b1407a1d54c97ada501ba6b09816bc2337881690c0aec6a11be447a4c3916f93

Sharing

Copy URL

Twitter E-mail

General

Target

b1407a1d54c97ada501ba6b09816bc2337881690c0aec6a11be447a4c3916f93
Size

589KB
MD5

a1be097be7940d727e5954cb871e5291
SHA1

425aa2d23569520cdea77f73c2be14051148dfb5
SHA256

b1407a1d54c97ada501ba6b09816bc2337881690c0aec6a11be447a4c3916f93
SHA512

5e0d57b76ccbf468f019229e4981706b731526f380ba172f2f58b4182a8997212c81f7c08efb220cdfb45840824c7a63101c855847ef22e95a27f80dc81684bf
SSDEEP

6144:dZ2w9h/azfhJZVxumIyH9N72QR/+EbuwXbgBzyasVMBknz9pSW+ALcJOFnLkkAi5:dZMhJEydN72QBjbBJz9AWVnLuqhMPo

Score

N/A

Malware Config

Signatures

Files

b1407a1d54c97ada501ba6b09816bc2337881690c0aec6a11be447a4c3916f93
.exe windows x86

367c50e194daea492c18464bf522d832

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

mfc80u

ord5316
ord1299
ord2167
ord5522
ord265
ord266
ord6282
ord5327
ord6293
ord2444
ord860
ord896
ord5712
ord745
ord557
ord1476
ord1457
ord2261
ord5414
ord3383
ord4078
ord4100
ord3990
ord907
ord578
ord1172
ord3991
ord4079
ord5399
ord2462
ord310
ord900
ord3249
ord6700
ord282
ord6111
ord2895
ord1479
ord1198
ord774
ord1176
ord899
ord2460
ord5398
ord1455
ord776
ord2121
ord3927
ord280
ord762
ord2311
ord1178
ord1182
ord1079
ord1118
ord283
ord870
ord1117
ord581
ord1200
ord314
ord1170
ord1168
ord1192
ord1115
ord1162
ord1908
ord293
ord4026
ord371
ord1093
ord1199
ord1121
ord1197
ord1087
ord1033
ord315
ord765
ord5971
ord577
ord757
ord6751
ord372
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord566
ord3677
ord764
ord781

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
malloc
_wmkdir
isxdigit
sprintf
wcstok
_wtoi
memset
memcpy_s
wcstok_s
memmove_s
_recalloc
calloc
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
_purecall
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_wcsrev
_wcsnicoll
_wcsncoll
iswalpha
iswdigit
iswalnum
wcsncpy
wcscoll
_wcsicoll
_wcsicmp
_vswprintf
_wcsupr
_wcslwr
wcscspn
_wcsnicmp
wcsncmp
__CxxFrameHandler3
setlocale
free
_wcsdup
memcpy

kernel32

SetEvent
ResetEvent
WaitForSingleObject
CreateFileW
FindClose
FindFirstFileW
CloseHandle
SetFilePointer
WriteFile
ReadFile
MoveFileExW
GetLastError
DeleteFileW
MoveFileW
CopyFileW
GetShortPathNameW
GetFullPathNameW
GetFileAttributesW
FormatMessageW
LocalFree
GetModuleHandleW
WideCharToMultiByte
LoadLibraryW
FreeLibrary
GetExitCodeThread
CreateThread
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetThreadLocale
GetLocaleInfoA
GetACP
lstrlenW
Sleep
GetVersionExA
WritePrivateProfileStringW
GetModuleFileNameW
TerminateThread
CreateEventW
GetProcAddress
lstrcatW
lstrcmpW
GetPrivateProfileStringW
SetFileAttributesW
GetTempPathW
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
WaitForMultipleObjects
CreateMutexW
GetTickCount
ReleaseMutex
MultiByteToWideChar
GetComputerNameW
GetDriveTypeW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemDirectoryW
GetVersionExW
lstrlenA
GetLogicalDriveStringsW
lstrcpyW

user32

SendMessageW
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects

advapi32

OpenSCManagerW
CloseServiceHandle

shell32

SHFileOperationW
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderPathW

comctl32

ord17

shlwapi

PathFileExistsW
PathRenameExtensionW

ole32

CoCreateGuid
CoTaskMemFree
StgCreateDocfile
StgOpenStorage
CoCreateInstance
StgIsStorageFile
CoInitialize

oleaut32

SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen

msvcp80

??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
WNetGetConnectionW

msi

ord175
ord166
ord115
ord8
ord26
ord125
ord163
ord118
ord20
ord160
ord116
ord24
ord186
ord78
ord150
ord92
ord32
ord159
ord19

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 388KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

367c50e194daea492c18464bf522d832

Headers

File Characteristics

Imports

netapi32

mfc80u

msvcr80

kernel32

user32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp80

mpr

msi

version

Sections

.text Size: 388KB - Virtual size: 386KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 12KB - Virtual size: 10KB

.rsrc Size: 108KB - Virtual size: 108KB

.text
Size: 388KB - Virtual size: 386KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 108KB - Virtual size: 108KB