2b0937cd28a6d7745ae877d90ec49208da24834e241dc8e539d279a29f9bd63f

Sharing

Copy URL Twitter E-mail

General

Target

2b0937cd28a6d7745ae877d90ec49208da24834e241dc8e539d279a29f9bd63f
Size

436KB
MD5

20d7d746a2d250af423190ada63faf7f
SHA1

f430e5e6591cc49491f95a10e086e442b41896d2
SHA256

2b0937cd28a6d7745ae877d90ec49208da24834e241dc8e539d279a29f9bd63f
SHA512

faa30a63f882cb07d23df7c11775e51feb7dbc049eb5eb50620bbfdb188e6d1afa91714f589d790fdca8387a8dbf8e101943828531e9192aa2b5057311128d3a
SSDEEP

6144:rBeqkrr4j+aCMt64is7eEZrsHsknFXFL4RELtXEV2rcNhBvcwtlLibf:cqg4764isDZoXBBLt0V2rclvr+

Score

N/A

Malware Config

Signatures

Files

2b0937cd28a6d7745ae877d90ec49208da24834e241dc8e539d279a29f9bd63f
.exe windows x86

46d2f2e4b35c373f67fd85cc0b50abcd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

recv
closesocket
WSAGetLastError
listen
accept
bind
socket
htons
WSAStartup
send
WSACleanup
inet_addr
sendto
ioctlsocket
setsockopt
gethostbyname
gethostname
shutdown

shlwapi

StrStrIW

mfc42u

ord2371
ord535
ord537
ord925
ord6330
ord3087
ord6195
ord4704
ord5806
ord5477
ord2023
ord4405
ord4441
ord4329
ord4857
ord4969
ord5792
ord5474
ord1963
ord966
ord3565
ord278
ord605
ord4913
ord860
ord713
ord414
ord5855
ord2810
ord922
ord538
ord801
ord541
ord5438
ord665
ord1971
ord3313
ord5180
ord354
ord4124
ord536
ord5706
ord4273
ord940
ord654
ord5679
ord341
ord3332
ord3806
ord5647
ord3122
ord3611
ord3658
ord6381
ord350
ord5769
ord6006
ord3983
ord6874
ord6773
ord551
ord6640
ord6279
ord6278
ord5857
ord4197
ord2755
ord6136
ord5604
ord2756
ord6139
ord6137
ord4155
ord2910
ord6654
ord927
ord668
ord1972
ord3173
ord4053
ord2773
ord2762
ord356
ord6655
ord348
ord4229
ord1197
ord1594
ord3785
ord3775
ord1560
ord273
ord268
ord524
ord2069
ord1244
ord957
ord2793
ord603
ord5304
ord5807
ord5478
ord2024
ord5793
ord5475
ord967
ord3712
ord523
ord791
ord1631
ord4773
ord5436
ord2732
ord6379
ord1863
ord6567
ord1252
ord3457
ord5828
ord5446
ord6390
ord879
ord882
ord2836
ord2099
ord3495
ord5600
ord5854
ord4418
ord5599
ord5805
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord1569
ord2613
ord1131
ord3176
ord1143
ord1165
ord2858
ord4282
ord755
ord470
ord6868
ord6211
ord6451
ord4215
ord2576
ord3649
ord2430
ord6266
ord1637
ord3494
ord2507
ord355
ord2362
ord324
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord823
ord858
ord861
ord942
ord1105
ord825
ord800
ord540
ord663
ord815

msvcrt

malloc
_purecall
free
_findfirst
_findnext
swprintf
_findclose
wcscpy
_ftol
atof
_CxxThrowException
_wtoi64
wcsstr
strncpy
strncmp
wcslen
wcsncmp
_waccess
printf
wcscmp
_wtoi
__CxxFrameHandler
strstr
exit
time
difftime
_write
rand
_close
_read
_lseek
_open
sprintf
wcscat
_wcsicmp
srand
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
atoi

kernel32

lstrlenA
GetStartupInfoW
GetModuleHandleW
UnmapViewOfFile
CreateFileMappingW
GetTickCount
InitializeCriticalSection
GetTempPathW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
CopyFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
CloseHandle
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
CreateDirectoryW
GetSystemDirectoryW
RemoveDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
WinExec
InterlockedDecrement
GetLastError
LocalFree
FormatMessageW
CreateMutexW
FindClose
FindFirstFileW
SetFileAttributesW
GetDriveTypeW
GetVolumeInformationW
DeviceIoControl
CreateFileW
GetComputerNameW
CreateThread
GetLocalTime
GetDiskFreeSpaceExW
SetFilePointer
ReadFile
SystemTimeToFileTime
WriteFile
FileTimeToSystemTime
GetFileSize
GetFileInformationByHandle
MapViewOfFile
Sleep

user32

MessageBoxW
LoadIconW
AppendMenuW
GetClientRect
GetSystemMetrics
IsIconic
FindWindowW
SetForegroundWindow
GetSystemMenu
GetMenuItemCount
wsprintfW
EnableWindow
GetWindowRect
SetTimer
KillTimer
PostMessageW
SendMessageW
CreatePopupMenu
GetDesktopWindow
DrawIcon
GetCursorPos
SetWindowPos

advapi32

RegCloseKey
RegSetValueExW
RegCreateKeyW
RegQueryValueExW

shell32

Shell_NotifyIconW

ole32

CoInitialize
OleRun
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
SysAllocString
VariantClear
SysFreeString

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z

mpr

WNetGetLastErrorW

msvcirt

?endl@@YAAAVostream@@AAV1@@Z
?cerr@@3Vostream_withassign@@A
?cout@@3Vostream_withassign@@A
??6ostream@@QAEAAV0@H@Z
??6ostream@@QAEAAV0@K@Z
??6ostream@@QAEAAV0@PBD@Z

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46d2f2e4b35c373f67fd85cc0b50abcd

Headers

File Characteristics

Imports

wsock32

shlwapi

mfc42u

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp60

mpr

msvcirt

Sections

.text Size: 248KB - Virtual size: 244KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 20KB - Virtual size: 161KB

.rsrc Size: 120KB - Virtual size: 116KB

.text
Size: 248KB - Virtual size: 244KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 20KB - Virtual size: 161KB

.rsrc
Size: 120KB - Virtual size: 116KB