0c3dbc857d5c8d0d4e1a179dea6a74aab8285163617a3a3c283bed887e800b6d

Sharing

Copy URL Twitter E-mail

General

Target

0c3dbc857d5c8d0d4e1a179dea6a74aab8285163617a3a3c283bed887e800b6d
Size

116KB
MD5

733c84258bad42b0e48b5ebb4549a9e0
SHA1

f9332aad34b25324b730feb0676bae9e713bba71
SHA256

0c3dbc857d5c8d0d4e1a179dea6a74aab8285163617a3a3c283bed887e800b6d
SHA512

9d4b31e19d1ae0c2d2934124a23a6f9cafd04f5692c70e049d3f263afa7fe6ab5c88feb2e7faa6f9371f78addc070e7225945a8d797cd2e97f646d555461fcf1
SSDEEP

3072:F7U3n5XBq+fs0OnITBisEuOaU7KvLXZk3fPY:F7U3n5RtLOIT/4aGiZk3

Score

N/A

Malware Config

Signatures

Files

0c3dbc857d5c8d0d4e1a179dea6a74aab8285163617a3a3c283bed887e800b6d
.exe windows x86

222d9f3a379c4c841ee6812c629a2798

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
GetFileSize
ReadFile
SetFilePointer
MoveFileA
lstrcatA
CreateProcessA
TerminateThread
Process32Next
lstrcmpiA
Process32First
CreateToolhelp32Snapshot
MapViewOfFile
CreateFileMappingA
HeapFree
UnmapViewOfFile
GetModuleHandleA
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
WaitForMultipleObjects
LocalSize
TerminateProcess
OpenProcess
GetCurrentThreadId
GlobalMemoryStatus
GetSystemInfo
GetComputerNameA
GetVersionExA
GetCurrentProcess
GetModuleFileNameA
OpenEventA
SetErrorMode
FindClose
FreeLibrary
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
lstrlenA
lstrcpyA
GetFileAttributesA
CreateDirectoryA
DeleteFileA
GetProcessHeap
HeapAlloc
GetCurrentProcessId
CreateThread
GetLocalTime
GetTickCount
CancelIo
InterlockedExchange
SetEvent
ResetEvent
GetLastError
WaitForSingleObject
CloseHandle
VirtualAlloc
Sleep
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
LoadLibraryA
GetProcAddress
GlobalFree

user32

LoadIconA
LoadMenuA
CreateWindowExA
CloseWindow
IsWindow
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetCursorInfo
DestroyCursor
GetCursorPos
ReleaseDC
GetDesktopWindow
GetDC
SetRect
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
CharNextA
wsprintfA
GetWindowTextA
MessageBoxA
LoadCursorA
BlockInput
SendMessageA
keybd_event
RegisterClassA

gdi32

GetStockObject

advapi32

RegDeleteKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegSetValueExA
RegCreateKeyExA
CloseServiceHandle
DeleteService
OpenServiceA
OpenSCManagerA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegOpenKeyA
CreateProcessAsUserA
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
LookupPrivilegeValueA
OpenProcessToken
SetServiceStatus
RegisterServiceCtrlHandlerA
RegDeleteValueA

shell32

SHGetSpecialFolderPathA

msvcrt

_stricmp
??2@YAPAXI@Z
memset
malloc
_except_handler3
strcmp
strrchr
strcat
_beginthreadex
atoi
wcstombs
calloc
??1type_info@@UAE@XZ
memcmp
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__dllonexit
_onexit
_CxxThrowException
rand
strcpy
sprintf
strncpy
_exit
_strrev
free
__CxxFrameHandler
strstr
??3@YAXPAX@Z
memcpy
memmove
putchar
ceil
_ftol
puts
strlen

ws2_32

inet_addr
connect
sendto
WSASocketA
htonl
getsockname
send
socket
gethostbyname
htons
setsockopt
WSAIoctl
WSACleanup
WSAStartup
closesocket
recv
select

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock

Exports

Exports

EndWork
Runing
ServiceMain
Working

Sections

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

222d9f3a379c4c841ee6812c629a2798

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ws2_32

msvcp60

wtsapi32

userenv

Exports

Exports

Sections

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 92KB - Virtual size: 95KB

.idata Size: 7KB - Virtual size: 7KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 4KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 92KB - Virtual size: 95KB

.idata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 4KB