875e5093ca6c3307317dad1b60593f0a406b7199c568b1ca798ccbfebe2e3a54

Sharing

Copy URL Twitter E-mail

General

Target

875e5093ca6c3307317dad1b60593f0a406b7199c568b1ca798ccbfebe2e3a54
Size

300KB
MD5

633258287ff99dbe73ed7471ecc8df0e
SHA1

d37dafd901dd01610cb9b9b860013d425c1796f9
SHA256

875e5093ca6c3307317dad1b60593f0a406b7199c568b1ca798ccbfebe2e3a54
SHA512

aa34099af5ff4e5b1a7be0ec8bd76e3194e523269678f3a92683945a2d0cc6af50feb43724bb81c85e509e8d7767c8618a1d25ced7356485e95334662ae77cfb
SSDEEP

1536:zaLAFDxWeci57EWk2KcYX10yn7LkpI8+V:uLAF5cK7lk2Kn10yn7LkpI8+V

Score

N/A

Malware Config

Signatures

Files

875e5093ca6c3307317dad1b60593f0a406b7199c568b1ca798ccbfebe2e3a54
.dll windows x86

2fa69dfcadc76d2018e4546a605b2b1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

ioctlsocket
WSAStartup
gethostbyaddr
gethostbyname
WSACleanup

mfc42

ord1255
ord6467
ord1578
ord1253
ord826
ord269
ord1570
ord1197
ord1243
ord342
ord4058
ord924
ord2781
ord3178
ord3181
ord6877
ord1980
ord940
ord825
ord823
ord5683
ord859
ord4202
ord2818
ord1116
ord939
ord2777
ord2915
ord2764
ord4129
ord858
ord5710
ord535
ord356
ord941
ord2770
ord668
ord860
ord540
ord802
ord542
ord800
ord537
ord1182
ord1577
ord1168
ord1575
ord1176
ord600

msvcrt

_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_EH_prolog
toupper
_adjust_fdiv
_mbsicmp
strcpy
__CxxFrameHandler
_mbscmp
printf
memcpy
??1type_info@@UAE@XZ
memset
sprintf
strlen
wcslen
free
malloc
strcat
atoi

kernel32

MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
lstrlenW
GetDriveTypeA
SetVolumeMountPointA
CloseHandle
SetPriorityClass
GetFileAttributesA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
AreFileApisANSI
CreateFileA
CopyFileA
CreateDirectoryA
OutputDebugStringA
lstrcmpiA
FreeLibrary
LoadLibraryA
Sleep
LocalFree
LocalAlloc
GetLogicalDriveStringsA
GetLastError

user32

GetWindowThreadProcessId
FindWindowA

advapi32

RegCloseKey
RegQueryInfoKeyA
RegUnLoadKeyA
RegLoadKeyA
RegEnumValueA
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA

ole32

CoCreateGuid
CoInitialize
CoUninitialize

msvcp60

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

shlwapi

PathFileExistsA

Exports

Exports

FCB_RunDll

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fa69dfcadc76d2018e4546a605b2b1b

Headers

File Characteristics

Imports

wsock32

mfc42

msvcrt

kernel32

user32

advapi32

ole32

msvcp60

shlwapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 252KB - Virtual size: 264KB

.rsrc Size: 4KB - Virtual size: 1024B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 252KB - Virtual size: 264KB

.rsrc
Size: 4KB - Virtual size: 1024B

.reloc
Size: 4KB - Virtual size: 2KB