b1c4e7c9a94e54b19160234dc8f3f18d7e92f2d924ed557bc1c71252f62f526e

Sharing

Copy URL

Twitter E-mail

General

Target

b1c4e7c9a94e54b19160234dc8f3f18d7e92f2d924ed557bc1c71252f62f526e
Size

889KB
MD5

0c08b38a393a88e72c3d76b014e92900
SHA1

7388591361b984c00eb1d2720036ae54e387aab2
SHA256

b1c4e7c9a94e54b19160234dc8f3f18d7e92f2d924ed557bc1c71252f62f526e
SHA512

4f0f3179aec3019135e09ea4f6c4988ffc4e3de2f433e2277bbb08929a6054d457adcd3576f4d12b76f8c5658093b81ee506710f70289f6d0ecab2a29c11bfc8
SSDEEP

12288:54oTsushrCDGpbqnC0+l/L5aeGpiH22Agk6DSwTSTMfkPq8W6u7Qw:54oTPkCgwCbae/Fk6ONgcdEx

Score

N/A

Malware Config

Signatures

Files

b1c4e7c9a94e54b19160234dc8f3f18d7e92f2d924ed557bc1c71252f62f526e
.exe windows x86

58bf17dce8ec446d2eda40e985282a1c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_crt_debugger_hook
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
fopen_s
fwprintf_s
fclose
vsprintf_s
vswprintf_s
wcsncpy_s
_beginthreadex
_wtol
_resetstkoflw
wcscpy_s
swscanf_s
_wcsdup
_setjmp3
longjmp
wcsstr
strncmp
_wsplitpath_s
_wcsnicmp
_CIsqrt
realloc
_vsnwprintf
_wtoi64
_wtoi
wcstod
_wcsicmp
_recalloc
wcstoul
wcsncmp
memmove
_CIpow
strtod
__iob_func
fprintf
fread
fflush
fwrite
strncpy
abort
sprintf
_CxxThrowException
memmove_s
free
malloc
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
memcpy_s
wcsrchr
wcschr
memset
__CxxFrameHandler3
calloc
memcpy

msvcp80

?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?_Xlen@_String_base@std@@SAXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIPB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
?_Copy_s@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPA_WIII@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IABV12@@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@II@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@@Z
?_Xran@_String_base@std@@SAXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

kernel32

lstrcmpiW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
GetTempPathA
GetTempFileNameA
CreateProcessA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualProtect
LoadLibraryA
FormatMessageA
LocalFree
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
LockFile
LockFileEx
UnlockFileEx
UnlockFile
GetFileInformationByHandle
SetEndOfFile
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
ExitProcess
GetCommandLineW
GetCurrentThreadId
Sleep
CreateThread
RaiseException
WaitForSingleObject
SetEvent
CreateEventW
CompareStringW
FlushFileBuffers
GetDiskFreeSpaceExW
GlobalAlloc
GlobalFree
LocalAlloc
MultiByteToWideChar
SystemTimeToFileTime
HeapCreate
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
WriteFile
GetTempPathW
GetTempFileNameW
GlobalLock
GlobalUnlock
MoveFileW
DeleteFileW
SetFilePointer
ReadFile
CloseHandle
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
GetUserDefaultLCID
LCMapStringW
GetLastError

user32

UnregisterClassA
MessageBoxA
ReleaseDC
GetDC
GetDesktopWindow
LoadImageW
FindWindowA
LoadStringW
PostThreadMessageW
CharNextW
DispatchMessageW
GetMessageW
SetTimer

advapi32

RegQueryValueExW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateGuid
StringFromGUID2
CreateStreamOnHGlobal
CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
CoTaskMemFree
CLSIDFromString

gdi32

GetDIBits
GetObjectW
DeleteObject

oleaut32

VarUI4FromStr
SafeArrayDestroy
VarBstrCmp
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString

wininet

InternetGetConnectedState
InternetErrorDlg
HttpQueryInfoW
InternetOpenUrlW
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

58bf17dce8ec446d2eda40e985282a1c

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

msvcp80

kernel32

user32

advapi32

ole32

gdi32

oleaut32

wininet

Sections

.text Size: 713KB - Virtual size: 712KB

.data Size: 34KB - Virtual size: 40KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 120KB - Virtual size: 124KB

.text
Size: 713KB - Virtual size: 712KB

.data
Size: 34KB - Virtual size: 40KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 120KB - Virtual size: 124KB