f782976d35c82bd5c735a1e73a9d25e647c79884d84bd9030bf3de3b6746c651

Sharing

Copy URL Twitter E-mail

General

Target

f782976d35c82bd5c735a1e73a9d25e647c79884d84bd9030bf3de3b6746c651
Size

434KB
MD5

a25e2e9efee325beb93e38c4f37929af
SHA1

6908e3da00295ddbb3ec149929d45e7ab5242e82
SHA256

f782976d35c82bd5c735a1e73a9d25e647c79884d84bd9030bf3de3b6746c651
SHA512

4e8244158264f99d086559c5f5c61b8d3e8dd5c33a407af234dd3b62944cc37c1bdf5bdc1a3367eb93d8340b7f6628c2531e5fa5aacb953788d6dd81e61e57ef
SSDEEP

3072:FqPNr0oP62QxL5HjLSn/oLRK8xMphjOltX159Vm6pbp/lvwyoOPTn3a0bw8pPGbB:MFr0Nl5qn/QLxrVt+OLKo0Mx

Score

N/A

Malware Config

Signatures

Files

f782976d35c82bd5c735a1e73a9d25e647c79884d84bd9030bf3de3b6746c651
.exe windows x86

3ff357ae16544c40b9d4015b4372c165

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msvcr90

wcscpy
wcslen
wcscmp
swprintf_s
sprintf_s
memcpy_s
_ltow
_recalloc
__CxxFrameHandler3
??_V@YAXPAX@Z
free
??3@YAXPAX@Z
memset
??_U@YAPAXI@Z
memcmp
calloc
wcscat_s
wcscat
??2@YAPAXI@Z
_except_handler3
malloc
_resetstkoflw
wcsncpy_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_itow
_wtol
iswspace
wcstok
_wcsicmp
wcsstr
wcsnlen
fprintf
_vscwprintf
fflush
_swprintf
wcsncpy
fclose
fopen
wcscpy_s
vswprintf_s
memmove_s

mfc90u

ord1248
ord1250
ord1254
ord3589
ord1243
ord462
ord4455
ord6723
ord710
ord338
ord2337
ord2771
ord2983
ord3112
ord4728
ord2966
ord2774
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4681
ord614
ord3993
ord4905
ord3773
ord3959
ord3966
ord3082
ord6822
ord5778
ord1707
ord2084
ord2571
ord258
ord6811
ord5767

kernel32

GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
SetLastError
GetCurrentProcess
FlushInstructionCache
GetPrivateProfileStringW
GetPrivateProfileIntW
FindFirstFileW
FindClose
GetSystemDefaultLangID
lstrlenA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
LoadLibraryW
FreeLibrary
GetCurrentProcessId
SetEvent
GetCurrentThreadId
GetModuleHandleW
GetProcAddress
CreateEventW
CreateThread
Sleep
InterlockedDecrement
InterlockedIncrement
CreateMutexW
WaitForSingleObject
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
CreateProcessW
GetLastError
FormatMessageW
LocalFree
GetModuleFileNameW
lstrlenW
GetUserDefaultLCID
FindResourceExW
FindResourceW
LoadResource
LockResource
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
SizeofResource
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetCommandLineW
GetLocalTime

user32

GetClassInfoExW
LoadCursorA
GetClassInfoExA
UnregisterClassA
LoadCursorW
RegisterClassExA
RegisterClassExW
KillTimer
SetTimer
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CharNextW
CharUpperW
CallWindowProcW
GetWindowLongW
DefWindowProcW
CreateWindowExW
ShowWindow
SetWindowTextW
SetWindowLongW
CharUpperBuffW
LoadStringW
MessageBoxW
UnregisterClassW

winspool.drv

EnumJobsW
OpenPrinterW
SetJobW
ClosePrinter
SetPrinterW

advapi32

RegCloseKey
RegOpenKeyW
RegQueryValueExW

shell32

SHGetFolderPathW
SHCreateDirectoryExW

shlwapi

PathAppendW
PathRemoveFileSpecW
PathStripPathW
PathFindExtensionW
PathFileExistsW

ole32

CoCreateInstance
CoInitialize
StringFromCLSID
CLSIDFromString
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoTaskMemAlloc

oleaut32

UnRegisterTypeLi
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
SysAllocString
SysFreeString
SysAllocStringLen
SysAllocStringByteLen
BSTR_UserFree
SysStringByteLen
VariantInit
VarBstrCmp
VarBstrCat
SafeArrayPutElement
SafeArrayCreateEx
GetRecordInfoFromTypeInfo
LoadRegTypeLi
SysStringLen
LoadTypeLi
VariantClear
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
RegisterTypeLi

atl90

ord58
ord67
ord43
ord30
ord49
ord31
ord32
ord11
ord10
ord23
ord61
ord56
ord68
ord64
ord20
ord17
ord44

rpcrt4

CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrStubCall2
NdrStubForwardingFunction
NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy

Sections

.text
Size: 183KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.orpc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.1orpc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3ff357ae16544c40b9d4015b4372c165

Headers

DLL Characteristics

File Characteristics

Imports

version

msvcr90

mfc90u

kernel32

user32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

atl90

rpcrt4

Sections

.text Size: 183KB - Virtual size: 182KB

.orpc Size: 4KB - Virtual size: 4KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 11KB - Virtual size: 17KB

.idata Size: 9KB - Virtual size: 8KB

.rsrc Size: 17KB - Virtual size: 16KB

.1orpc Size: 80KB - Virtual size: 80KB

.text
Size: 183KB - Virtual size: 182KB

.orpc
Size: 4KB - Virtual size: 4KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 11KB - Virtual size: 17KB

.idata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 17KB - Virtual size: 16KB

.1orpc
Size: 80KB - Virtual size: 80KB