31e9ddd356bdf21be98cd57157ffe7f9a0c4e73fe6762a404903e065acab61e3

Sharing

Copy URL Twitter E-mail

General

Target

31e9ddd356bdf21be98cd57157ffe7f9a0c4e73fe6762a404903e065acab61e3
Size

304KB
MD5

8eb8b900d5bf412da89087511e7c1442
SHA1

434990ca3e12b7b23d123cf033f551ab61bbe519
SHA256

31e9ddd356bdf21be98cd57157ffe7f9a0c4e73fe6762a404903e065acab61e3
SHA512

0d5b94f0144ae08877599214c853a0c4af0724768aa39f296902a5be27b4e0a760f7bd350caff0f015b94c5e3bc980709cd084ceea8db3ec22b7669bade468eb
SSDEEP

1536:5VytGdjCm5ekfGueCCV+oQ5qLcYX10yn7bDi5:5VytoUkf/yVsqLn10yn7bD4

Score

N/A

Malware Config

Signatures

Files

31e9ddd356bdf21be98cd57157ffe7f9a0c4e73fe6762a404903e065acab61e3
.dll windows x86

df00b5863f9df98aefe5c16437ba0671

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord4058
ord924
ord2781
ord3178
ord3181
ord6877
ord537
ord1980
ord940
ord825
ord823
ord5683
ord859
ord4202
ord2818
ord939
ord2777
ord2915
ord2764
ord4129
ord858
ord5710
ord535
ord356
ord941
ord2770
ord668
ord860
ord540
ord802
ord542
ord800
ord269
ord1116

msvcrt

_EH_prolog
__CxxFrameHandler
_mbscmp
printf
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
atoi
strlen
memcpy
sprintf
memset
toupper
wcslen
_mbsicmp
strcpy
strcat
malloc
free

kernel32

CreateDirectoryA
CopyFileA
CreateFileA
AreFileApisANSI
lstrlenW
OutputDebugStringA
WideCharToMultiByte
CreateToolhelp32Snapshot
OpenProcess
TerminateProcess
Process32Next
GetLogicalDriveStringsA
GetDriveTypeA
SetVolumeMountPointA
GetLastError
CloseHandle
SetPriorityClass
GetFileAttributesA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
lstrcmpiA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetComputerNameA
LocalFree
LocalAlloc
MultiByteToWideChar
Process32First

user32

GetWindowThreadProcessId
FindWindowA

advapi32

RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegEnumKeyExA
RegEnumValueA
RegisterEventSourceA
GetOldestEventLogRecord
ReadEventLogA
CloseEventLog
RegQueryInfoKeyA
RegUnLoadKeyA
RegLoadKeyA

ole32

CoInitialize
CoCreateGuid
CoUninitialize

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

shlwapi

PathFileExistsA

Exports

Exports

FCB_RunDll

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 252KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df00b5863f9df98aefe5c16437ba0671

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

ole32

msvcp60

shlwapi

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 252KB - Virtual size: 264KB

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 252KB - Virtual size: 264KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 2KB