49f6900c3e6bd4dcfb10c3aea471f7cce6986e705afb82650507664795dd1aea

Sharing

Copy URL Twitter E-mail

General

Target

49f6900c3e6bd4dcfb10c3aea471f7cce6986e705afb82650507664795dd1aea
Size

402KB
MD5

38002eebcb5c05b6cdea0452f5aa5540
SHA1

7beb93db49fc713df3d727c4e0160f0fb95f45b0
SHA256

49f6900c3e6bd4dcfb10c3aea471f7cce6986e705afb82650507664795dd1aea
SHA512

1c1cb4a07d6b1c0b9cd3cd1f2f68ebbce244f33d406e87426176fa3342b07fc6445374b197096f66e99cadf921485302d293ccb00ebf67204591e23070006ac9
SSDEEP

6144:QMsnr2ac3HlC1RC/2RxLvkJ8Ic/1+KwYjumhS4wuwqJI4SyAseJ/r:Qfr2a8ajRpvcy1+Kbqmc4TTAsY

Score

N/A

Malware Config

Signatures

Files

49f6900c3e6bd4dcfb10c3aea471f7cce6986e705afb82650507664795dd1aea
.dll windows x86

1fa4c25ad24eb5b40aa7101a5f7c60dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

tolower
qsort
memmove
memcpy
malloc
iswspace
iswpunct
iswdigit
iswalpha
free
floor
ferror
_vsnwprintf
_vsnprintf
_unlock
_stricmp
_pwctype
_purecall
_onexit
_lock
_isnan
_initterm
_finite
_controlfp
_amsg_exit
__wgetmainargs
__threadid
__dllonexit
__CxxFrameHandler
_XcptFilter
_CIsqrt
_CIsin
_CIcos
_CIatan2
_CIatan
_CIasin
_CIacos

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

UnhandledExceptionFilter
TerminateProcess
SetUnhandledExceptionFilter
RtlUnwind
ReleaseMutex
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForMultipleObjects
WaitForSingleObject
WriteFile
VirtualAlloc
CreateFileA
CreateIoCompletionPort
CreateMutexA
CreateThread
DebugBreak
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
ExitProcess
FindResourceA
FindResourceW
FreeConsole
FreeLibrary
GetCommandLineA
GetConsoleScreenBufferInfo
GetCurrentConsoleFont
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
OutputDebugStringA
GetExitCodeThread
GetFileSize
GetFileSizeEx
GetFullPathNameW
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcessPriorityBoost
GetSystemTimeAsFileTime
GetTickCount
GetUserDefaultLCID
GetVersion
GlobalMemoryStatusEx
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
GetCurrentThreadId

gdi32

SetBkMode
SelectObject
Pie
MoveToEx
GetTextMetricsA
GetPixelFormat
GetObjectW
GetObjectA
GetDIBits
GetCharacterPlacementW
SetMapMode
ExtTextOutW
ExtTextOutA
DeleteObject
DeleteDC
CreateFontIndirectW
CreateFontIndirectA
CreateDIBSection
CreateCompatibleDC
CloseMetaFile
CloseFigure
SetTextAlign
SetTextColor
TranslateCharsetInfo
GetCharacterPlacementA

ole32

CreateStreamOnHGlobal

Exports

Exports

CreateLine
MatrixInverse
OpenDevice
SourceQueueBuffers
TypeFreeLdapModObject
mpegInGetNextCodedFrame
mpegSplitSeekTime

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fa4c25ad24eb5b40aa7101a5f7c60dc

Headers

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

ole32

Exports

Exports

Sections

.text Size: 81KB - Virtual size: 81KB

.rdata Size: 180KB - Virtual size: 179KB

.data Size: 70KB - Virtual size: 71KB

.rsrc Size: 64KB - Virtual size: 63KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 81KB - Virtual size: 81KB

.rdata
Size: 180KB - Virtual size: 179KB

.data
Size: 70KB - Virtual size: 71KB

.rsrc
Size: 64KB - Virtual size: 63KB

.reloc
Size: 5KB - Virtual size: 5KB