f4c634f876daa987461f623971d429f121383bf72c4f4844f154836bf35314f3

Sharing

Copy URL Twitter E-mail

General

Target

f4c634f876daa987461f623971d429f121383bf72c4f4844f154836bf35314f3
Size

124KB
MD5

a150f96f55b5e92a47d43974eb5333d0
SHA1

58db471ba704cdacc2c768123e4f92602d98f120
SHA256

f4c634f876daa987461f623971d429f121383bf72c4f4844f154836bf35314f3
SHA512

d0186c075853d18e6891e8539d5cf7b7fb3f10a266f3d10237e7097ffa1616c138ce6500fb36e67b3a17d957410abcadf7704ca0f0eca3f9e69a8365950d955c
SSDEEP

3072:MhuKPk1JFvtOqljoZM3jiU6NXb87oCQVmvimZ2E9oFm:Mg1JFvtOql8ZUj8T1mvis20om

Score

N/A

Malware Config

Signatures

Files

f4c634f876daa987461f623971d429f121383bf72c4f4844f154836bf35314f3
.exe windows x86

f47ea53e7e314907ccc2ec0b029e6693

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
GetProcAddress
GetModuleHandleW
CloseHandle
WaitForSingleObject
lstrlenW
GetModuleFileNameW
Sleep
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
CreateThread
CreateEventW
SetEvent
GetCommandLineW
FreeLibrary
LoadLibraryW
LoadLibraryA
LocalAlloc
HeapSize
HeapReAlloc
HeapDestroy
IsDebuggerPresent
InterlockedCompareExchange
InterlockedExchange
HeapAlloc
HeapFree
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualProtect
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA

user32

DispatchMessageW
TranslateMessage
CharUpperW
CharNextW
GetMessageW
PostThreadMessageW

msvcr90

memset
calloc
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memmove_s
memcpy_s
malloc
realloc
??2@YAPAXI@Z
__CxxFrameHandler3
??_U@YAPAXI@Z
??_V@YAXPAX@Z
wcscat_s
wcsncpy_s
wcscpy_s
_CxxThrowException
free
??3@YAXPAX@Z
vswprintf_s

netapi32

NetShareAdd

secur32

GetUserNameExW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f47ea53e7e314907ccc2ec0b029e6693

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcr90

netapi32

secur32

Sections

.text Size: 29KB - Virtual size: 28KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 1KB

.vdata Size: 80KB - Virtual size: 80KB

.text
Size: 29KB - Virtual size: 28KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 1KB

.vdata
Size: 80KB - Virtual size: 80KB