4c355a9bd10c880c4e46ff0d22447581e916f2d6bb8e661f9866985773ebdfb8

Sharing

Copy URL Twitter E-mail

General

Target

4c355a9bd10c880c4e46ff0d22447581e916f2d6bb8e661f9866985773ebdfb8
Size

233KB
MD5

0e6215fe161f587bd59d1efe79b7a920
SHA1

9781d5497c11a4b83b16933be8e2bdeb261ebbab
SHA256

4c355a9bd10c880c4e46ff0d22447581e916f2d6bb8e661f9866985773ebdfb8
SHA512

b2bcc7bd4d7996fac4367e659a046d7bd0a3a81639cb26f7985e50264379dddf84995b56ca67c361edd4a4f957c46ab4aeedd04ac666a8be94a3052f5cde3af6
SSDEEP

6144:3b3k9kX89iRFq7BHD0LBOeRki4QQ0rnpi3n34b6t:3btX8dARZ4QxrcYk

Score

N/A

Malware Config

Signatures

Files

4c355a9bd10c880c4e46ff0d22447581e916f2d6bb8e661f9866985773ebdfb8
.exe windows x86

fbc147cbd3815f5ebf0dd7da4c7b1a47

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

xlluaruntime

XLLRT_ReleaseRunTime
XLLRT_ReleaseChunk
XLLRT_RunChunk
XLLRT_CreateChunkFromFile
XLLRT_CreateChunk
XLLRT_CreateRunTime
XLLRT_GetRuntime
XLLRT_CreateEnv
XLLRT_GetEnv
XLLRT_ReleaseEnv

libexpat

ord16
ord25
ord31
ord52
ord18
ord21

psapi

GetModuleBaseNameW
GetModuleFileNameExW

imm32

ImmDisableIME

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

IsProcessorFeaturePresent
InterlockedExchange
Sleep
HeapFree
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetProcessHeap
HeapAlloc
GetStartupInfoW
GetSystemTimeAsFileTime
FormatMessageW
LoadLibraryA
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
InitializeCriticalSection
FlushInstructionCache
GetCurrentProcess
GetModuleFileNameW
GetTempPathW
SetLastError
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
TerminateProcess
LoadLibraryW
CloseHandle
GetLastError
OpenProcess
GetCurrentProcessId
WideCharToMultiByte
IsBadWritePtr
MultiByteToWideChar
CreateEventW
ResumeThread
WaitForMultipleObjects
SetEvent
OpenFileMappingW
CreateFileMappingW
OpenEventW
ResetEvent
WaitForSingleObject
GetTickCount
MapViewOfFile
WritePrivateProfileStringW
lstrlenA
CreateFileW
GetModuleHandleA
GetCurrentThread
CopyFileW
GetPrivateProfileIntW
FreeLibrary
GetVersionExW
SetUnhandledExceptionFilter
SetErrorMode
lstrlenW
GetPrivateProfileStringW
VirtualQueryEx
GetThreadSelectorEntry
ReadProcessMemory
VirtualQuery
InterlockedCompareExchange
VirtualProtect
SetThreadContext
GetThreadContext
VirtualFree
SuspendThread
VirtualAlloc
WritePrivateProfileStringA
GetPrivateProfileStringA
GetVolumeInformationA
GetSystemDirectoryA
GetModuleFileNameA
IsBadCodePtr
lstrcatA
CreateDirectoryA
GetFileAttributesA
lstrcpyA
DeviceIoControl
CreateFileA
SetPriorityClass

user32

UnregisterClassA
GetDesktopWindow
SendMessageW
PostQuitMessage
CallWindowProcW
GetWindowLongW
PostThreadMessageW
PostMessageW
DefWindowProcW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
SetTimer
SetWindowLongW
RegisterClassExW
RegisterClassExA
UnregisterClassW
LoadCursorW
GetClassInfoExW
LoadCursorA
GetClassInfoExA
CharNextW

shell32

ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysStringLen
SysFreeString
UnRegisterTypeLi
RegisterTypeLi

atl90

ord68
ord56
ord49
ord43
ord44
ord64
ord23
ord61

shlwapi

PathAppendW
PathCombineW
PathFindFileNameW

msvcp90

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

msvcr90

_itoa
vswprintf_s
?what@exception@std@@UBEPBDXZ
_time64
srand
rand
_vswprintf
_localtime64
wcsncpy
wcscpy
fclose
fwrite
_wfopen
sprintf
wcscmp
wcsftime
memcpy
_ultoa
isprint
isspace
tolower
strncpy
isalnum
_swprintf
swscanf
wcschr
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_except_handler4_common
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_decode_pointer
??3@YAXPAX@Z
memcmp
_CxxThrowException
wcsncpy_s
sprintf_s
swprintf_s
_wtoi
free
??_V@YAXPAX@Z
__CxxFrameHandler3
_recalloc
memmove_s
memset
_purecall
??2@YAPAXI@Z
wcsrchr
strlen
strcmp
_wcsicmp
malloc
realloc
wcslen
_itoa_s
strncpy_s
atoi
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_beginthreadex
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fbc147cbd3815f5ebf0dd7da4c7b1a47

Headers

DLL Characteristics

File Characteristics

Imports

xlluaruntime

libexpat

psapi

imm32

iphlpapi

version

kernel32

user32

shell32

ole32

oleaut32

atl90

shlwapi

msvcp90

msvcr90

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 42KB - Virtual size: 41KB

.data Size: 2KB - Virtual size: 260KB

.rsrc Size: 79KB - Virtual size: 80KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 42KB - Virtual size: 41KB

.data
Size: 2KB - Virtual size: 260KB

.rsrc
Size: 79KB - Virtual size: 80KB