a268858fbbc815ca6b477a0a7ff36ea7afb9c441204b1a51c7f12e59c155131f

Sharing

Copy URL Twitter E-mail

General

Target

a268858fbbc815ca6b477a0a7ff36ea7afb9c441204b1a51c7f12e59c155131f
Size

916KB
MD5

92c4e21166a8d1d6784088e66706be66
SHA1

e791b048e1440dd590be86a5b4fb76e9ca2aeff3
SHA256

a268858fbbc815ca6b477a0a7ff36ea7afb9c441204b1a51c7f12e59c155131f
SHA512

9481d05eaaca0b058ab34801a89acaee8d6fde189f7666c9359bbe997b7d8b2c6866e473e43e124508565acdfb836924e4653c136f2d6ae75c5c73b9884645b7
SSDEEP

24576:B3DTcCah81dei168VZTPatHmpGuALG7jZjwKqm7dxleez:NRZTPatHmAo/ZWmh/z

Score

N/A

Malware Config

Signatures

Files

a268858fbbc815ca6b477a0a7ff36ea7afb9c441204b1a51c7f12e59c155131f
.dll windows x86

3abee14148040e7fbf08aa9c7bf5348f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
SetFileAttributesA
GetFileAttributesA
FindNextFileA
MoveFileA
LoadLibraryA
SetErrorMode
FreeLibrary
GetProcAddress
RemoveDirectoryA
GetTickCount
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreA
Sleep
GetCurrentThreadId
CreateThread
GetExitCodeThread
TerminateThread
GetDriveTypeA
FindFirstFileA
CreateDirectoryA
GetModuleFileNameA
GetWindowsDirectoryA
GetDiskFreeSpaceA
FindClose
ResetEvent
SetEvent
CreateEventA
ReleaseMutex
WaitForSingleObject
CloseHandle
GetSystemDirectoryA
GetVersion
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetThreadPriority
SetThreadPriority
ResumeThread
SuspendThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetTempFileNameA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetSystemInfo
GetTempPathA
CreateFileA
GetFileSize
GetLastError
GetVersionExA
DisableThreadLibraryCalls
CreateMutexA

user32

GetMessageA
PostMessageA
PostThreadMessageA
KillTimer
SetTimer
DispatchMessageA
PeekMessageA
GetSystemMetrics
CharPrevA
CharNextA

advapi32

RegOpenKeyA
RegSetValueA
RegCreateKeyA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?_Xran@_String_base@std@@QBEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?_Nomemory@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr71

strtol
_vsnprintf
strrchr
_strnicmp
_timezone
localtime
time
_tzset
_mbctype
strtok
fwrite
fread
ftell
fseek
malloc
realloc
calloc
abort
fprintf
_iob
_callnewh
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
_except_handler3
?terminate@@YAXXZ
_open
_creat
_close
_CIpow
strchr
isupper
tolower
fgets
isspace
strncpy
sprintf
_snprintf
_stricmp
sscanf
floor
strstr
memmove
fopen
fclose
??_V@YAXPAX@Z
free
toupper
_purecall
__CxxFrameHandler
strncmp
atol
atoi
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??3@YAXPAX@Z
??0exception@@QAE@XZ
getenv
_sopen
_lseek
_tell
_read
_write
_unlink
??1exception@@UAE@XZ
_strdup
_strcmpi
_getcwd
_chdir
_putenv
_stat
_itoa
_findfirst
_findnext
_findclose
_errno
_fstat
_chsize
_endthreadex
_beginthreadex
_ftime

ole32

CoCreateGuid
CoInitializeEx
CoUninitialize

Exports

Exports

HXTCreateJobFactory
RMACreateRMJobFactory
SetDLLAccessPath

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3abee14148040e7fbf08aa9c7bf5348f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcp71

msvcr71

ole32

Exports

Exports

Sections

.text Size: 668KB - Virtual size: 667KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 4KB - Virtual size: 948B

.rsrc Size: 4KB - Virtual size: 744B

.reloc Size: 48KB - Virtual size: 45KB

.rmnet Size: 80KB - Virtual size: 80KB

.text
Size: 668KB - Virtual size: 667KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 4KB - Virtual size: 948B

.rsrc
Size: 4KB - Virtual size: 744B

.reloc
Size: 48KB - Virtual size: 45KB

.rmnet
Size: 80KB - Virtual size: 80KB