89b7be6987b8be7e23a24aa633f345f2e7c4d84e2924917d888917d582ca246f

Sharing

Copy URL

Twitter E-mail

General

Target

89b7be6987b8be7e23a24aa633f345f2e7c4d84e2924917d888917d582ca246f
Size

353KB
MD5

78372665a82275dcb0a3cbd32a335800
SHA1

2159409b964b7682856ffa9f69960430cc8fff75
SHA256

89b7be6987b8be7e23a24aa633f345f2e7c4d84e2924917d888917d582ca246f
SHA512

bc5f730862462517fba1480f193453b839ab7ed5d12c6bfdbbb9d2feb2c4cbb6768040db336ac8db73b551394f75d28f6127ac138ead1f9fe4e8f7a4009b2f33
SSDEEP

6144:l+9RlfnuMwdGg6ZJ3mWZEUHEp2HUHEp2gS4NB/oZWfvS+Oedddu1QWCkaiSbQ:lQRlTKI4WOeEEHeEE+Bwg6+vddgQWCPU

Score

N/A

Malware Config

Signatures

Files

89b7be6987b8be7e23a24aa633f345f2e7c4d84e2924917d888917d582ca246f
.exe windows x86

1417c48d399b5d78816c78981301060d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalReAlloc
FindFirstFileA
LocalAlloc
GetFileSize
ReadFile
SetFilePointer
MoveFileA
lstrcatA
CreateProcessA
TerminateThread
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
MapViewOfFile
HeapFree
UnmapViewOfFile
GetModuleHandleA
GlobalFree
GlobalUnlock
FindNextFileA
GlobalAlloc
GlobalSize
GetStartupInfoA
WaitForMultipleObjects
LocalSize
TerminateProcess
OpenProcess
GetCurrentThreadId
GlobalMemoryStatus
GetSystemInfo
GetComputerNameA
GetVersionExA
GetCurrentProcess
GetModuleFileNameA
OpenEventA
SetErrorMode
LocalFree
RaiseException
FreeLibrary
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrlenA
lstrcpyA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
GetProcessHeap
HeapAlloc
GetCurrentProcessId
CreateThread
GetLocalTime
GetTickCount
CancelIo
InterlockedExchange
SetEvent
ResetEvent
GetLastError
CloseHandle
VirtualAlloc
Sleep
EnterCriticalSection
LeaveCriticalSection
VirtualFree
LoadLibraryA
GetProcAddress
GlobalLock

user32

LoadIconA
RegisterClassA
LoadMenuA
CreateWindowExA
CloseWindow
IsWindow
PostMessageA
OpenDesktopA
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetCursorInfo
DestroyCursor
GetCursorPos
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
SendMessageA
BlockInput
LoadCursorA
MessageBoxA
wsprintfA
GetWindowTextA
GetThreadDesktop

gdi32

GetStockObject

advapi32

RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegSetValueExA
RegCreateKeyExA
CloseServiceHandle
DeleteService
OpenServiceA
OpenSCManagerA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegOpenKeyA
CreateProcessAsUserA
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
LookupPrivilegeValueA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegDeleteValueA

shell32

SHGetSpecialFolderPathA

msvcrt

_CxxThrowException
memcmp
_stricmp
strcmp
strrchr
strcat
_beginthreadex
atoi
wcstombs
calloc
??1type_info@@UAE@XZ
_exit
rand
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__dllonexit
_onexit
strcpy
sprintf
strncpy
free
malloc
_XcptFilter
_strrev
_except_handler3
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
memcpy
memmove
putchar
ceil
_ftol
puts
strlen
strstr
__CxxFrameHandler

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

Exports

Exports

EndWork
Runing
ServiceMain
Working

Sections

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 236KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1417c48d399b5d78816c78981301060d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

msvcp60

wtsapi32

userenv

Exports

Exports

Sections

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 94KB - Virtual size: 97KB

.idata Size: 7KB - Virtual size: 6KB

.didat Size: 2KB - Virtual size: 1KB

.rsrc Size: 236KB - Virtual size: 240KB

.reloc Size: 5KB - Virtual size: 4KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 94KB - Virtual size: 97KB

.idata
Size: 7KB - Virtual size: 6KB

.didat
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 236KB - Virtual size: 240KB

.reloc
Size: 5KB - Virtual size: 4KB