f658f7278f1f36f7a0f140bdc6353f1c604878b5f9a845cfcc5c236137fe9880

Sharing

Copy URL Twitter E-mail

General

Target

f658f7278f1f36f7a0f140bdc6353f1c604878b5f9a845cfcc5c236137fe9880
Size

252KB
MD5

41d4c6655f2bf6c3ee6e7b8945457040
SHA1

d6b19979fa04fc65cbd1347732e9b1d2bfc617b0
SHA256

f658f7278f1f36f7a0f140bdc6353f1c604878b5f9a845cfcc5c236137fe9880
SHA512

33a628699a24f0de9f2445e63709402e9b4e53fea948d6bf13e8abda08e86561e412746d05ba39aa1b05a7b897d8a7824a7bbc5d180ec399f68b9aee271876a9
SSDEEP

3072:QMIiKpdEJu6HnG3xU0X5uJEvfnf6Zkbt2Oco2SqX+M45j3xoJ/LrxtUup9ZQe7np:Q/7SXpBYff6Ob/ySqXx46scH17OUHGW

Score

N/A

Malware Config

Signatures

Files

f658f7278f1f36f7a0f140bdc6353f1c604878b5f9a845cfcc5c236137fe9880
.exe windows x86

04d1044b8bbdf6243ac2c4debeb23b53

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

filectrl

?FileSetUpdateAppList@@YAHXZ
?FileExitSys@@YAHXZ
?FileSetCtrlFlag@@YAHE@Z
?FileInitalSys@@YAHEEE@Z
?FileSetServFlag@@YAHE@Z
?FileGetLog@@YAHPAU_FILE_LOG@@@Z

mfc71

ord1207
ord764
ord578
ord781
ord4108
ord5529
ord785
ord310
ord911
ord297
ord4109
ord304
ord2468
ord5491
ord629
ord1439
ord5089
ord384
ord784
ord266
ord265
ord762
ord1084
ord4035
ord6288
ord2469
ord5323
ord6180
ord6174
ord4541
ord3683
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord2248
ord3948
ord4568
ord5230
ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord566
ord757

msvcr71

_mbsnbcpy
_access
_stat
time
_itoa
fputs
_strlwr
fgets
fwrite
strncmp
printf
_stricmp
_mbslwr
strftime
_localtime64
_time64
__p___argc
__p___argv
_splitpath
_mbscmp
fprintf
fscanf
difftime
realloc
wcsstr
_vsnprintf
vfprintf
_close
_read
_open
_setmbcp
abort
memchr
strcmp
localtime
isspace
isalnum
qsort
fflush
_setmode
ftell
fseek
_purecall
atoi
tolower
isalpha
memset
__security_error_handler
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_iob
_controlfp
__CxxFrameHandler
fopen
fread
strchr
_mbsicmp
malloc
free
_except_handler3
sprintf
fclose
_mbsrchr
strncpy

kernel32

GetSystemTimeAsFileTime
GetStartupInfoA
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
FindFirstFileA
FindClose
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalMemoryStatus
GetCurrentProcessId
QueryPerformanceCounter
GetTickCount
GetStdHandle
GetFileType
GetCurrentThreadId
GetDiskFreeSpaceA
SetFilePointer
ReadFile
WriteFile
DeviceIoControl
GetFileSize
MoveFileA
GetWindowsDirectoryA
GetSystemDirectoryA
SetCurrentDirectoryA
OutputDebugStringA
CreateMutexA
SetConsoleCtrlHandler
FormatMessageA
LocalFree
CreateSemaphoreA
Sleep
CreateThread
WaitForSingleObject
CreateFileA
GetModuleFileNameA
DeleteFileA
CopyFileA
_lclose
CloseHandle
lstrlenA
lstrlenW
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

advapi32

OpenServiceA
RegQueryValueExA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
StartServiceA
OpenSCManagerA
RegCloseKey
RegSetValueExA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
ControlService
QueryServiceStatus
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfig2A
SetServiceStatus
RegOpenKeyExA

msvcp71

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?clear@ios_base@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 36KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

04d1044b8bbdf6243ac2c4debeb23b53

Headers

File Characteristics

Imports

filectrl

mfc71

msvcr71

kernel32

user32

advapi32

msvcp71

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 36KB - Virtual size: 52KB

.rsrc Size: 8KB - Virtual size: 5KB

.rrdata Size: 4KB - Virtual size: 4KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 36KB - Virtual size: 52KB

.rsrc
Size: 8KB - Virtual size: 5KB

.rrdata
Size: 4KB - Virtual size: 4KB