6de7ec0906863e79667f591205021dd2d63483354eb7efb84b67d7ab9f16b5c6

Sharing

Copy URL

Twitter E-mail

General

Target

6de7ec0906863e79667f591205021dd2d63483354eb7efb84b67d7ab9f16b5c6
Size

109KB
MD5

950b6f6e14dfa04a379955cc29a0bc5c
SHA1

8022fd5d604ca6685afab43f5074c36850f6a4de
SHA256

6de7ec0906863e79667f591205021dd2d63483354eb7efb84b67d7ab9f16b5c6
SHA512

3f88909abac22278c08e3307e3bf6b128dc6af14569311cdf8ddc2526d65cff6716b04cda392ffdce10bf2e75ec17607033b3d250bb3398547305ece23e2133a
SSDEEP

3072:r7rJUte/POrztF/pstBaDqwONnct437Bl3N2Urb:r7rJl4tF/p/uwONct43j92U

Score

N/A

Malware Config

Signatures

Files

6de7ec0906863e79667f591205021dd2d63483354eb7efb84b67d7ab9f16b5c6
.exe windows x86

c43fb47837b6c97de1e690809a85d35a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc120u

ord11964
ord9020
ord11601
ord11600
ord5557
ord10169
ord10165
ord10167
ord10168
ord10166
ord2719
ord8092
ord3260
ord3263
ord13616
ord6123
ord462
ord2173
ord2204
ord7384
ord10353
ord887
ord1386
ord10919
ord6436
ord9091
ord9116
ord12048
ord2718
ord13612
ord6121
ord3122
ord3361
ord3362
ord11271
ord10896
ord8921
ord12006
ord286
ord1520
ord2347
ord2343
ord4280
ord1518
ord6853
ord500
ord1139
ord6763
ord3806
ord2843
ord14465
ord12457
ord12625
ord13839
ord4774
ord5825
ord305
ord2968
ord14271
ord14277
ord1688
ord1648
ord8243
ord12793
ord8641
ord8640
ord14274
ord14280
ord8595
ord12756
ord4700
ord4623
ord4622
ord12636
ord2949
ord1689
ord1692
ord1694
ord1695
ord1691
ord1527
ord1528
ord4874
ord1043
ord310
ord316
ord4281
ord3795
ord8352
ord8268
ord12736
ord8206
ord5262
ord2444
ord12412
ord12413
ord14448
ord7806
ord14454
ord9279
ord4109
ord4047
ord12818
ord7825
ord1992
ord11857
ord11858
ord14326
ord12402
ord7884
ord14526
ord6251
ord14528
ord6253
ord14527
ord6252
ord3809
ord5821
ord12114
ord12122
ord4546
ord8099
ord10314
ord12126
ord12094
ord12799
ord5157
ord5454
ord5664
ord9231
ord5430
ord5667
ord5160
ord5316
ord5137
ord7609
ord7610
ord7600
ord5314
ord8101
ord10131
ord9090
ord6758
ord1471
ord999
ord7543
ord1110
ord6392
ord6469
ord3839
ord296
ord1042
ord4772
ord2262
ord1108
ord4049
ord3898
ord4843
ord3223
ord1506
ord266
ord265
ord8365
ord1348
ord4909
ord4459
ord9574
ord4451
ord3013
ord14449
ord7807
ord14455
ord6774
ord11592
ord13563
ord5838
ord2640
ord11999
ord819
ord2163
ord2261
ord7881
ord3330
ord3329
ord14447
ord11811
ord8846
ord12095
ord6875
ord10883
ord9137
ord3224
ord13738
ord12134
ord12132
ord1711
ord1723
ord1731
ord1727
ord1736
ord4879
ord4920
ord4887
ord4899
ord4895
ord4891
ord4928
ord4916
ord4883
ord4932
ord4905
ord1649
ord4867
ord12043
ord5693
ord1525
ord10136
ord1698
ord1467
ord992
ord7542
ord2367
ord11837
ord1508

msvcr120

memcpy
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
memset
free
malloc
_mktime64
_time64
atoi
_snprintf
_snwprintf
__CxxFrameHandler3

kernel32

GetModuleFileNameW
GetProcAddress
OutputDebugStringW
CreateThread
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
GetExitCodeThread
WaitForSingleObject
LoadLibraryW
GetVersionExW
CloseHandle
CreateEventW
DeleteCriticalSection
DecodePointer
GetLastError
InitializeCriticalSectionEx
Sleep
lstrcpynW
lstrlenW

user32

TranslateMessage
GetMessageW
GetClientRect
IsWindow
DrawIcon
GetDesktopWindow
GetSystemMetrics
IsIconic
SendMessageW
LoadIconW
EnableWindow
DispatchMessageW

comctl32

InitCommonControlsEx

ws2_32

inet_ntoa
inet_addr
gethostbyname
WSAConnect
WSASend
WSAEnumNetworkEvents
WSARecv
closesocket
WSAWaitForMultipleEvents
WSAEventSelect
shutdown
WSASocketW
WSAGetLastError
setsockopt
WSACleanup
WSAStartup
htons
ntohl
ntohs
htonl

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c43fb47837b6c97de1e690809a85d35a

Headers

DLL Characteristics

File Characteristics

Imports

mfc120u

msvcr120

kernel32

user32

comctl32

ws2_32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 69KB - Virtual size: 68KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 69KB - Virtual size: 68KB

.reloc
Size: 3KB - Virtual size: 3KB