e5f66e18a86dbb04530c5070a49fcf39dc53ff8bf2b97d1a9aa180f79760e836

Sharing

Copy URL Twitter E-mail

General

Target

e5f66e18a86dbb04530c5070a49fcf39dc53ff8bf2b97d1a9aa180f79760e836
Size

724KB
MD5

9249a950a167dd275e636ab8cf06bc9e
SHA1

e93e5cb53c8f36dad7455ef10d5822c5ff7824c9
SHA256

e5f66e18a86dbb04530c5070a49fcf39dc53ff8bf2b97d1a9aa180f79760e836
SHA512

9574c0cbff902f56156cf662e3f6748514dceb05ec329a93fe7e583e10faf6cbbd4529cf747cc0a67a6c2bf4743ba22142756a5048bf5eca437bb2ccc0a3007a
SSDEEP

12288:Qea7D9MD8WnKxg09PnCCL3mJrQ4Yn+ZvUi6Jw:QecDu8WnKxg0VnC2WJ8Fn+Z8R

Score

N/A

Malware Config

Signatures

Files

e5f66e18a86dbb04530c5070a49fcf39dc53ff8bf2b97d1a9aa180f79760e836
.exe windows x86

cdf345aad9dbe262641d2e15ad2864aa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
UnmapViewOfFile
LocalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
HeapFree
GetModuleFileNameA
SetThreadPriority
SetPriorityClass
GetThreadPriority
GetCurrentThread
GetPriorityClass
CopyFileA
OpenEventA
SetErrorMode
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcmpiA
GetCurrentThreadId
GetModuleHandleA
CreateFileMappingA
QueryPerformanceCounter
MapViewOfFile
MoveFileA
WriteFile
SetFilePointer
GetLocalTime
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
LoadLibraryA
GetProcAddress
Sleep
CancelIo
InterlockedExchange
lstrcpyA
ResetEvent
VirtualAlloc
EnterCriticalSection
CreateEventA
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetTickCount
ExitProcess
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
ReadFile
SetLastError
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
QueryPerformanceFrequency

user32

SetCapture
WindowFromPoint
SetCursorPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
SetRect
GetSystemMetrics
GetDC
GetDesktopWindow
ReleaseDC
MapVirtualKeyA
GetCursorInfo
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
IsWindow
DispatchMessageA
keybd_event
SendMessageA
DestroyCursor
LoadCursorA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetKeyNameTextA
GetActiveWindow
GetWindowTextA
TranslateMessage
GetMessageA
wsprintfA
ExitWindowsEx
CharNextA
GetCursorPos
CloseWindow
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop

gdi32

GetDIBits
BitBlt
DeleteDC
DeleteObject
CreateCompatibleDC
CreateDIBSection
SelectObject
CreateCompatibleBitmap

advapi32

ControlService
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
RegCloseKey
RegQueryValueA
RegOpenKeyExA
CloseServiceHandle
DeleteService
QueryServiceStatus
OpenServiceA
RegSetValueExA
SetNamedSecurityInfoA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetEntriesInAclA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegSetKeySecurity
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegRestoreKeyA
RegSaveKeyA
OpenProcessToken
EnumServicesStatusA
QueryServiceConfigA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
StartServiceA
LookupAccountSidA
GetTokenInformation
LsaFreeMemory

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

msvcrt

_strnicmp
_acmdln
_onexit
__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_strcmpi
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
strcspn
realloc
strncat
_errno
strncmp
wcscpy
atoi
strncpy
strrchr
_except_handler3
free
strcmp
malloc
strcpy
strcat
strchr
memcmp
strstr
strlen
_ftol
ceil
memmove
_CxxThrowException
__CxxFrameHandler
memcpy
memset
??2@YAPAXI@Z
??3@YAXPAX@Z

winmm

waveInUnprepareHeader
waveInReset
waveInStop
waveInClose
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveOutReset
waveOutClose
waveOutWrite
waveOutGetNumDevs
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutUnprepareHeader

ws2_32

setsockopt
connect
WSACleanup
WSAStartup
htons
gethostbyname
gethostname
__WSAFDIsSet
recvfrom
sendto
listen
accept
getpeername
bind
getsockname
inet_addr
inet_ntoa
send
select
closesocket
recv
ntohs
WSAIoctl
socket

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

netapi32

NetUserAdd
NetLocalGroupAddMembers

imm32

ImmReleaseContext
ImmGetCompositionStringA

wininet

InternetCloseHandle
InternetOpenA
InternetReadFile

msvfw32

ICSeqCompressFrameStart
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICOpen
ICSendMessage
ICSeqCompressFrame

psapi

EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 516KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cdf345aad9dbe262641d2e15ad2864aa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

winmm

ws2_32

msvcp60

netapi32

imm32

wininet

msvfw32

psapi

wtsapi32

Sections

.text Size: 156KB - Virtual size: 154KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 17KB

.idata Size: 12KB - Virtual size: 10KB

.rsrc Size: 516KB - Virtual size: 516KB

.reloc Size: 8KB - Virtual size: 36KB

.text
Size: 156KB - Virtual size: 154KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 17KB

.idata
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 516KB - Virtual size: 516KB

.reloc
Size: 8KB - Virtual size: 36KB