5a663da60d3897ec208976cd27d1e88527a95fb7bd4d1f07c9c9d17c651e5218

Sharing

Copy URL Twitter E-mail

General

Target

5a663da60d3897ec208976cd27d1e88527a95fb7bd4d1f07c9c9d17c651e5218
Size

388KB
MD5

8506a384fa8a6b054cbaa9c4beb887d0
SHA1

ecca0d5e7746017de17ccc6966ad158158af711d
SHA256

5a663da60d3897ec208976cd27d1e88527a95fb7bd4d1f07c9c9d17c651e5218
SHA512

e794a26bbfb8b70d144ce0d03982ace6819798e2130ffc8c100c104312c07577f08349aed2699f0f9f2e8b7a030eb9df64b93b78f6adfbaf38bcfc9e9fc24733
SSDEEP

6144:Q2XJAu65FMfJIK3/0UXO+kWytgfH0scuJVumsscdjT6W48xp1FsqmDFfe6K4:QbrkJls0OC0RuJgmQpT6W484qmDFG34

Score

N/A

Malware Config

Signatures

Files

5a663da60d3897ec208976cd27d1e88527a95fb7bd4d1f07c9c9d17c651e5218
.exe windows x86

8bb642a2bbd9238a33cb1a75a3deb001

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mpr

WNetCancelConnection2A

avuconfig

AVDist_GetNumOfDay
AV8Dist_GetSignatureUpdateConfiguration
AV8Dist_GetSignatureUpdateConfiguration_ServerConfig
AV8Dist_GetSignatureUpdateConfiguration_ComponentList
AV8Dist_FreeRegisteredStatusCallbackRoutine
AV8Dist_SetConfigFileName
AV8Dist_InitRegisteredStatusCallbackRoutine
AV8Dist_SetUpdateConfigurationBaseKey
AV8Dist_RegisterLogCallbackRoutine
AV8Dist_CalculateDigitalSignature
AV8Dist_ReadMasterFile
AV8Dist_DeallocateSignatureUpdateConfiguration

kernel32

LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
GetCurrentProcessId
SetEnvironmentVariableA
SetEvent
SetPriorityClass
GetCurrentProcess
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
SetLastError
DeleteCriticalSection
GetTempFileNameA
GetTempPathA
CreateThread
WaitForSingleObject
CreateEventA
InitializeCriticalSection
GetVersionExA
GetProcessHeap
OpenEventA
CreateSemaphoreA
CreateFileMappingA
OpenFileMappingA
lstrcatA
InterlockedDecrement
SetCurrentDirectoryA
InterlockedIncrement
IsDBCSLeadByte
GetLocaleInfoA
ReadFile
GetFileSize
SetFileAttributesA
SetFileTime
GetFileTime
FormatMessageA
DisableThreadLibraryCalls
LoadLibraryExA
FileTimeToSystemTime
GetFileAttributesA
GetVolumeInformationA
GetComputerNameW
GetCurrentThread
MoveFileA
GetWindowsDirectoryA
GetSystemDirectoryA
UnmapViewOfFile
FlushViewOfFile
MapViewOfFile
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetStartupInfoA
GetModuleHandleA
ExitProcess
HeapAlloc
Sleep
HeapFree
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
lstrlenA
lstrcmpiA
lstrcpyA
LocalAlloc
LocalFree
FindFirstFileA
GetLastError
FindNextFileA
FindClose
LoadLibraryA
GetSystemTimeAsFileTime
GetProcAddress
FreeLibrary
ReleaseMutex
CloseHandle
OpenMutexA
GetSystemTime
GetCurrentDirectoryA
CreateFileA
SetFilePointer
GetStdHandle
GetModuleFileNameA
GetLocalTime
GetCurrentThreadId
WriteFile
FlushFileBuffers
CopyFileA
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
CreateMutexA

user32

LoadStringA
wsprintfA

advapi32

OpenThreadToken
GetTokenInformation
GetSecurityDescriptorSacl
OpenProcessToken
LookupAccountSidW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
EqualSid
AddAce
GetFileSecurityA
MakeAbsoluteSD
GetSecurityDescriptorDacl
LookupAccountNameA
GetSidSubAuthorityCount
LookupAccountSidA
SetSecurityDescriptorOwner
SetFileSecurityA
RegConnectRegistryA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
AllocateAndInitializeSid
SetEntriesInAclA
FreeSid
GetUserNameA
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
GetSidIdentifierAuthority

msvcr71

wcschr
fclose
fgets
fopen
fwrite
_fullpath
__security_error_handler
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
wcslen
wcscpy
wcscat
wcscmp
_mbschr
??0exception@@QAE@XZ
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??1exception@@UAE@XZ
_mbsupr
realloc
memmove
_mbsnbcat
_makepath
_mbsicmp
rename
_unlink
_mbsncpy
strstr
srand
rand
_itoa
_getpid
_mbsdup
_mbstok
_mbsnbcpy
_chmod
malloc
printf
isspace
strrchr
sscanf
getenv
_mkdir
time
strtok
atoi
isdigit
_mbsnbicmp
_mbscmp
_mbsnbcnt
calloc
free
_mbslen
_mbsrchr
_snprintf
??2@YAPAXI@Z
_strnicmp
_access
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
_mbscpy
_mbscat
_wcsicmp
strncat
strchr
_vsnprintf
sprintf
_stricmp
_splitpath
strncpy

msvcp71

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Xran@_String_base@std@@QBEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?is@?$ctype@G@std@@QBE_NFG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@ios_base@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.casec
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8bb642a2bbd9238a33cb1a75a3deb001

Headers

File Characteristics

Imports

version

mpr

avuconfig

kernel32

user32

advapi32

msvcr71

msvcp71

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 24KB - Virtual size: 20KB

.casec Size: 4KB - Virtual size:

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 24KB - Virtual size: 20KB

.casec
Size: 4KB - Virtual size:

.vmp0
Size: 192KB - Virtual size: 1.3MB