23e80668a1cbf520142f9715cd75e59a3f1dd5b150fa1d4ded6eb9f21cefb7c1

Sharing

Copy URL

Twitter E-mail

General

Target

23e80668a1cbf520142f9715cd75e59a3f1dd5b150fa1d4ded6eb9f21cefb7c1
Size

416KB
MD5

561a619d082243eb4fbcecded027fae0
SHA1

b1dbaccb5bdac45ffdd3639f171082c9b528bc34
SHA256

23e80668a1cbf520142f9715cd75e59a3f1dd5b150fa1d4ded6eb9f21cefb7c1
SHA512

e10605bc75af4597f1fe0b7cdd5be7d4ce89799ffea4ca7f48cd89ba4482462d5e3a19193510f586feb9f8bd29c9fe19569b9a27d5c20d196425a283f0fc45f6
SSDEEP

6144:2KEeR/UZcvj29MA8ts6d/8PGH34ehH9sH73/Yoyjun8XZYyO9:2teR0cvj/06d/8Yg79yaEZS

Score

N/A

Malware Config

Signatures

Files

23e80668a1cbf520142f9715cd75e59a3f1dd5b150fa1d4ded6eb9f21cefb7c1
.exe windows x86

0b486cede4c57f6669c14dbfd8e4152d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord5016
ord4487
ord4486
ord4506
ord4956
ord971
ord2050
ord4639
ord5504
ord5952
ord4032
ord3263
ord420
ord720
ord2385
ord969
ord4382
ord3136
ord5820
ord640
ord2397
ord3904
ord6017
ord323
ord4376
ord4548
ord5116
ord4557
ord5086
ord5121
ord5122
ord2793
ord2732
ord2854
ord2442
ord535
ord1875
ord5747
ord4150
ord2985
ord3410
ord5018
ord3509
ord6340
ord5623
ord1003
ord3444
ord3782
ord3245
ord4691
ord3053
ord3060
ord6332
ord2502
ord5240
ord1739
ord5573
ord3167
ord5649
ord4415
ord4948
ord4853
ord4381
ord3449
ord3193
ord6171
ord4617
ord4424
ord734
ord715
ord4818
ord1258
ord5436
ord1081
ord5601
ord2753
ord5593
ord4016
ord4078
ord5616
ord1082
ord6077
ord4611
ord5706
ord1144
ord3437
ord4233
ord415
ord2238
ord3512
ord482
ord2644
ord5579
ord1662
ord922
ord3171
ord4124
ord4610
ord437
ord705
ord6379
ord6190
ord406
ord2371
ord6051
ord4073
ord1768
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5286
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord3397
ord4621
ord3605
ord567
ord656
ord1821
ord6195
ord879
ord882
ord3871
ord4270
ord6396
ord3688
ord1634
ord3568
ord3701
ord4292
ord4128
ord4294
ord3218
ord3216
ord4380
ord1093
ord2585
ord2034
ord777
ord1863
ord613
ord289
ord4312
ord5784
ord1257
ord2386
ord2121
ord2556
ord2555
ord6005
ord5783
ord5871
ord4282
ord4279
ord3133
ord5785
ord6437
ord5977
ord6211
ord2859
ord1083
ord1984
ord501
ord773
ord3566
ord5781
ord4215
ord2576
ord3649
ord2430
ord1637
ord5506
ord5819
ord3659
ord3998
ord5228
ord1173
ord1561
ord5264
ord2719
ord2722
ord2721
ord6466
ord3142
ord6238
ord1897
ord1912
ord4583
ord4893
ord4335
ord4343
ord4525
ord4539
ord4641
ord4520
ord4523
ord4518
ord4954
ord5236
ord3743
ord1718
ord4426
ord784
ord5256
ord1230
ord4327
ord4474
ord603
ord1961
ord273
ord3169
ord5762
ord6127
ord6212
ord4364
ord738
ord3251
ord5878
ord2915
ord2004
ord2447
ord6266
ord2363
ord4502
ord3312
ord996
ord2767
ord5031
ord3988
ord3971
ord786
ord5899
ord2957
ord1699
ord2453
ord430
ord519
ord1741
ord4037
ord1645
ord429
ord4607
ord5047
ord4608
ord4257
ord517
ord4883
ord4957
ord6185
ord2746
ord4018
ord4324
ord3792
ord6336
ord2246
ord2153
ord3764
ord2167
ord2513
ord6188
ord6182
ord5790
ord2508
ord1651
ord5261
ord4369
ord4846
ord4992
ord4704
ord6048
ord1767
ord5276
ord3379
ord4419
ord2527
ord4532
ord3351
ord3592
ord324
ord3087
ord4370
ord2291
ord2293
ord2634
ord1197
ord1196
ord4470
ord3084
ord4847
ord1761
ord3672
ord441
ord4229
ord4252
ord4224
ord3090
ord2519
ord3615
ord361
ord915
ord4186
ord400
ord702
ord4442
ord4679
ord4670
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord4143
ord1834
ord5867
ord2486
ord2619
ord2618
ord5879
ord2112
ord5082
ord4356
ord5278
ord6819
ord4718
ord975
ord5275
ord4237
ord3290
ord6150
ord2522
ord4360
ord4051
ord5467
ord4116
ord2381
ord5080
ord1703
ord1708
ord5230
ord6365
ord5058
ord5244
ord2436
ord3390
ord3725
ord807
ord554
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord2641
ord1658
ord4430
ord5248
ord4421
ord674
ord796
ord3808
ord529
ord366
ord2072
ord5996
ord2109
ord4451
ord6191
ord3865
ord1722
ord4332
ord4339
ord4484
ord4663
ord4724
ord4997
ord4915
ord5100
ord5013
ord5648
ord2853
ord2950
ord2785
ord1773
ord4477
ord3293
ord5451
ord6391
ord2006
ord5456
ord1868
ord1633
ord6567
ord6113
ord1202
ord2613
ord2977
ord4156
ord3189
ord3440
ord989
ord5613
ord3102
ord2176
ord2177
ord3943
ord5726
ord1995
ord5192
ord5936
ord4689
ord1143
ord3614
ord2855
ord2406
ord3621
ord1172
ord4154
ord5910
ord986
ord2627
ord2550
ord6065
ord3517
ord2506
ord4351
ord4199
ord2910
ord5568
ord5438
ord5193
ord6325
ord354
ord5180
ord268
ord3313
ord1971
ord665
ord2879
ord4604
ord788
ord4209
ord4269
ord940
ord941
ord4609
ord6343
ord861
ord942
ord538
ord4155
ord5499
ord2810
ord3191
ord3442
ord641
ord858
ord860
ord5746
ord6399
ord561
ord540
ord815
ord800
ord3733
ord4418
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341

msvcrt

wcschr
_wcsicmp
?terminate@@YAXXZ
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_c_exit
wcsncpy
time
srand
rand
_snwprintf
_wtol
_itow
_wtoi
_ftol
wcstok
_CxxThrowException
wcscpy
_wcsupr
_wsplitpath
wcsncmp
wcscat
wcslen
__CxxFrameHandler
wcscmp
wcsstr
iswalpha
_cexit

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegSetValueW
RegDeleteKeyW
RegOpenKeyExA

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrcpyW
GetModuleHandleA
GetProcAddress
MultiByteToWideChar
LoadLibraryW
FormatMessageW
GetProfileStringW
GlobalAlloc
GlobalFree
MulDiv
LocalUnlock
LocalAlloc
LocalLock
SetLastError
SetErrorMode
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetLocaleInfoW
GetCurrentDirectoryW
GlobalLock
GlobalUnlock
GetCommandLineW
GetWindowsDirectoryW
LocalFree
SetCurrentDirectoryW
lstrlenW
GetModuleFileNameW
GetFileAttributesW
GetLastError
CloseHandle
FreeLibrary
LoadLibraryA
GetUserDefaultUILanguage
GetVersionExW
GetVersion
GetComputerNameW
CreateDirectoryW
HeapAlloc
GetProcessHeap
HeapFree
GetStartupInfoW

gdi32

GetObjectW
GetStockObject
SelectObject
GetTextExtentPoint32W
BitBlt
DPtoLP
SetBrushOrgEx
CreateCompatibleBitmap
CreatePen
EnumFontFamiliesW
PathToRegion
DeleteObject
WidenPath
EndPath
BeginPath
PatBlt
RoundRect
Rectangle
Polygon
Ellipse
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
RectInRegion
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgnIndirect
CreateFontIndirectW
CreateBrushIndirect
CreatePenIndirect
GetEnhMetaFileBits
CloseEnhMetaFile
CreateEnhMetaFileW
GetDeviceCaps
CreateDCW
CreateCompatibleDC
GetCurrentObject
GetTextMetricsW

user32

EnableWindow
SetRect
InflateRect
IntersectRect
UnionRect
GetClientRect
InvalidateRect
CreateWindowExW
DestroyWindow
GetKeyState
GetSysColor
OffsetRect
DrawFocusRect
GetCapture
SetCapture
SetCaretPos
ReleaseCapture
SetCursor
CreatePopupMenu
AppendMenuW
ClientToScreen
ScreenToClient
UpdateWindow
InSendMessage
GetSysColorBrush
GetSystemMetrics
DestroyCaret
SetFocus
IsClipboardFormatAvailable
SystemParametersInfoW
GetWindowLongW
GetMessagePos
RegisterClipboardFormatW
GetFocus
GetWindowContextHelpId
WinHelpW
PostMessageW
GetParent
SetForegroundWindow
GetMenu
GetDlgItem
MessageBoxW
SetWindowLongW
ReleaseDC
CreateCaret
GetWindowDC
EqualRect
CopyRect
SendMessageW
IsIconic
LoadCursorW
LoadIconW
wsprintfW
SetProcessDefaultLayout
RegisterWindowMessageW
IsRectEmpty

comdlg32

GetSaveFileNameW
GetOpenFileNameW

shell32

ShellAboutW
CommandLineToArgvW
SHGetFileInfoW

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0b486cede4c57f6669c14dbfd8e4152d

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

comdlg32

shell32

Sections

.text Size: 126KB - Virtual size: 126KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 94KB - Virtual size: 93KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 126KB - Virtual size: 126KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 94KB - Virtual size: 93KB

.vmp0
Size: 192KB - Virtual size: 1.3MB