69c28aded2b945ef1d979927fb0784adf99e140714f9f812eaa7830d430ea04d

Sharing

Copy URL Twitter E-mail

General

Target

69c28aded2b945ef1d979927fb0784adf99e140714f9f812eaa7830d430ea04d
Size

1.0MB
MD5

7445bc45e64f7dcfaaaa47cc8432847b
SHA1

77c09ac8a671714104662c5351a4108a509ae2ab
SHA256

69c28aded2b945ef1d979927fb0784adf99e140714f9f812eaa7830d430ea04d
SHA512

0a7f818485f16af28395aa28dd6971d8964ddf93a19864a987f3b2c123aade9f0868e92f833652260f1d26a71d5692716a7ae66517342b20a8ec73cb3b73e5c4
SSDEEP

24576:rzo3D1uKM8Zh/rlicTKJ8ULboCnF2yIydNcmeJPKzbB:rzoToj8ZBrMcTKqUfoCcHydNcmWKzb

Score

N/A

Malware Config

Signatures

Files

69c28aded2b945ef1d979927fb0784adf99e140714f9f812eaa7830d430ea04d
.exe windows x86

90ea78b4797c8cb636465d9739a9b504

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71

ord334
ord593
ord6168
ord5563
ord2272
ord4085
ord304
ord5833
ord1161
ord5119
ord4353
ord3182
ord2657
ord5807
ord6067
ord4749
ord709
ord501
ord3684
ord3337
ord760
ord416
ord651
ord1565
ord6205
ord675
ord548
ord442
ord628
ord378
ord4044
ord1191
ord1187
ord266
ord265
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord3441
ord5182
ord4212
ord4735
ord4890
ord2020
ord1671
ord1670
ord1551
ord5912
ord1620
ord1617
ord3946
ord1401
ord4244
ord5152
ord1908
ord5073
ord6275
ord4185
ord1207
ord5203
ord3403
ord4722
ord4282
ord1600
ord5960
ord923
ord928
ord932
ord930
ord934
ord2410
ord2394
ord3255
ord1063
ord2372
ord762
ord2322
ord876
ord784
ord911
ord2248
ord566
ord757
ord3333
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord4541
ord1794
ord354
ord3164
ord4232
ord1545
ord2086
ord764
ord572
ord3317
ord4261
ord2991
ord5214
ord2413
ord2408
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord3641
ord2862
ord2540
ord4240
ord1402
ord5915
ord1591
ord2095
ord1084
ord4580
ord310
ord6090
ord578
ord587
ord741
ord2646
ord2533
ord3718
ord605
ord4262
ord4486
ord3719
ord3709
ord2644
ord3949

msvcr71

_vsnprintf
strlen
_mbschr
_mbsnbcat
_mbspbrk
_mbsrchr
_mbsstr
_mbscmp
_mbsicmp
_mbsnbcmp
_mbsnbicmp
_mbslen
_mbsinc
_mbslwr
_mbsupr
_mbclen
_mbctype
_strupr
_strlwr
strcpy
strstr
strrchr
strpbrk
strcmp
memmove
isspace
strcat
_ismbcspace
memcpy
wcslen
_ismbcdigit
atoi
_wcsupr
strncat
strchr
strncmp
isdigit
iswspace
_purecall
strtok
_stricmp
realloc
_setmbcp
__CxxFrameHandler
_snprintf
_except_handler3
wcscpy
_CxxThrowException
_mbsnbcpy
memset
__security_error_handler
__dllonexit
_onexit
??1type_info@@UAE@XZ
_c_exit
_exit
_XcptFilter
_ismbblead
_mbstok
_cexit
free
malloc
_resetstkoflw
sprintf
_splitpath
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp

kernel32

lstrcmpA
LocalFree
GetUserDefaultLangID
GetSystemDefaultLangID
VerLanguageNameA
FindFirstFileA
FindClose
SetFileAttributesA
DeleteFileA
LocalAlloc
GetCurrentDirectoryA
GetWindowsDirectoryA
SetCurrentDirectoryA
RemoveDirectoryA
CreateDirectoryA
GetFileAttributesA
GetDriveTypeA
IsBadWritePtr
IsBadStringPtrA
OutputDebugStringA
HeapDestroy
FindNextFileA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InterlockedDecrement
InterlockedIncrement
CreateMutexA
ReleaseMutex
ResetEvent
PulseEvent
CreateSemaphoreA
ReleaseSemaphore
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetModuleHandleA
ExitProcess
RaiseException
LoadLibraryExA
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiW
lstrlenW
lstrcmpiA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
CreateEventA
GetLastError
CreateThread
WaitForMultipleObjects
SetEvent
WaitForSingleObject
GetCurrentProcess
GetCurrentThreadId
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetShortPathNameA
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
FreeResource
EnterCriticalSection
LoadLibraryA
GetProcAddress
LeaveCriticalSection
FreeLibrary
DeleteCriticalSection
CreateFileA
CloseHandle
InitializeCriticalSection
GetSystemDirectoryA

user32

GetForegroundWindow
CharPrevA
GetDlgItemTextA
GetWindowThreadProcessId
AttachThreadInput
LoadIconA
SetForegroundWindow
SetActiveWindow
PostThreadMessageA
IsIconic
GetClientRect
SetWindowLongA
GetWindowLongA
SendMessageA
GetSystemMetrics
PostMessageA
SetTimer
CharLowerA
CharLowerW
CharUpperA
CharUpperW
UnregisterClassA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects
DrawIcon
RegisterWindowMessageA
LoadStringA
IsWindow
EnableWindow
CloseWindow
DestroyIcon

advapi32

RegLoadKeyA
RegUnLoadKeyA
RegRestoreKeyA
RegDeleteKeyA
RegCreateKeyExA
RegSaveKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegFlushKey
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
AccessCheck
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
MakeAbsoluteSD
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
GetSecurityDescriptorSacl
DuplicateToken
GetSecurityDescriptorControl
GetAclInformation
InitializeAcl
AddAce
CopySid
IsValidSid
GetLengthSid
RegOpenKeyA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ImageList_GetImageCount
ImageList_GetIcon

oleaut32

CreateErrorInfo
SetErrorInfo
VariantInit
VariantClear
VariantChangeType
GetErrorInfo
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysFreeString

userenv

UnloadUserProfile

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 936KB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

90ea78b4797c8cb636465d9739a9b504

Headers

File Characteristics

Imports

mfc71

msvcr71

kernel32

user32

advapi32

shell32

comctl32

oleaut32

userenv

version

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 936KB - Virtual size: 2.7MB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 936KB - Virtual size: 2.7MB