9967b738a8819ab7052ee2910bae8924d2b2b5870133bcc4a7e58184f63bf955

Sharing

Copy URL

Twitter E-mail

General

Target

9967b738a8819ab7052ee2910bae8924d2b2b5870133bcc4a7e58184f63bf955
Size

172KB
MD5

9213c0939fab49a1fc9bbe412cf3d847
SHA1

013db8b84a38523e1730dc4ec7a988a3f7aa7dfe
SHA256

9967b738a8819ab7052ee2910bae8924d2b2b5870133bcc4a7e58184f63bf955
SHA512

269dcea83ef46c8f57e720818a55e31905d4c85521804887cb1fd22d03fda783d9b6efd99cf627852bb30a129fc57729e27bfac410b078f7a4a57705c71edc4b
SSDEEP

3072:V9rZ0GoA+zmaWe8PRDCONqOOKvLa3nepQhEdLwF:DZ0GoArDxNqOOaau2Wdi

Score

N/A

Malware Config

Signatures

Files

9967b738a8819ab7052ee2910bae8924d2b2b5870133bcc4a7e58184f63bf955
.exe windows x86

83d8ec1f04472f908de4c31f581c534c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

secur32

GetUserNameExA

kernel32

ReadFile
Sleep
CreateNamedPipeA
GetOverlappedResult
GetModuleFileNameA
CreateEventA
ResetEvent
WriteFile
DisconnectNamedPipe
FlushFileBuffers
DeleteFileA
WaitForSingleObject
ConnectNamedPipe
CreateMutexA
FileTimeToLocalFileTime
FormatMessageA
SetFilePointer
InterlockedExchange
GetCommandLineA
IsBadStringPtrA
OutputDebugStringA
FileTimeToSystemTime
GetLocalTime
SetEvent
WaitForMultipleObjects
CallNamedPipeA
GetComputerNameA
lstrcmpiA
SetConsoleCtrlHandler
GetCurrentProcessId
GetTickCount
CloseHandle
LoadLibraryA
GetProcAddress
MultiByteToWideChar
GetWindowsDirectoryA
GetFileAttributesA
GetLastError
OpenProcess
FreeLibrary
CreateProcessA
GetCurrentProcess
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
CreateFileA
GetEnvironmentVariableA
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

CloseServiceHandle
OpenSCManagerA
DeleteService
OpenServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceCtrlDispatcherA
CreateProcessAsUserW
ImpersonateLoggedOnUser
LookupAccountSidA
OpenProcessToken
RevertToSelf
GetTokenInformation
CreateServiceA

ole32

OleInitialize
CLSIDFromString
OleUninitialize
CoCreateInstance
StringFromCLSID

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SysAllocString

msvcp80

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?uncaught_exception@std@@YA_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?toupper@?$ctype@D@std@@QBEDD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Incref@facet@locale@std@@QAEXXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Bid@locale@std@@QAEIXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0_Lockit@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??1locale@std@@QAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0locale@std@@QAE@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@0@Z

msvcr80

memcpy
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
_invoke_watson
_controlfp_s
_CxxThrowException
__CxxFrameHandler3
memset
?terminate@@YAXXZ
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
strcpy_s
_invalid_parameter_noinfo
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_stricmp
memmove_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??_V@YAXPAX@Z
__argv
__argc
_itoa_s
free
atol
malloc
_strnicmp
_strlwr_s
strchr
_purecall
strcat_s
strstr
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

83d8ec1f04472f908de4c31f581c534c

Headers

File Characteristics

Imports

psapi

secur32

kernel32

advapi32

ole32

oleaut32

msvcp80

msvcr80

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 60KB - Virtual size: 59KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 4KB - Virtual size: 1KB