fa7bada9f6400bcac69515d9c638120b8adad0cc7a7b2cd7ed51c8e12454e29f

Sharing

Copy URL Twitter E-mail

General

Target

fa7bada9f6400bcac69515d9c638120b8adad0cc7a7b2cd7ed51c8e12454e29f
Size

115KB
MD5

8288d2c216ac6ee7782897ffb2350abe
SHA1

0cfc713cc04139ef24f89ebf1cd71cda1fc75e10
SHA256

fa7bada9f6400bcac69515d9c638120b8adad0cc7a7b2cd7ed51c8e12454e29f
SHA512

e46b7a8249835125f0039b7b9f87143303a88cdb335491d8bcc6a587d2b4f6722ac70da7f0664cc13af33899c6adb367bd5906499d29056a7291a670f3fb9085
SSDEEP

3072:u+yEMYUoUpyDtHmrgZZ0RxnynZYdLFgnAngpF:EEQoUcGrgZZgwmd5bgX

Score

N/A

Malware Config

Signatures

Files

fa7bada9f6400bcac69515d9c638120b8adad0cc7a7b2cd7ed51c8e12454e29f
.exe windows x86

1eefe6e5f977e368a1fc0bd66847a9d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msioff9.ocx

DeleteOfficeData
GetOfficeData

mfc42

ord2814
ord2813
ord939
ord823
ord540
ord836
ord941
ord3115
ord1601
ord539
ord825
ord850
ord842
ord1238
ord800
ord858
ord3470

msvcrt

realloc
exit
_XcptFilter
_exit
malloc
memcmp
memcpy
_purecall
_EH_prolog
__CxxFrameHandler
_initterm
__setusermatherr
__p__fmode
__p__commode
_controlfp
__getmainargs
_acmdln
_except_handler3
__set_app_type
_adjust_fdiv
_wcsicmp

kernel32

GetModuleFileNameA
lstrcatA
GetLastError
GetStartupInfoA
lstrcpyA
InterlockedDecrement
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
lstrlenA
lstrcpynA
lstrlenW
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA

user32

DispatchMessageA
GetMessageA
CharNextA
PostThreadMessageA

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA

ole32

CoRegisterClassObject
CoRevokeClassObject
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoUninitialize
CoSuspendClassObjects

oleaut32

SetErrorInfo
VarI4FromStr
VariantClear
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1eefe6e5f977e368a1fc0bd66847a9d7

Headers

File Characteristics

Imports

msioff9.ocx

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 29KB - Virtual size: 28KB

.data Size: 9KB - Virtual size: 9KB

.rsrc Size: 3KB - Virtual size: 3KB

.vdata Size: 72KB - Virtual size: 72KB

.text
Size: 29KB - Virtual size: 28KB

.data
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 3KB - Virtual size: 3KB

.vdata
Size: 72KB - Virtual size: 72KB