a4d283ecff8ec6909ad53bae2d2d18191c96d68627e728cdb310732437535b07

Sharing

Copy URL Twitter E-mail

General

Target

a4d283ecff8ec6909ad53bae2d2d18191c96d68627e728cdb310732437535b07
Size

168KB
MD5

60ba3e945a9cc23d3a9465648f04a88e
SHA1

fb421097d626e756121cbcc53b67f3516e1e0839
SHA256

a4d283ecff8ec6909ad53bae2d2d18191c96d68627e728cdb310732437535b07
SHA512

fdd4116c6b053e6d6e7092e9718a3456813b3a08bd9b1b2e5515762e3e7cfe434fcb7f00d0739c63784721b782289f46e82d4c967cee41010955ac4bf9cef00d
SSDEEP

3072:qay0VZXn2cdH2weLYVZOdDG0Sq0dhaSmHFt0SBdRl9QdCao8gEQOsPZHYW2e6Di:qQZbddeRZ0HaHlt0WQdCao8m6HDi

Score

N/A

Malware Config

Signatures

Files

a4d283ecff8ec6909ad53bae2d2d18191c96d68627e728cdb310732437535b07
.exe windows x86

f73b28816328c1d53ed2f41c3649eba8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
GetCurrentProcess
CancelIo
CreateFileW
GetQueuedCompletionStatus
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
lstrcpyW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
GetModuleFileNameW
GetModuleHandleW
Sleep
CreateThread
lstrcpynW
lstrcatW
GetCurrentThreadId
InterlockedIncrement
ReadDirectoryChangesW
CreateMutexW
SetLastError
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
GetProcAddress
CreateIoCompletionPort
PostQueuedCompletionStatus
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
ExitProcess
GetVersionExA
GetExitCodeThread
IsBadReadPtr
WaitForSingleObject
SetEvent
CreateEventW
GetFileAttributesW
GetTickCount
lstrlenW
OpenEventW
InterlockedDecrement
CloseHandle
GetEnvironmentVariableA
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection

user32

DefWindowProcW
PostMessageW
CreateWindowExW
RegisterClassW
DestroyWindow
SetWindowLongW
UnregisterClassW
CharUpperW
PostThreadMessageW
GetMessageW
DispatchMessageW
TranslateMessage
CharNextW
GetWindowLongW
KillTimer
RegisterWindowMessageW
SetTimer
MessageBoxA
PostQuitMessage

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize

oleaut32

SysAllocStringByteLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringByteLen

shlwapi

PathFindExtensionW
PathRemoveBackslashW
PathFindFileNameW
PathAppendW
SHRegCloseUSKey
SHRegCreateUSKeyW
SHRegDeleteUSValueW
SHRegWriteUSValueW
SHRegQueryUSValueW

msvcp71

?_Nomemory@std@@YAXXZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0@Z

msvcr71

_vsnwprintf
_wcsicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
__security_error_handler
??1type_info@@UAE@XZ
_callnewh
memset
wcslen
_beginthreadex
atoi
realloc
wcsncpy
_except_handler3
wprintf
_purecall
??3@YAXPAX@Z
_CxxThrowException
free
malloc
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
??_V@YAXPAX@Z

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f73b28816328c1d53ed2f41c3649eba8

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 2KB

.rrdata Size: 76KB - Virtual size: 76KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 2KB

.rrdata
Size: 76KB - Virtual size: 76KB