400cb13ad91b0d9e31cea5bcb61ac5fda634ce0615b3a9628e30c2b149a2967e

Sharing

Copy URL

Twitter E-mail

General

Target

400cb13ad91b0d9e31cea5bcb61ac5fda634ce0615b3a9628e30c2b149a2967e
Size

297KB
MD5

46dc723dfde678e5d971f41ff0d6dd10
SHA1

66a03b646cebaee86eb93e26796863fb03840862
SHA256

400cb13ad91b0d9e31cea5bcb61ac5fda634ce0615b3a9628e30c2b149a2967e
SHA512

f6e800843b85448bc4e909a22c0a0dc868eebcace5673f3a441d4649c6a9bdc9ee9bd15f9bfb17f00bdc69d9d82f41aa3a618dd370b1db95bf8655086f61775d
SSDEEP

6144:wuE7xynCfXH9OwjXXQ8OK+5kY66HTheJZ4zytbLk:wuMcwjXXQb66HNej4zkw

Score

N/A

Malware Config

Signatures

Files

400cb13ad91b0d9e31cea5bcb61ac5fda634ce0615b3a9628e30c2b149a2967e
.exe windows x86

489d834b30634c9119b6087b0845c99d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryW
lstrcatW
GetModuleHandleW
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
OpenProcess
LocalFree
SetLastError
GetCurrentProcess
CloseHandle
GetDateFormatW
GetTimeFormatW
lstrcpyW
MoveFileW
GetCurrentProcessId
DeleteFileW
OpenEventW
Sleep
FileTimeToSystemTime
DeleteCriticalSection
InitializeCriticalSection
GetVolumeInformationW
EnterCriticalSection
FindFirstFileW
FindNextFileW
FindClose
LeaveCriticalSection
GetProcAddress
GetLastError
ResumeThread
SuspendThread
CreateEventW
ResetEvent
WaitForMultipleObjects
WaitForSingleObject
LoadLibraryW
FreeLibrary
GetLocalTime
SystemTimeToFileTime
SetEvent
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
GetTickCount
LoadLibraryA
DeviceIoControl
GetFileSize
ReadFile
GetCurrentThreadId
LocalAlloc
GetVersionExW
SetProcessWorkingSetSize
TerminateProcess
WriteFile
lstrcpynW
GetFileAttributesW
SetFileAttributesW
CreateFileW
PulseEvent
WritePrivateProfileStringW
LoadLibraryExW
GetModuleFileNameW
GetPrivateProfileIntW
lstrlenW
GetPrivateProfileStringW

iphlpapi

NotifyAddrChange

user32

wsprintfW
GetForegroundWindow
LoadStringW
RegisterDeviceNotificationW
UnregisterDeviceNotification

advapi32

ImpersonateLoggedOnUser
SetThreadToken
RevertToSelf
RegConnectRegistryW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
DuplicateTokenEx
GetSecurityInfo
GetSecurityDescriptorDacl
GetUserNameW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegQueryValueExA
RegOpenKeyExA

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr90

_wsplitpath_s
mbstowcs
_wsplitpath
_errno
calloc
_filelength
_read
_close
_lseek
_wsopen
strtoul
realloc
atoi
strtok_s
strncpy_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wcsncmp
_controlfp_s
vswprintf_s
_wfopen_s
_time64
srand
rand
_waccess
wcscat_s
swprintf_s
swscanf_s
wcsncpy_s
wcsncat_s
wcscpy_s
_swprintf
wcschr
wcscmp
wcsncpy
_vswprintf
fprintf
fwprintf
fflush
_wfopen
fwrite
fclose
fseek
fread
feof
memcmp
_snwprintf
wcscat
iswdigit
wcsstr
free
malloc
memcpy
memmove_s
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
_wcsicmp
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_beginthreadex
memset
_wcsupr
swscanf
wcsrchr
wcscpy
iswalnum
_invoke_watson
iswspace
wcslen
_vsnwprintf_s

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ShellExecuteW

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.drdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

489d834b30634c9119b6087b0845c99d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

iphlpapi

user32

advapi32

msvcp90

msvcr90

version

shell32

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 3KB - Virtual size: 3KB

.drdata Size: 72KB - Virtual size: 72KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 3KB - Virtual size: 3KB

.drdata
Size: 72KB - Virtual size: 72KB