d8be358d25d4106fce031066340014ffa95c1437701195e53833184dbccfa412

Sharing

Copy URL

Twitter E-mail

General

Target

d8be358d25d4106fce031066340014ffa95c1437701195e53833184dbccfa412
Size

158KB
MD5

91a24ae8041d019bd05cc288d7db05fd
SHA1

2f3eebcc53220803c61e6b721831b8bb3c629360
SHA256

d8be358d25d4106fce031066340014ffa95c1437701195e53833184dbccfa412
SHA512

541323622c6d7b5140e76687bba8897bd473e6ced8e249b147034d95949a08972d79460f04b83b964caacad455e6095970f05e1f5c0c3e38d1baea144a625a61
SSDEEP

3072:G5xefzcmgGhBJ1M7qlBuHb7y/Zts3C5nrnufYkyF4n5+Eh9bq0mbuVo:mOcT4M7qreb7y/7RqAkWo59bq0mbui

Score

N/A

Malware Config

Signatures

Files

d8be358d25d4106fce031066340014ffa95c1437701195e53833184dbccfa412
.exe windows x86

194a697e65abbf285f5c957a0ad4c2b3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
FindResourceW
lstrcmpiW
lstrcpynW
GetCurrentProcessId
SizeofResource
LoadLibraryW
LocalAlloc
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
lstrcpyW
lstrlenW
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GetLastError
FormatMessageW
LoadLibraryExW
MultiByteToWideChar
GetFileAttributesW
GetModuleFileNameW
GetUserDefaultLangID
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
GetTickCount
GetProcAddress
InterlockedExchange
QueryPerformanceCounter
GetStartupInfoA
GetModuleHandleA
ExitProcess
GetVersionExA
LoadLibraryA
LocalFree
GetCurrentThread
GetCurrentProcess
CloseHandle

user32

MessageBoxW
DestroyWindow
CharNextW

advapi32

RegEnumKeyExW
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
ConvertSidToStringSidW
EqualSid
ConvertStringSidToSidW
RegSetValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

gdiplus

GdiplusShutdown
GdiplusStartup

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr

comctl32

ord17

msvcr71

exit
__CxxFrameHandler
memcpy
realloc
_CxxThrowException
malloc
wcscat
_vsnwprintf
_purecall
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_callnewh
__security_error_handler
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
wcsncpy
wcsrchr
memmove
wcscpy
??_V@YAXPAX@Z
??3@YAXPAX@Z
free
_except_handler3
memset
wcslen

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

194a697e65abbf285f5c957a0ad4c2b3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdiplus

ole32

oleaut32

comctl32

msvcr71

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 832B

.rsrc Size: 124KB - Virtual size: 123KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 832B

.rsrc
Size: 124KB - Virtual size: 123KB