72cc4aafaae40ceb40291886a30922fa896a0a19e2589219a3a489653e1999bc

Sharing

Copy URL Twitter E-mail

General

Target

72cc4aafaae40ceb40291886a30922fa896a0a19e2589219a3a489653e1999bc
Size

224KB
MD5

000b50ad57a9fbb5d5abf69f5a6017e0
SHA1

bb6beb20c376d8aed77526d878de466ef1899dd0
SHA256

72cc4aafaae40ceb40291886a30922fa896a0a19e2589219a3a489653e1999bc
SHA512

69d4c6f9065e887d3bd0015a11180893c5d0f3b5ed2db3cf865261b549ef982a0b64e88ef233726fd7215d87144201c735daabc33d34de61b0f0f4a5dea5ff1f
SSDEEP

6144:m140FvE7URULsrhwfRgVNQZeb9uiCH+s0GZSRFNr:m1hvE7U/XduxH+RPxr

Score

N/A

Malware Config

Signatures

Files

72cc4aafaae40ceb40291886a30922fa896a0a19e2589219a3a489653e1999bc
.exe windows x86

a8c05495d56d567068b75adfbe69b618

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsWindow
GetParent
GetClassNameA
FindWindowExA
SendMessageA

ole32

CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoInitialize
CoUninitialize
CoTaskMemAlloc

kernel32

GetCurrentProcess
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
GetACP
lstrcpynW
LoadLibraryA
lstrlenA
GetVersion
ReadProcessMemory
LoadLibraryExA
GetModuleHandleA
lstrcmpA
CreateFileA
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
UnmapViewOfFile
GetPrivateProfileStringA
CopyFileA
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
GetCurrentProcessId
GetPrivateProfileStructA
WritePrivateProfileStringA
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalAlloc
ReadFile
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
GetTempPathA
GetTempFileNameA
CreateDirectoryA
MultiByteToWideChar
GetLongPathNameA
DeleteFileA
GetWindowsDirectoryA
GetShortPathNameA
GetSystemDirectoryA
SetEvent
CreateEventA
WaitForSingleObject
MoveFileExA
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcpynA
lstrcatA
CreateProcessA
CreateMutexA
CloseHandle
GetModuleFileNameA
GetTickCount
Sleep
GetLastError
GetVersionExA
LocalFree
GetStartupInfoA

advapi32

GetLengthSid
SetTokenInformation
GetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
CreateProcessAsUserW
GetNamedSecurityInfoA
SetEntriesInAclA
SetNamedSecurityInfoA
RegDeleteValueA
RegCreateKeyExA
RegCreateKeyA
AddAccessAllowedAce
SetSecurityDescriptorDacl
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
RegSetKeySecurity
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ControlService
StartServiceA
QueryServiceStatus
DeleteService
OpenServiceA
ChangeServiceConfig2A
OpenSCManagerA
CreateServiceA
CloseServiceHandle
InitializeAcl

shlwapi

SHSetValueA
SHGetValueA
SHDeleteKeyA
PathFindFileNameA
PathIsDirectoryA
SHDeleteValueA
PathAppendA
PathRemoveBlanksA
PathRemoveBackslashA
PathRemoveFileSpecA
StrStrIA
wnsprintfA
PathFileExistsA

msvcirt

?sync@istream@@QAEHXZ
?getline@istream@@QAEAAV1@PADHD@Z
??5istream@@QAEAAV0@PAD@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??6ostream@@QAEAAV0@PBD@Z

ws2_32

htons
ntohl
ntohs
WSACleanup
WSAStartup

msvcrt

_onexit
__dllonexit
_strnicmp
_wcsnicmp
_wcsicmp
_strlwr
fgetc
calloc
_exit
_iob
fputc
exit
memcpy
_CxxThrowException
_EH_prolog
strlen
atol
wcscpy
_except_handler3
??1type_info@@UAE@XZ
_controlfp
_XcptFilter
_acmdln
memset
strrchr
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
??2@YAPAXI@Z
_snprintf
_mbsicmp
rand
_mbsnbcpy
fseek
fclose
fputs
strstr
fgets
rewind
fopen
__CxxFrameHandler
wcslen
fwrite
_tempnam
strchr
fread
ftell
tolower
_ismbcupper
free
malloc
_mbscmp
sscanf
printf
_snwprintf
sprintf
time
localtime
memmove
atoi
_mbstok
strncpy
srand
__getmainargs

shell32

SHCreateDirectoryExA

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a8c05495d56d567068b75adfbe69b618

Headers

File Characteristics

Imports

user32

ole32

kernel32

advapi32

shlwapi

msvcirt

ws2_32

msvcrt

shell32

Sections

.text Size: 108KB - Virtual size: 107KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 76KB - Virtual size: 76KB