4fd621bc61845e1d62bd7b2ad13861e24f5a8761ff107773f67266e550a39d78

Sharing

Copy URL Twitter E-mail

General

Target

4fd621bc61845e1d62bd7b2ad13861e24f5a8761ff107773f67266e550a39d78
Size

96KB
MD5

8159e748cb6538de57f3bc29381f0081
SHA1

55af4d80981727e82665d75ab40049d5c60ca6e3
SHA256

4fd621bc61845e1d62bd7b2ad13861e24f5a8761ff107773f67266e550a39d78
SHA512

fe0d463d6cc4642429e8c4b8f03c41a90e92acb16cde695845388f0553119fb8e342d05f0cc393acbd7667bb9b0a919957ebbd6bc1dac98716d0cd0bff2e2fc3
SSDEEP

1536:U1pKBDeDrAGvnMLiWnCKdxUBxlGq6acrqKf8uc9CW7q/FkVy:tNGpnMLzCt6aoqM8uc4W7q/Fk

Score

N/A

Malware Config

Signatures

Files

4fd621bc61845e1d62bd7b2ad13861e24f5a8761ff107773f67266e550a39d78
.exe windows x86

0fb588ab7934f8e33cc65e9c37d50671

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
LocalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
ExitProcess
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetEnvironmentVariableA
GetShortPathNameA
ReleaseMutex
SetErrorMode
OpenEventA
CreateMutexA
CopyFileA
GetComputerNameA
lstrcmpiA
GetCurrentThreadId
GetModuleHandleA
OutputDebugStringA
OpenProcess
VirtualAllocEx
GetTickCount
GetSystemInfo
WriteProcessMemory
GetSystemDirectoryA
GetModuleFileNameA
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateProcessA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
GetProcAddress
FreeLibrary
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
Sleep
CancelIo
InterlockedExchange
lstrcpyA
ResetEvent
VirtualAlloc
EnterCriticalSection
CreateEventA
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
CreateRemoteThread
Beep
CreateToolhelp32Snapshot
Process32First
Process32Next
DeviceIoControl
GetVersion
MoveFileExA
GetCurrentProcess
InitializeCriticalSection
CreateThread
ResumeThread
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
GlobalMemoryStatusEx

user32

keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
SystemParametersInfoA
ReleaseDC
GetCursorPos
GetCursorInfo
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
IsWindow
CloseWindow
CreateWindowExA
DispatchMessageA
BlockInput
DestroyCursor
LoadCursorA
TranslateMessage
GetWindowTextA
SwapMouseButton
SendMessageA
GetForegroundWindow
MoveWindow
GetMessageA
wsprintfA
CharNextA
MessageBoxA
ExitWindowsEx
ShowWindow
GetWindowRect
FindWindowA
GetDesktopWindow
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop

gdi32

DeleteObject
BitBlt
CreateDIBSection
SelectObject
CreateCompatibleBitmap
GetDIBits
CreateCompatibleDC
DeleteDC

advapi32

ControlService
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
RegOpenKeyExA
CloseServiceHandle
DeleteService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
StartServiceA
QueryServiceConfigA
EnumServicesStatusA
SetServiceStatus
StartServiceCtrlDispatcherA
ChangeServiceConfig2A
CreateServiceA
GetUserNameA
LookupAccountSidA
GetTokenInformation
RegQueryValueA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

shlwapi

SHDeleteKeyA

msvcrt

_strnicmp
_strrev
__p__fmode
_strupr
_controlfp
__set_app_type
_strcmpi
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
calloc
_beginthreadex
exit
rand
strncat
_snprintf
wcscpy
_errno
strncmp
atoi
strncpy
strcat
strrchr
_except_handler3
free
strcmp
strcpy
malloc
strchr
memcmp
strstr
strlen
_ftol
ceil
memmove
__CxxFrameHandler
memcpy
memset
??2@YAPAXI@Z
??3@YAXPAX@Z

winmm

waveInClose
waveOutUnprepareHeader
waveOutClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
mciSendStringA
waveOutReset

ws2_32

recvfrom
sendto
listen
WSAIoctl
accept
WSACleanup
WSAStartup
setsockopt
htons
gethostbyname
socket
closesocket
ntohs
recv
select
send
inet_ntoa
inet_addr
getsockname
bind
gethostname
ioctlsocket
getpeername
__WSAFDIsSet
connect

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

netapi32

NetUserAdd
NetLocalGroupAddMembers

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

avicap32

capGetDriverDescriptionA
capCreateCaptureWindowA

msvfw32

ICOpen
ICSeqCompressFrameEnd
ICCompressorFree
ICClose
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrame

psapi

GetModuleFileNameExA
EnumProcesses
GetModuleBaseNameA
EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0fb588ab7934f8e33cc65e9c37d50671

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

msvcrt

winmm

ws2_32

msvcp60

netapi32

wininet

avicap32

msvfw32

psapi

wtsapi32

Sections

.text Size: 70KB - Virtual size: 69KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 512B - Virtual size: 240B

.text
Size: 70KB - Virtual size: 69KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 512B - Virtual size: 240B