9c191a74210ea8253922330a11d743279cdd40cdedce83fcbcf845988530efe9

Sharing

Copy URL Twitter E-mail

General

Target

9c191a74210ea8253922330a11d743279cdd40cdedce83fcbcf845988530efe9
Size

151KB
MD5

4c499c58a6649a9d2f861642f6670b30
SHA1

b8fea37f9f0f5b6f02e1f74402d9eaef9e3ba5f7
SHA256

9c191a74210ea8253922330a11d743279cdd40cdedce83fcbcf845988530efe9
SHA512

46d0d2891c7582c0eb9b4d12398fd6eb6e05d5d85afa1d2769259842f424a00ad8ef4e3990e34c79ef601529b6571781ab392eb484735540508b76dcf7f6b91c
SSDEEP

3072:OsXNjTISeTC5UvwOkW8c9ryCdfD5mqknipg7jylwUoafS6:dXNj04UvwOk+l7zmyWlMZ

Score

N/A

Malware Config

Signatures

Files

9c191a74210ea8253922330a11d743279cdd40cdedce83fcbcf845988530efe9
.exe windows x86

de5c6b170fc59b7d54023e10296e1ab2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitializeSecurity
CoInitialize
CoUninitialize

msvcp90

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@QAEXXZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7ios_base@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@_W@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_WH@Z
?seekpos@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE?AV?$fpos@H@2@JHH@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHPB_WH@Z
?_Xsgetn_s@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHPA_WIH@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHPA_WH@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?underflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?pbackfail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGG@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Decref@facet@locale@std@@QAEPAV123@XZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

vssapi

?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
ord6

msvcr90

realloc
_errno
??0exception@std@@QAE@XZ
abort
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
free
_invalid_parameter_noinfo
memmove_s
malloc
_beginthreadex
_snwprintf
memset
??0exception@std@@QAE@ABQBD@Z
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__winitenv
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??2@YAPAXI@Z
?what@exception@std@@UBEPBDXZ
_filelength
_read
_close
_lseek
_wsopen
_waccess
memcpy
strtoul
calloc

kernel32

WaitForSingleObject
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
InterlockedExchange
GetTickCount
LoadLibraryA
DeviceIoControl
GetModuleFileNameW
InterlockedIncrement
LocalFree
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetLastError
GetProcAddress
InterlockedExchangeAdd
InterlockedDecrement
LoadLibraryW
FreeLibrary
OutputDebugStringW
InterlockedCompareExchange
SetConsoleCtrlHandler
CreateEventW
WaitForMultipleObjects
ReadFile
GetOverlappedResult
SetEvent
OpenProcess
GetLastError
CreateFileW
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
GetVersionExW
CloseHandle

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wrdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de5c6b170fc59b7d54023e10296e1ab2

Headers

DLL Characteristics

File Characteristics

Imports

ole32

msvcp90

vssapi

msvcr90

kernel32

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 3KB

.wrdata Size: 76KB - Virtual size: 76KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 3KB

.wrdata
Size: 76KB - Virtual size: 76KB