fdb1835a3a3f9193d77cc9b206fa733ea33e4ab113ee373b0f6584c1f4c310e4

Sharing

Copy URL Twitter E-mail

General

Target

fdb1835a3a3f9193d77cc9b206fa733ea33e4ab113ee373b0f6584c1f4c310e4
Size

124KB
MD5

8029c67b38091ccffe39e7ba26df6f10
SHA1

342e26ac5350ecf427243ac8b2492154eff3256e
SHA256

fdb1835a3a3f9193d77cc9b206fa733ea33e4ab113ee373b0f6584c1f4c310e4
SHA512

c154e614f1b8ba7b678d9864f007cafe9bdba9aab10f08b6948cb7226cbe063a994b3534bc4b6d2be69bc96fbc22b54e308868f12589865e746a3af4b47a08c4
SSDEEP

1536:oVDHsEymQ8i7ygU5GEvb43sJ3KyESY+A37feaCMJDmYsLIb4PvYqHB/AEj:oVQEyTefD43sR1ESDADeak7dJHB/Ak

Score

N/A

Malware Config

Signatures

Files

fdb1835a3a3f9193d77cc9b206fa733ea33e4ab113ee373b0f6584c1f4c310e4
.exe windows x86

1c971e7ee168be43ab579065b41e8169

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libintl-8

libintl_textdomain
libintl_gettext
libintl_bindtextdomain

libpq

ord128
ord95
ord122
ord121
ord120
ord48
ord21
ord113
ord72
ord126
ord130
ord64
ord70
ord77
ord75
ord68
ord33
ord2
ord14
ord76
ord140
ord4
ord15
ord90
ord69
ord67
ord91

kernel32

GetCurrentProcessId
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
SleepEx
GetProcAddress
GetModuleHandleA
TlsAlloc
TlsSetValue
TlsGetValue
LeaveCriticalSection
EnterCriticalSection
SetConsoleCtrlHandler
InitializeCriticalSection
SetConsoleMode
GetConsoleMode
GetStdHandle
WaitForSingleObject
ReadFile
CreateProcessA
CloseHandle
DuplicateHandle
GetCurrentProcess
CreatePipe
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
GetCurrentDirectoryA
LocalFree
LocalAlloc
MoveFileExA
RemoveDirectoryA
FormatMessageA
DeviceIoControl
MultiByteToWideChar
CreateFileA
CreateDirectoryA
GetFileAttributesExA
SetEnvironmentVariableA
GetSystemTimeAsFileTime

advapi32

GetAclInformation
GetLengthSid
InitializeAcl
AddAce
GetAce
AddAccessAllowedAceEx
SetTokenInformation
FreeSid
GetTokenInformation
GetUserNameA

msvcr80

strerror
_errno
tolower
toupper
islower
fwrite
memmove
sprintf
memset
isalpha
getenv
fgets
fflush
fputs
fclose
fopen
strcspn
fputc
perror
_pclose
strncpy
setlocale
_stat64i32
realloc
_putenv
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_strdup
__iob_func
exit
strncmp
free
abort
isupper
malloc
sscanf
strchr
_unlink
_rmdir
strstr

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c971e7ee168be43ab579065b41e8169

Headers

File Characteristics

Imports

libintl-8

libpq

kernel32

advapi32

msvcr80

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 44KB - Virtual size: 41KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 44KB - Virtual size: 41KB