dc3f238c8d80ee6222f231a97cc2c3f814915b02cf30bcb80eb1768284d77058

Sharing

Copy URL Twitter E-mail

General

Target

dc3f238c8d80ee6222f231a97cc2c3f814915b02cf30bcb80eb1768284d77058
Size

284KB
MD5

6266a35e03228cc01b462544e6cbba40
SHA1

cbba13d17a1ac42d6fd6cbbecaa64eafa7e5f9e4
SHA256

dc3f238c8d80ee6222f231a97cc2c3f814915b02cf30bcb80eb1768284d77058
SHA512

470cde05d4ae27fa1bc49446c0a41dd80fb744f0de2fa6f8c58566a9d9509b4b8b6f2209d435fffc35249d9498a5ed56bd986c6b89fcd7f690565f01370f116d
SSDEEP

6144:PT0L9cONlYriCD85CUGmRnAAo23EYkwEdkCaEbJ0pymh:PgLzE8hRA/ZkCaSJ0pTh

Score

N/A

Malware Config

Signatures

Files

dc3f238c8d80ee6222f231a97cc2c3f814915b02cf30bcb80eb1768284d77058
.exe windows x86

6b5055f7dd6ef535dd6ca7d34936511e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
VirtualAlloc
VirtualProtect
HeapReAlloc
GetTickCount
ExpandEnvironmentStringsA
InitializeCriticalSection
LeaveCriticalSection
lstrcatA
EnterCriticalSection
InterlockedExchangeAdd
GetTempPathA
DeleteFileA
lstrcpyA
IsBadReadPtr
CreateFileA
GetFileSize
WriteFile
GetVolumeInformationA
ReadFile
MultiByteToWideChar
InterlockedExchange
GetSystemInfo
LocalFree
OutputDebugStringW
FormatMessageW
CreateEventW
GetSystemTimeAsFileTime
GetCurrentProcessId
VirtualFree
FreeLibrary
lstrlenA
ResumeThread
WriteProcessMemory
CloseHandle
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
VirtualAllocEx
GetProcAddress
GetLastError
FlushInstructionCache
TerminateProcess
CreateProcessA
GetCurrentProcess
SetThreadContext
GetThreadContext
lstrcpyW
lstrlenW
GetModuleFileNameW
Sleep
GetProcessHeap
SetEvent
WaitForSingleObject
HeapFree
GetComputerNameA
HeapAlloc
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedCompareExchange

user32

wsprintfA

advapi32

RegisterServiceCtrlHandlerW
QueryServiceStatusEx
SetServiceStatus
ChangeServiceConfigW
StartServiceW
ChangeServiceConfig2W
OpenServiceW
StartServiceCtrlDispatcherW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges
GetUserNameA
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
LookupPrivilegeValueA
SetTokenInformation
GetTokenInformation
OpenProcessToken
CreateProcessAsUserA
ControlService

shell32

ShellExecuteA

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

shlwapi

StrStrIA
StrStrIW
PathStripPathW
StrRChrA
StrDupA

msvcr80

__p__fmode
memset
memcpy
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_wtoi
wprintf
_invalid_parameter_noinfo
??3@YAXPAX@Z
??2@YAPAXI@Z
_stricmp
realloc
_time32
_vswprintf
printf
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
_CxxThrowException
__set_app_type
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3

wtsapi32

WTSEnumerateSessionsA
WTSQueryUserToken
WTSFreeMemory

userenv

DestroyEnvironmentBlock
LoadUserProfileA
CreateEnvironmentBlock

winhttp

WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpConnect
WinHttpSendRequest
WinHttpCrackUrl
WinHttpOpenRequest
WinHttpReceiveResponse
WinHttpCloseHandle

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b5055f7dd6ef535dd6ca7d34936511e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp80

shlwapi

msvcr80

wtsapi32

userenv

winhttp

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 240KB - Virtual size: 636KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 240KB - Virtual size: 636KB