847
ord1034
ord3668
ord7691
ord5563
ord8694
ord7220
ord4568
ord499
ord794
ord3227
ord2143
ord1364
ord1475
ord2034
ord1046
ord1048
ord7420
ord5359
ord2945
ord4726
ord3362
ord1215
ord7410
ord3235
ord657
ord884
ord2613
ord2917
ord895
ord1565
ord1569
ord901
ord1363
ord269

msvcr80d

wcscpy_s
wcslen
_CrtDbgReportW
_resetstkoflw
__CxxFrameHandler3
memcpy
malloc
free
calloc
_recalloc
_purecall
_invoke_watson
printf
_get_heap_handle
sprintf
fprintf
__iob_func
_crtDbgFlag
memcmp
toupper
isdigit
isxdigit
atoi
strncmp
strlen
_strdup
_mbsnbcpy
strtoul
strtod
_mbscmp
_mbsicmp
strcpy
_mbsstr
_wassert
_mbschr
_mbsrev
strtol
_CrtDbgReport
_CRT_RTC_INITW
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_snprintf_s
_errno
_CxxThrowException
wcscpy
_vsnprintf_s
_vsnwprintf_s
_snwprintf_s
wcsncpy_s
strcpy_s
_wcsicmp
memmove_s
_decode_pointer
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
exit
__initenv
_CrtSetCheckCount
_initterm
_initterm_e
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
memset

kernel32

GetPrivateProfileSectionNamesA
CreateThread
TerminateThread
GetExitCodeThread
GetThreadPriority
SetThreadPriority
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
UnmapViewOfFile
VirtualAlloc
OutputDebugStringW
OutputDebugStringA
OpenEventA
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
FreeLibrary
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LoadLibraryA
GetProcAddress
IsDebuggerPresent
DebugBreak
RaiseException
InterlockedCompareExchange
GetCommModemStatus
ClearCommError
SetCommBreak
ClearCommBreak
PurgeComm
ReadFile
GetTickCount
WriteFile
GetOverlappedResult
GetCommTimeouts
SetCommTimeouts
CancelIo
WaitCommEvent
SetCommMask
GetCommState
SetCommState
SetupComm
GetDefaultCommConfigA
SetCommConfig
CreateFileA
CloseHandle
GetPrivateProfileStringA
WritePrivateProfileSectionA
SetEvent
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetLocalTime
GetCommandLineA
GetModuleHandleA
SetConsoleCtrlHandler
Sleep
CreateEventA
WaitForSingleObject
ResetEvent
GetLastError
lstrlenA
lstrcmpiA
lstrcmpiW
GetStringTypeExA
GetStringTypeExW
WideCharToMultiByte
lstrlenW
CompareStringA
CompareStringW
GetEnvironmentVariableA
MultiByteToWideChar
InterlockedExchange
GetVersion
GetEnvironmentVariableW

user32

CharUpperW
CharLowerA
CharLowerW
CharUpperA

oleaut32

SysFreeString

advapi32

RevertToSelf
OpenThreadToken
SetThreadToken

Sections

.textbss
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 228KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ffd75c7a45c627072e8d17d5a8e02dec

Headers

File Characteristics

Imports

afccomm

mfc80d

msvcr80d

kernel32

user32

oleaut32

advapi32

Sections

.textbss Size: - Virtual size: 100KB

.text Size: 228KB - Virtual size: 225KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 8KB - Virtual size: 7KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 12KB - Virtual size: 28KB

.textbss
Size: - Virtual size: 100KB

.text
Size: 228KB - Virtual size: 225KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 8KB - Virtual size: 7KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 12KB - Virtual size: 28KB