db031daaee36319302867be97da7873ae49c34b0537a6fa587b2de64feaa8211

Sharing

Copy URL Twitter E-mail

General

Target

db031daaee36319302867be97da7873ae49c34b0537a6fa587b2de64feaa8211
Size

161KB
MD5

75d939907b7c0b5dc29677ce5e8c09ea
SHA1

654766c01135ad6ddb06f26c26c18902871b86ba
SHA256

db031daaee36319302867be97da7873ae49c34b0537a6fa587b2de64feaa8211
SHA512

b2ec8d7570fb6771f42ee2a4fd58c498652d174fb5a4e324c08b0c07c9ae852bad365d5a68df5aa54d466629879aa17699d7caf4e8db155b5b7b73b6a792baaa
SSDEEP

3072:2BauxmdICnMzyqhSY+ekiq79sKOY3cPGK+np1g2f0r4Fu3+Nuej7U:2Bty4Sx/jOY3Jhp19nhVj7U

Score

N/A

Malware Config

Signatures

Files

db031daaee36319302867be97da7873ae49c34b0537a6fa587b2de64feaa8211
.exe windows x86

9c391afccc1018460ce3bfc920fc031b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
MultiByteToWideChar
GetProcAddress
LoadLibraryA
VirtualProtect
VirtualQuery
GetCurrentProcess
SetLastError
FindActCtxSectionGuid
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
CreateThread
FreeConsole
Sleep
SetEvent
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
IsBadReadPtr
lstrcmpA
GetTickCount
GetEnvironmentVariableW
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
IsDebuggerPresent
InterlockedCompareExchange
GetLastError
RaiseException
WaitForSingleObject
CloseHandle
LoadLibraryW
FreeLibrary
GetCurrentProcessId
InterlockedExchange

user32

GetMessageW
PostThreadMessageW
DispatchMessageW
CharUpperW
MessageBoxW
CharNextW
TranslateMessage

advapi32

RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegOpenKeyW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoInitializeEx
CoResumeClassObjects
CoRegisterClassObject
CoRegisterSurrogate
StringFromGUID2
CoUninitialize
CoSuspendClassObjects
CoCreateInstance
CLSIDFromString
CoRevokeClassObject

oleaut32

VariantClear

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

msvcr80

wcscpy_s
free
vswprintf_s
iswdigit
wcstol
wcsncmp
calloc
_wcslwr_s
_snwprintf_s
wcsncpy_s
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_stricmp
_wcsicmp
memset
??_V@YAXPAX@Z
_wtoi
_wcsnicmp
??2@YAPAXI@Z
_purecall
memcpy_s
memmove_s
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
malloc

dbghelp

ImageDirectoryEntryToData
ImageNtHeader

psapi

EnumProcessModules

mfc80u

ord1021

crypt32

CryptDecodeObject
CryptQueryObject
CryptMsgGetParam

wintrust

WinVerifyTrust

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9c391afccc1018460ce3bfc920fc031b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

msvcr80

dbghelp

psapi

mfc80u

crypt32

wintrust

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 3KB

.shared Size: 4KB - Virtual size: 2B

.rsrc Size: 72KB - Virtual size: 72KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 3KB

.shared
Size: 4KB - Virtual size: 2B

.rsrc
Size: 72KB - Virtual size: 72KB