cbed746e82b1a60ed771996884ee73e82b9598915ada70bd2749a5c46b51088c

Sharing

Copy URL Twitter E-mail

General

Target

cbed746e82b1a60ed771996884ee73e82b9598915ada70bd2749a5c46b51088c
Size

944KB
MD5

68b8b0dda8aaf010fb5a262ab0820430
SHA1

76c62ef2a201811757be3d5282cb18b00cf29d2b
SHA256

cbed746e82b1a60ed771996884ee73e82b9598915ada70bd2749a5c46b51088c
SHA512

099402336ec3161cd0065daf700f556fb5448d8a32cdad6311bf60e62514ab3bc593c7f8c05d8a4be5f2aa0fec8492b2a68ba55404fbadd3bc89ac29f60e60d5
SSDEEP

24576:+0hSik35fkZieeWQonYWMEW21BJgrbdQLDUDrFoNcV:ciEAKUY1sgrbdQLDWii

Score

N/A

Malware Config

Signatures

Files

cbed746e82b1a60ed771996884ee73e82b9598915ada70bd2749a5c46b51088c
.exe windows x86

7e73a20c1432b378f51e14bf81ce8da4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcmp
wcsncpy
fclose
_wfsopen
qsort
fwrite
_wfopen
_vsnwprintf
fseek
fgets
_CIpow
fread
_strnicmp
strtol
isdigit
_atoi64
_stricmp
towlower
_wtol
iswdigit
wcstol
_wcslwr
_wcsnicmp
wcsncmp
_wcstoui64
wcstoul
_errno
_strlwr
strncmp
fflush
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
_ultoa
_ftol
malloc
_purecall
realloc
??2@YAPAXI@Z
wcscmp
_wputenv
__CxxFrameHandler
memmove
wcslen
_CxxThrowException
??3@YAXPAX@Z
free
_except_handler3
wcscpy
memset
_snprintf

msvcp60

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z

advapi32

SetThreadToken
LookupAccountSidW
ConvertSidToStringSidW
OpenThreadToken
OpenProcessToken
GetTokenInformation
EqualSid
CheckTokenMembership
GetSecurityInfo
SetSecurityInfo
AllocateLocallyUniqueId
GetFileSecurityW
GetNamedSecurityInfoW
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ConvertStringSidToSidW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegEnumKeyExW
SetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
AddAce
CopySid
IsValidSid
GetLengthSid
RegSetValueExW
RegDeleteValueW
GetAce
RegQueryInfoKeyW
RegEnumValueW
LookupAccountNameW
ChangeServiceConfigW
StartServiceW
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
InitializeSecurityDescriptor
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
MakeAbsoluteSD
GetSecurityDescriptorControl
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
CreateServiceW
ChangeServiceConfig2W
DeleteService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
SetServiceStatus
ControlService
QueryServiceStatusEx
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
RevertToSelf
GetTraceEnableFlags
TraceMessage
RegQueryValueExW
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

kernel32

GetSystemInfo
MapViewOfFile
CreateFileMappingA
IsBadReadPtr
VirtualAlloc
UnmapViewOfFile
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersion
DelayLoadFailureHook
GetFileInformationByHandle
GlobalUnlock
GlobalLock
GetModuleHandleW
DeviceIoControl
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetDiskFreeSpaceA
GlobalMemoryStatus
GetModuleFileNameA
SetFilePointer
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
InitializeCriticalSection
RaiseException
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
lstrlenW
InterlockedIncrement
InterlockedDecrement
CompareStringW
SetEvent
OpenEventW
GetLastError
GetTickCount
Sleep
WaitForSingleObject
SetLastError
CreateEventW
EnterCriticalSection
LeaveCriticalSection
LocalFree
SetThreadExecutionState
GetModuleFileNameW
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
MultiByteToWideChar
lstrlenA
WriteFile
CreateFileW
CompareStringA
GetLongPathNameW
GetFullPathNameW
GetQueuedCompletionStatus
CreateThread
CreateIoCompletionPort
ReadDirectoryChangesW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
RegisterWaitForSingleObject
UnregisterWaitEx
InterlockedCompareExchange
DeleteFileW
QueueUserWorkItem
GetCurrentThread
GetCurrentProcess
FormatMessageW
GetStringTypeExW
WideCharToMultiByte
FindClose
FindNextFileW
FindFirstFileW
lstrcmpiW
FileTimeToSystemTime
GetDateFormatW
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
GetLocalTime
GetFileAttributesExW
GetComputerNameW
ResetEvent
WaitForMultipleObjects
SetThreadPriority
GetCurrentThreadId
CancelIo
GetFileSizeEx
GetOverlappedResult
GetStringTypeExA
lstrcmpA
UnregisterWait
ReadFile
GetFileSize
MoveFileExW
MoveFileW
GetProcAddress
FreeLibrary
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoW
IsProcessorFeaturePresent

user32

RegisterDeviceNotificationW
MsgWaitForMultipleObjectsEx
PeekMessageW
wvsprintfW
CharUpperW
wvsprintfA
CharNextA
CharUpperA
CharNextW
UnregisterDeviceNotification
DispatchMessageW

ole32

GetHGlobalFromStream
StringFromGUID2
CoCreateGuid
CoTaskMemAlloc
CoReleaseMarshalData
CreateStreamOnHGlobal
CoMarshalInterface
CoUnmarshalInterface
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree

gdiplus

GdipGetImageHeight
GdipCreateBitmapFromScan0
GdipBitmapGetPixel
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipFillRectangleI
GdipDrawImageRectI
GdipCloneBrush
GdipCloneImage
GdipGetImagePixelFormat
GdipDisposeImage
GdipGetImageWidth
GdipSaveImageToStream
GdipGetPropertySize
GdipGetAllPropertyItems
GdipSetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipSetInterpolationMode
GdipSetSmoothingMode
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipGetImageType
GdipGetPropertyItem
GdipDeleteGraphics
GdipDeleteBrush
GdipAlloc
GdipGetPropertyItemSize
GdipFree

winhttp

WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpCrackUrl
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle

authz

AuthzInitializeContextFromSid
AuthzFreeContext
AuthzFreeResourceManager
AuthzInitializeResourceManager
AuthzInitializeContextFromAuthzContext
AuthzAccessCheck

wsock32

ntohl
WSAGetLastError

shell32

SHGetFolderPathW

iphlpapi

GetAdaptersAddresses
SendARP
CancelIPChangeNotify
NotifyAddrChange
GetIpAddrTable
GetBestInterfaceEx

secur32

GetUserNameExW

httpapi

HttpSendHttpResponse
HttpInitialize
HttpSendResponseEntityBody
HttpSetServiceConfiguration
HttpDeleteServiceConfiguration
HttpReceiveRequestEntityBody
HttpCreateHttpHandle
HttpAddUrl
HttpRemoveUrl
HttpReceiveHttpRequest
HttpTerminate

ws2_32

getnameinfo
GetAddrInfoW
FreeAddrInfoW

shlwapi

PathRemoveBackslashW
PathFindFileNameW
PathIsUNCW
SHCreateStreamOnFileW
SHStrDupW

mpr

WNetGetConnectionW

Sections

.text
Size: 659KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e73a20c1432b378f51e14bf81ce8da4

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

msvcp60

advapi32

kernel32

user32

ole32

gdiplus

winhttp

authz

wsock32

shell32

iphlpapi

secur32

httpapi

ws2_32

shlwapi

mpr

Sections

.text Size: 659KB - Virtual size: 659KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 167KB - Virtual size: 167KB

.text Size: 108KB - Virtual size: 112KB

.text
Size: 659KB - Virtual size: 659KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 167KB - Virtual size: 167KB

.text
Size: 108KB - Virtual size: 112KB