2ce06e5c40ba905580867a01c6cdd6843ea81b9926a5ce150123609b1311f0f9

Sharing

Copy URL Twitter E-mail

General

Target

2ce06e5c40ba905580867a01c6cdd6843ea81b9926a5ce150123609b1311f0f9
Size

242KB
MD5

50a49a51fc680a29ebf8828ce2615490
SHA1

86242672430b04159633c541887751c98732da09
SHA256

2ce06e5c40ba905580867a01c6cdd6843ea81b9926a5ce150123609b1311f0f9
SHA512

7a84ebe78a3ec70e16bfc60290e2e0eac2bb982a499de6c1d009c6bdec2085c741d3127531b7dbc4311de2b75c4f2e5a14462e4a32fbb7dceccc97dd0b5507ab
SSDEEP

3072:dzj1+Oo8U1qTt3HUtg5fb7F0UF3tNot0e0FOpfeOAdM9mho+XSU1O4aNtm4j0SR0:dbmg5JFd5d1zAmxXSUQXJ/9ILnkn6

Score

N/A

Malware Config

Signatures

Files

2ce06e5c40ba905580867a01c6cdd6843ea81b9926a5ce150123609b1311f0f9
.exe windows x86

ccebd7021964a081a2cfdf299b7ba55b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ncltools

?GetString@NclRegistry@@QAEJPAGPAPAG@Z
?GetValue@NclRegistry@@QAEJPAGPAK@Z
?NclAddCustomDataItem@@YAJU_GUID@@PAUNCL_CUSTOM_DATA@@@Z
?NclGetCustomDataItem@@YAJU_GUID@@AAVCComBSTR@ATL@@PAUNCL_CUSTOM_DATA@@@Z
?NclStopThread@CNclThread@@QAEJK@Z
?NclStartThread@CNclThread@@QAEJPAVCNclThreadTask@@@Z
?NclLogDump@@YAXAAVCModuleInfo@@JK@Z
?NclUpdateEnvironment@@YAJK@Z
??1CNclThread@@QAE@XZ
??0CNclThread@@QAE@XZ
?NclThreadWait@CNclThread@@UAEJK@Z
?NclLogDump@@YAXAAVCModuleInfo@@PBDZZ
?Delete@NclRegistry@@QAEJPAUHKEY__@@PAG@Z
?NclLoadModule@@YAJU_GUID@@PAPAUIUnknown@@@Z
?NclReleaseModule@@YAJU_GUID@@PAUIUnknown@@@Z
?NclDeleteCustomDataItem@@YAJU_GUID@@AAU1@@Z
?NclRegisterModules@@YAJK@Z
?NclGetCustomDataItems@@YAJU_GUID@@PAKPAUNCL_CUSTOM_DATA@@@Z
?NclGetModules@@YAJKPAEPAPAUNCL_MODULE_INFO@@@Z
??1CNclLogClient@@QAE@XZ
??0CNclLogClient@@QAE@XZ
?NclDeleteCustomDataItem@@YAJU_GUID@@AAVCComBSTR@ATL@@@Z
??0NclRegistry@@QAE@XZ
?NclGetRegistryBase@@YA?AVCComBSTR@ATL@@XZ
?Open@NclRegistry@@QAEJPAUHKEY__@@PAGK@Z
?SetString@NclRegistry@@QAEJPAG0@Z
??1NclRegistry@@QAE@XZ
?NclInit@@YAXPAUHINSTANCE__@@PAGPAVCModuleInfo@@@Z
?NclThreadTimeout@CNclThread@@UAEJK@Z

kernel32

CloseHandle
lstrlenA
WaitForSingleObject
GetSystemTimeAsFileTime
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LocalFree
lstrcpyA
GetModuleFileNameA
Sleep
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
InterlockedDecrement
DeleteFileA
CreateThread
CreateEventA
GetCurrentThreadId
SetEvent
IsBadCodePtr
GetCommandLineA
SetErrorMode
SetUnhandledExceptionFilter
GetTickCount
ResetEvent
WaitForMultipleObjects
TerminateThread
ExitThread
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
GetSystemWindowsDirectoryA
lstrlenW
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentThread
InterlockedExchange
RaiseException
GetModuleHandleA
GetStartupInfoA
ExitProcess
QueryPerformanceCounter
GetCurrentProcessId
FreeLibrary

user32

CreateWindowExA
DefWindowProcA
PeekMessageA
PostMessageA
DestroyWindow
UnregisterClassA
RegisterClassA
MsgWaitForMultipleObjects
LoadStringA
CharNextA
CharUpperA
TranslateMessage
DispatchMessageA
GetMessageA
PostThreadMessageA
MessageBoxA

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA
CloseServiceHandle
OpenSCManagerA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
RegQueryValueExA
RegSetValueExA
CopySid
GetLengthSid
IsValidSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
OpenThreadToken
OpenProcessToken
ControlService
DeleteService
CreateServiceA
OpenServiceA
GetTokenInformation

shell32

SHGetFolderPathA

ole32

CoInitializeEx
CoSuspendClassObjects
CoUninitialize
CoResumeClassObjects
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitializeSecurity

oleaut32

SysAllocStringLen
SysStringLen
VariantClear
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayPutElement
VarBstrCat
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString

atl71

ord30
ord61
ord23
ord32
ord64
ord22
ord18
ord17
ord20

shlwapi

PathAppendA

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Nomemory@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr71

strlen
_controlfp
__security_error_handler
__set_app_type
__p__fmode
_CxxThrowException
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
strcat
free
memset
_except_handler3
memcpy
puts
__p__commode
wcscmp
??3@YAXPAX@Z
malloc
__CxxFrameHandler
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_callnewh
vsprintf
wcsstr
wcspbrk
memcmp
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove
??_V@YAXPAX@Z
_resetstkoflw
realloc
_vsnprintf

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ccebd7021964a081a2cfdf299b7ba55b

Headers

File Characteristics

Imports

ncltools

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl71

shlwapi

msvcp71

msvcr71

Sections

.text Size: 112KB - Virtual size: 112KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 112KB - Virtual size: 112KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 92KB - Virtual size: 92KB