ff6cc0d94d17c100d6e5c6ba6bf636e650a1646c45863ed4709c123a4d5af76b

Sharing

Copy URL Twitter E-mail

General

Target

ff6cc0d94d17c100d6e5c6ba6bf636e650a1646c45863ed4709c123a4d5af76b
Size

169KB
MD5

6b447486b2f9b4c7f9f66d3d9228eb9c
SHA1

0cfa025bc1ec6ae66c9bf26e62c32cb62b86b8ed
SHA256

ff6cc0d94d17c100d6e5c6ba6bf636e650a1646c45863ed4709c123a4d5af76b
SHA512

35658f16bfb91db803a97cb141dbafc1cd9f4dc7b9bef9d6234d1e39d818122820f39afb63ec27c297a8cbc54a719face737e213ec70ebf58437cd5f30d0b5a8
SSDEEP

3072:r8MjGdgCoID/lh66+lZONIBnZecOht9xQ6rJSqi6l14NoQRIzck:reb66wZOhbxQa02n4NoYIzb

Score

N/A

Malware Config

Signatures

Files

ff6cc0d94d17c100d6e5c6ba6bf636e650a1646c45863ed4709c123a4d5af76b
.exe windows x86

1c9a33dfecf78baca9f160a0f108cf19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableW
CreateMutexW
ReleaseMutex
GetProcAddress
GetCurrentProcess
MultiByteToWideChar
LoadLibraryA
VirtualProtect
VirtualQuery
SetLastError
FindActCtxSectionGuid
LoadLibraryW
FreeLibrary
GetEnvironmentVariableW
GetTickCount
GetCurrentProcessId
GetCommandLineW
CloseHandle
GetCurrentThreadId
InterlockedDecrement
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedIncrement
CreateThread
FreeConsole
Sleep
SetEvent
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
TerminateProcess
GetStartupInfoW
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
IsDebuggerPresent
EnterCriticalSection
GetLastError
RaiseException
WaitForSingleObject
InterlockedCompareExchange

user32

TranslateMessage
DispatchMessageW
GetMessageW
PostThreadMessageW
CharNextW
CharUpperW
MessageBoxW

advapi32

RegCloseKey
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoRegisterClassObject
CoInitializeSecurity
CoSuspendClassObjects
CoResumeClassObjects
CLSIDFromString
CoRegisterSurrogate
CoGetClassObject
StringFromGUID2
CoCreateGuid
CoRevokeClassObject
CoInitializeEx

oleaut32

VariantClear

msvcp80

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?setf@ios_base@std@@QAEHHH@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?eof@?$char_traits@_W@std@@SAGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@_W@std@@SAIPB_W@Z
??Bios_base@std@@QBEPAXXZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z

msvcr80

??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
__CxxFrameHandler3
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
memcpy_s
_purecall
??2@YAPAXI@Z
_wcsnicmp
_wtoi
free
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
_itow_s
memset
malloc
??_V@YAXPAX@Z
_wcsicmp
_stricmp
calloc
_snwprintf_s
wcsncpy_s
vswprintf_s
wcsncmp
iswdigit
wcstol
_wcslwr_s
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
memmove_s

dbghelp

ImageNtHeader
ImageDirectoryEntryToData

psapi

EnumProcessModules

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c9a33dfecf78baca9f160a0f108cf19

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

msvcr80

dbghelp

psapi

Sections

.text Size: 60KB - Virtual size: 56KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 4KB

.shared Size: 4KB - Virtual size: 4B

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 60KB - Virtual size: 56KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 4KB

.shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 72KB - Virtual size: 72KB