fad86771b01b7dd89e91ec50b128c23be38b119f37ac048952a1f167bd68aaeb

Sharing

Copy URL Twitter E-mail

General

Target

fad86771b01b7dd89e91ec50b128c23be38b119f37ac048952a1f167bd68aaeb
Size

142KB
MD5

4b79a1cbbc0b8a116574a5a24e98c830
SHA1

eb2de46e02094879495dc390e673edb02cf27e80
SHA256

fad86771b01b7dd89e91ec50b128c23be38b119f37ac048952a1f167bd68aaeb
SHA512

a9bae00c82ec41c7b0e1e86a375ce44764cab176494c3a82d3ed8d0f3405a2701217b95f3b0fee8ac611fdce098efef474460c17468cadff0d2158fea2e38320
SSDEEP

3072:oHmQcYmNRURvhutg3APgDIOXik/mwTtRc7Efa52qlRNOZYzwg:2mQR9vYuIOXjOMtWma5j0izw

Score

N/A

Malware Config

Signatures

Files

fad86771b01b7dd89e91ec50b128c23be38b119f37ac048952a1f167bd68aaeb
.exe windows x86

0f7903ac29363281e2c315f616bcb659

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ipc

?SessionSetSendFailHandler@@YAXPAXP6AX0PBD@Z@Z
?SessionManagerStop@@YA_NPAX@Z
?SessionPostPacket@@YA_NPAXPBUtagSharePacketData@@@Z
?SessionManagerWaitForEnd@@YAHPAX@Z
?SessionManagerStart@@YA_NPAXPBD@Z
?SessionManagerDestroy@@YAXPAX@Z
?SessionSetRecvPacketHandler@@YAXPAXP6AX0PBUtagSharePacketData@@@Z@Z
?SessionManagerInitSession@@YA_NPAX0PBD@Z
?SessionCreate@@YAPAXXZ
?SessionManagerCreate@@YAPAXXZ
?SessionSetUserData@@YAXPAX0@Z

kernel32

DeleteCriticalSection
GlobalLock
GlobalUnlock
InterlockedDecrement
lstrcmpW
MultiByteToWideChar
GetCommandLineW
MulDiv
OutputDebugStringW
GetCurrentProcess
GetLastError
GetModuleFileNameW
GlobalFree
GetCurrentThreadId
EnterCriticalSection
lstrlenW
FlushInstructionCache
InterlockedIncrement
SetLastError
RaiseException
LoadResource
GetSystemTimeAsFileTime
GetTickCount
LeaveCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
InterlockedCompareExchange
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LocalFree
LockResource
FindResourceExW
FindResourceW
SizeofResource
GetCurrentProcessId
InitializeCriticalSection
VirtualQuery
GlobalAlloc
QueryPerformanceCounter

user32

GetDC
GetParent
InvalidateRgn
GetClassInfoExW
DestroyWindow
UnregisterClassA
RegisterClassExW
LoadCursorW
GetWindowThreadProcessId
GetMessageW
FindWindowW
TranslateMessage
DispatchMessageW
RegisterWindowMessageW
EndPaint
IsChild
GetClassNameW
ReleaseDC
MoveWindow
GetDesktopWindow
ClientToScreen
GetClientRect
RedrawWindow
SetWindowTextW
GetDlgItem
DestroyAcceleratorTable
GetWindowTextW
GetSysColor
SetCapture
CreateAcceleratorTableW
SetWindowPos
InvalidateRect
CallWindowProcW
SetFocus
ReleaseCapture
SendMessageW
DefWindowProcW
ScreenToClient
GetWindowLongW
PostQuitMessage
GetWindow
FillRect
BeginPaint
CharNextW
GetFocus
GetWindowTextLengthW
IsWindow
CreateWindowExW
SetWindowLongW

gdi32

GetStockObject
GetDeviceCaps
CreateCompatibleDC
BitBlt
GetObjectW
CreateSolidBrush
DeleteObject
DeleteDC
SelectObject
CreateCompatibleBitmap

shell32

CommandLineToArgvW

ole32

OleInitialize
OleUninitialize
CLSIDFromString
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CoUninitialize
CoInitialize

oleaut32

SysAllocString
GetErrorInfo
LoadRegTypeLi
VariantInit
SysStringLen
SysAllocStringLen
OleCreateFontIndirect
VariantClear
LoadTypeLi
SysStringByteLen
SysFreeString

shlwapi

PathStripPathW

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
memset
_wtol
swprintf_s
free
vsprintf_s
memcpy
malloc
wcsncpy
_purecall
_vscprintf
_recalloc
_invalid_parameter_noinfo
vswprintf_s
??_V@YAXPAX@Z
memcpy_s
??0exception@std@@QAE@ABV01@@Z
_vscwprintf
??0exception@std@@QAE@ABQBD@Z
_wcsnicmp
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_CxxThrowException
__CxxFrameHandler3
??3@YAXPAX@Z
memmove_s
??2@YAPAXI@Z

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f7903ac29363281e2c315f616bcb659

Headers

File Characteristics

Imports

ipc

kernel32

user32

gdi32

shell32

ole32

oleaut32

shlwapi

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 69KB - Virtual size: 72KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 69KB - Virtual size: 72KB