2b5e31aa4252172f3344d8f55ba7b90c10f29af8265b77caab4485d476e645b4

Sharing

Copy URL Twitter E-mail

General

Target

2b5e31aa4252172f3344d8f55ba7b90c10f29af8265b77caab4485d476e645b4
Size

154KB
MD5

4cfae0d303e681cda71b496c6e649942
SHA1

1ad7034d9a60e11ec234fcea406fdfda1f520c58
SHA256

2b5e31aa4252172f3344d8f55ba7b90c10f29af8265b77caab4485d476e645b4
SHA512

0d207e0f75eee43fa50fce1d186b681fba8ac77663a7e3f2de73485551318e893ec4890641ba0ecf27c3593c4d74acfbb7781069c5404f7c540f69426453ae98
SSDEEP

3072:GfBDsXHVnwg5sdB0DTCYUdnX827HAMH0UwPtnOupcE0CEND9YuUP:G5DsXHVnwRdB0HCYsntgI0xOCc2ENDcP

Score

N/A

Malware Config

Signatures

Files

2b5e31aa4252172f3344d8f55ba7b90c10f29af8265b77caab4485d476e645b4
.exe windows x86

0af2b618743ff41998b7e50d2d85c46b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup

upnpdevice_renderer9

?Start@CUPnPDevice_Renderer@@QAEKXZ
?Stop@CUPnPDevice_Renderer@@QAEKXZ
??1CUPnPDevice_Renderer@@QAE@XZ
??0CUPnPDevice_Renderer@@QAE@PAVIUPnPDevice_Renderer_CB@@PAD@Z

kernel32

DeleteCriticalSection
RaiseException
LeaveCriticalSection
EnterCriticalSection
Sleep
GetTickCount
DefineDosDeviceW
GetCommandLineW
QueryDosDeviceW
GetCurrentThreadId
CreateThread
lstrcpynW
SizeofResource
FindResourceExW
CloseHandle
WaitForSingleObject
lstrcatW
SetEvent
GetStartupInfoW
GetModuleHandleA
ExitProcess
lstrcmpiW
LoadResource
LoadLibraryExW
FindResourceW
CreateEventW
HeapSize
GetProcessHeap
LocalFree
MultiByteToWideChar
FreeLibrary
GetLastError
lstrcpyW
lstrlenW
GetModuleFileNameW
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
HeapDestroy
HeapAlloc
LockResource
HeapFree
HeapReAlloc

user32

DispatchMessageW
SetTimer
TranslateMessage
MessageBoxW
PostThreadMessageW
KillTimer
CharNextW
CharUpperW
LoadStringW
GetMessageW

advapi32

SetServiceStatus
ReportEventW
DeregisterEventSource
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
ControlService
DeleteService
OpenServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
ChangeServiceConfig2W
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegisterEventSourceW

ole32

CoRegisterClassObject
StringFromGUID2
CoInitialize
CoUninitialize
CoInitializeSecurity
CoCreateInstance
OleRun
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject

oleaut32

SysAllocStringByteLen
UnRegisterTypeLi
SysAllocString
RegisterTypeLi
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysFreeString
VarUI4FromStr

msvcr71

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_strnicmp
__wgetmainargs
_amsg_exit
__set_app_type
_controlfp
_wcmdln
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
strncmp
strlen
sprintf
strcpy
malloc
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
_purecall
_CxxThrowException
memset
_except_handler3
??_V@YAXPAX@Z
memcpy
??_U@YAPAXI@Z
memcmp
free
realloc
printf
_wtol
wcsstr
rand
srand
wcslen
wcscpy
wcsncmp
_putws
vswprintf
memmove
wcsncpy

shlwapi

PathFindExtensionW

cpscommontools9

??0CMGIShellNameSplitter@@QAE@PBGK@Z
?Compose@CMGIShellNameSplitter@@QAEPBGK@Z
?SetProtocol@CMGIShellNameSplitter@@QAEXPBG@Z
??1CMGIShellNameSplitter@@UAE@XZ

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.9rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0af2b618743ff41998b7e50d2d85c46b

Headers

File Characteristics

Imports

ws2_32

upnpdevice_renderer9

kernel32

user32

advapi32

ole32

oleaut32

msvcr71

shlwapi

cpscommontools9

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 4KB

.9rdata Size: 68KB - Virtual size: 68KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 4KB

.9rdata
Size: 68KB - Virtual size: 68KB