6a4742bf701e48a276aa4619797ab451f8beed26df81c439c34139076d7d1d6b

Sharing

Copy URL

Twitter E-mail

General

Target

6a4742bf701e48a276aa4619797ab451f8beed26df81c439c34139076d7d1d6b
Size

308KB
MD5

48494191a1c522507b6d9f4218cc095b
SHA1

de50af1749e2e09cd79d5f9883488cf4787c5f26
SHA256

6a4742bf701e48a276aa4619797ab451f8beed26df81c439c34139076d7d1d6b
SHA512

f79660094c96735fe8f6b2a18601c9cd435593a498fc640f604883e12245966f8ef371b42d195c04d3b0218c8779aa68b00411004ed78896f683d8393cc7fee3
SSDEEP

1536:Trck/ZNVwT2rNGa7m94flzyscYX10yn7LK:ck/fVwuGa7me9ysn10yn7LK

Score

N/A

Malware Config

Signatures

Files

6a4742bf701e48a276aa4619797ab451f8beed26df81c439c34139076d7d1d6b
.dll windows x86

9ae7554243f4d4e0d745b807a50eb71e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1255
ord6467
ord1578
ord1253
ord826
ord269
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord4058
ord924
ord2781
ord3178
ord3181
ord6877
ord1980
ord940
ord825
ord823
ord537
ord5683
ord859
ord4202
ord2818
ord939
ord2777
ord2915
ord2764
ord4129
ord858
ord5710
ord535
ord356
ord941
ord2770
ord668
ord860
ord540
ord802
ord542
ord800
ord600
ord1116

msvcrt

?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_EH_prolog
strncpy
time
srand
__CxxFrameHandler
_mbscmp
printf
memcpy
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
atoi
strlen
malloc
strcat
sprintf
memset
rand
toupper
wcslen
_mbsicmp
strcpy
free

kernel32

MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
lstrlenW
SetVolumeMountPointA
GetLastError
CloseHandle
SetPriorityClass
GetFileAttributesA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
AreFileApisANSI
CreateFileA
CopyFileA
CreateDirectoryA
OutputDebugStringA
lstrcmpiA
Sleep
DeviceIoControl
LocalFree
LocalAlloc
GetLogicalDriveStringsA
GetDriveTypeA

user32

GetWindowThreadProcessId
FindWindowA

advapi32

RegCloseKey
RegQueryValueExA
RegQueryInfoKeyA
RegUnLoadKeyA
RegLoadKeyA
RegEnumValueA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

ole32

CoCreateGuid
CoUninitialize
CoInitialize

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

shlwapi

PathFileExistsA

iphlpapi

GetAdaptersInfo

Exports

Exports

FCB_RunDll

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ae7554243f4d4e0d745b807a50eb71e

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ole32

msvcp60

shlwapi

iphlpapi

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 252KB - Virtual size: 265KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 252KB - Virtual size: 265KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 2KB