71ebf2aa1d62d3d3d029eab4e4aecbc40929a428e4c78d9188a1f2034870c740

Sharing

Copy URL Twitter E-mail

General

Target

71ebf2aa1d62d3d3d029eab4e4aecbc40929a428e4c78d9188a1f2034870c740
Size

194KB
MD5

a23257cbd94117a52d3905a411dcc010
SHA1

8d38a2cbb03e7786ee6dfc4d0b7b5ee3ed6d25c5
SHA256

71ebf2aa1d62d3d3d029eab4e4aecbc40929a428e4c78d9188a1f2034870c740
SHA512

113c80fcc5428bcfe76f882a7e1aba0730d96d8f377c2f924b0bef470b7ec773e9237e140f8f546cc703db023906d93b8308f91bb817c1098ecc711900979b8a
SSDEEP

6144:Cz7VWIEPgHZKhKGrjmu5FjJWOx9BXuKGji0:8Atg58K0ZJbB+P

Score

N/A

Malware Config

Signatures

Files

71ebf2aa1d62d3d3d029eab4e4aecbc40929a428e4c78d9188a1f2034870c740
.exe windows x86

c7df19622401e8feb9fa56e276df6536

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

kernel32

GetProcAddress
GetModuleHandleW
lstrcpyW
CreateFileW
TerminateThread
WaitForSingleObject
CreateThread
VerifyVersionInfoW
VerSetConditionMask
WideCharToMultiByte
CreateProcessW
TerminateProcess
GetExitCodeProcess
OpenProcess
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DeleteFileW
SetEvent
InterlockedDecrement
GetCommandLineW
CreateMutexW
GetTempPathW
GetModuleFileNameW
FreeLibrary
LoadLibraryW
GetVolumeInformationA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemDirectoryA
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
ExitProcess
CreateEventW
Sleep
MultiByteToWideChar
GetLastError
LocalAlloc
LocalFree
CloseHandle
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
GetCurrentProcess
FlushInstructionCache
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTimeAsFileTime
GetVersionExA
InterlockedIncrement

user32

wsprintfW
CallWindowProcW
GetWindowLongW
FindWindowW
SendMessageTimeoutW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
CharUpperW
PostThreadMessageW
DefWindowProcW
PostMessageW
DestroyWindow
SetWindowLongW
CreateWindowExW

advapi32

GetSidSubAuthority
GetTokenInformation
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetSidSubAuthorityCount

shell32

CommandLineToArgvW
ShellExecuteExW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocStringLen
SafeArrayCreateVector
SafeArrayAccessData
SysFreeString
SafeArrayUnaccessData
SafeArrayDestroy

msvcp71

?_Nomemory@std@@YAXXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?clear@ios_base@std@@QAEXH_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Xran@_String_base@std@@QBEXXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z

msvcr71

_initterm
memset
_itoa
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
??3@YAXPAX@Z
??0exception@@QAE@ABV0@@Z
_CxxThrowException
free
srand
time
rand
strstr
??_V@YAXPAX@Z
swscanf
malloc
sscanf
wcscpy
_snwprintf
wcsncpy
wcsncat
wcslen
tolower
_except_handler3
_putenv
_snprintf
_purecall
fopen
fread
ftell
fseek
fputc
fprintf
fclose
isspace
isalpha
isalnum
strncmp
strchr
_callnewh
??1type_info@@UAE@XZ
__security_error_handler
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs

atl71

ord43
ord61
ord44
ord45
ord66
ord11
ord32
ord65
ord10
ord18
ord22
ord64
ord17
ord20
ord23

shlwapi

StrCatW
PathFileExistsW
StrCpyW
PathRemoveFileSpecW

ws2_32

gethostbyname
WSAStartup
setsockopt
htons
WSAGetLastError
connect
closesocket
send
recv
socket

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

xlbughandler

_XL_SetReportShowMode@4
_XL_SetBugReportRootDir@4
_XL_InitBugHandler@20
_XL_SetAlwaysSendReport@4

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c7df19622401e8feb9fa56e276df6536

Headers

File Characteristics

Imports

crypt32

wintrust

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp71

msvcr71

atl71

shlwapi

ws2_32

version

xlbughandler

iphlpapi

Sections

.text Size: 80KB - Virtual size: 77KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 80KB - Virtual size: 77KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 76KB - Virtual size: 76KB