72dfcf25097048307c8ba44de762852023fb2ab5ee038f8b77fdf4a5e7763d87

Sharing

Copy URL Twitter E-mail

General

Target

72dfcf25097048307c8ba44de762852023fb2ab5ee038f8b77fdf4a5e7763d87
Size

384KB
MD5

8097359c3a402540b10864b581449770
SHA1

42aef7ee64d5664306daa1061363895f1d9b623a
SHA256

72dfcf25097048307c8ba44de762852023fb2ab5ee038f8b77fdf4a5e7763d87
SHA512

73854727f7f5e9530fdf22af45629981bc530439afd36faad4f0690bbabbb03a623d3c90283b6587d59b0d92dde6a5336f8da7bcb2b3bd07eb9282bbbca6dd7e
SSDEEP

6144:EiH7fzbh2/gdh3mjFOOhm4uv/WYHOmMQfM7+C+3aCWCplLV4W:5f12WmjFPUGJGMiC8aCxp1V4W

Score

N/A

Malware Config

Signatures

Files

72dfcf25097048307c8ba44de762852023fb2ab5ee038f8b77fdf4a5e7763d87
.exe windows x86

1446a623cdacb49c805b51b678cf21a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80u

ord4729
ord4206
ord5178
ord605
ord3635
ord1479
ord282
ord6700
ord3677
ord4461
ord4463
ord4467
ord490
ord566
ord3327
ord4255
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord774
ord899
ord283
ord894
ord3990
ord5524
ord5398
ord2460
ord593
ord5221
ord1133
ord6248
ord6247
ord1021
ord5113
ord334
ord5379
ord1488
ord956
ord437
ord4025
ord5971
ord2239
ord1136
ord1176
ord1178
ord1182
ord1908
ord265
ord3603
ord3037
ord5901
ord3596
ord1189
ord6751
ord3444
ord3639
ord4699
ord2809
ord3946
ord2370
ord280
ord1002
ord746
ord558
ord2121
ord5434
ord5558
ord2261
ord2241
ord314
ord2244
ord2243
ord313
ord1472
ord616
ord1139
ord3883
ord4258
ord4476
ord6039
ord5930
ord2762
ord3034
ord4216
ord1913
ord4733
ord4846
ord4251
ord5491
ord2736
ord5408
ord1370
ord5152
ord2042
ord2007
ord6234
ord2615
ord2608
ord4560
ord4074
ord1123
ord4884
ord368
ord442
ord675
ord3585
ord3676
ord4465
ord4466
ord565
ord4267
ord1352
ord3338
ord5210
ord5147
ord3968
ord4855
ord4858
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4771
ord4585
ord4175
ord4166
ord4974
ord4784
ord4438
ord756
ord5170
ord2035
ord3422
ord590
ord3629
ord776
ord331
ord287
ord896
ord900
ord2260
ord6167
ord4026
ord2317
ord1906
ord6173
ord1476
ord4035
ord3494
ord742
ord751
ord4261
ord4272
ord5204
ord1896
ord4015
ord2420
ord940
ord2933
ord4304
ord5008
ord5005
ord1905
ord1595
ord3751
ord1994
ord2136
ord2135
ord5855
ord4293
ord5165
ord3648
ord562
ord553
ord431
ord1111
ord3496
ord3519
ord864
ord1058
ord1118
ord425
ord3229
ord5669
ord4059
ord5464
ord3015
ord662
ord3163
ord5425
ord6094
ord2461
ord5485
ord1023
ord290
ord3383
ord5705
ord4101
ord860
ord1086
ord2366
ord747
ord559
ord3168
ord1220
ord6165
ord1064
ord5829
ord2155
ord2140
ord1110
ord4574
ord2011
ord1662
ord1661
ord1542
ord6720
ord5908
ord3940
ord1392
ord5148
ord1899
ord5199
ord4276
ord5171
ord1955
ord4256
ord3176
ord354
ord1121
ord2311
ord293
ord577
ord757
ord701
ord1079
ord430
ord266
ord5164
ord5004
ord1563
ord2237
ord1904
ord2609
ord5003
ord5007
ord4303
ord4129
ord2934
ord4898
ord941
ord5352
ord2986
ord2419
ord2418
ord4014
ord1548
ord6721
ord5911
ord1611
ord1608
ord3939
ord1393
ord4238
ord5144
ord1895
ord5067
ord6271
ord4179
ord5203
ord2164
ord1297
ord3397
ord4716
ord4271
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord1954
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4259
ord635
ord3647
ord3493
ord762
ord2132
ord764
ord1198

msvcr80

_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_invoke_watson
__wgetmainargs
_amsg_exit
memmove_s
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
__CxxFrameHandler3
_wsplitpath_s
malloc
free
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_cexit
memcpy_s
wcsncpy_s
_recalloc
memset
_purecall
_CxxThrowException
_wtoi
_itow_s
atoi
_getcwd
_chdir
_chdrive
toupper
_crt_debugger_hook

kernel32

CreateEventW
ResetEvent
LeaveCriticalSection
EnterCriticalSection
SetEvent
GetTickCount
GetFileAttributesW
CreateDirectoryW
WideCharToMultiByte
GetFileSize
CopyFileW
MoveFileW
CreateFileW
CloseHandle
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
GetModuleFileNameW
LoadLibraryW
GetTempPathW
RemoveDirectoryW
GetCommandLineW
FindFirstFileW
GetSystemTimeAsFileTime
DeleteFileW
FindNextFileW
FindClose
ResumeThread
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
SetErrorMode
GetCurrentThreadId
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExW
CopyFileExW
ExpandEnvironmentStringsW
GetShortPathNameW
GetWindowsDirectoryW
GetProfileStringW
CreateProcessW
GetProcAddress
LocalFree
GetPrivateProfileStringA
lstrlenA
lstrcpyA
GetModuleFileNameA
LocalAlloc
RaiseException
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA

user32

DestroyWindow
LoadCursorW
EnableWindow
CharNextW
PostQuitMessage
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
SetCursor
SetActiveWindow
SetCapture
WaitForInputIdle
ReleaseCapture
SetFocus
UnregisterClassA

gdi32

DeleteDC
CreateICW

winspool.drv

EnumPrinterDriversW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteExW
SHFileOperationW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder

ole32

OleUninitialize
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
OleInitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize
CoInitialize

oleaut32

CreateErrorInfo
SetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCat
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysStringLen
VariantClear
VariantInit
SysAllocString
VarUI4FromStr
SysFreeString

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fdnnsli
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1446a623cdacb49c805b51b678cf21a0

Headers

File Characteristics

Imports

mfc80u

msvcr80

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

msvcp80

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 120KB - Virtual size: 120KB

fdnnsli Size: 80KB - Virtual size: 80KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 120KB - Virtual size: 120KB

fdnnsli
Size: 80KB - Virtual size: 80KB