b8405ff702713de4a8433df5e0ae64a00f7a9a7276e4959453d98075d1e9e079

Sharing

Copy URL Twitter E-mail

General

Target

b8405ff702713de4a8433df5e0ae64a00f7a9a7276e4959453d98075d1e9e079
Size

3.5MB
MD5

b2a77c2bfce4cf8f4667a51478f75c0f
SHA1

edfbf43a40c7871b59a5777c24b5f8e17109d51f
SHA256

b8405ff702713de4a8433df5e0ae64a00f7a9a7276e4959453d98075d1e9e079
SHA512

7894eced11d45117c80ccabdfd1ee4f37f172275974ea700b7f322c760f94c45864c43cc21876b92a22fe012a0f509f247bfa0a2ba23231da79c8a51c9cff8ed
SSDEEP

98304:z47oEN93hSkKMREdz8N/KveHYK4elM6rlofdSdB6JtlCBJwuaTir7v3zsT9A56jJ:z47oEN93hSkKMREdz8N/KveHYK4elM6H

Score

N/A

Malware Config

Signatures

Files

b8405ff702713de4a8433df5e0ae64a00f7a9a7276e4959453d98075d1e9e079
.exe windows x86

63f271c09ff96813101992f6164e7d4d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetStartupInfoA
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedExchange
InterlockedIncrement
InterlockedDecrement

user32

PostMessageA

advapi32

CryptReleaseContext
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyKey
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA

pk83

ord16617
ord11251
ord10185
ord548
ord21128
ord20153
ord15771
ord11533
ord17043
ord15744
ord9265
ord17668
ord18102
ord8582
ord485
ord11359
ord5406
ord2189
ord12378
ord19067
ord3494
ord14169
ord2931
ord10464
ord18595
ord5530
ord14700
ord13032
ord5705
ord17158
ord3762
ord6250
ord20619
ord11080
ord1592
ord12667
ord11786
ord16406
ord8815
ord16859
ord1478
ord90
ord21105
ord17195
ord12483
ord7224
ord21444
ord5988
ord15046
ord4768
ord10337
ord6723
ord16148
ord20606
ord4291
ord241
ord7020
ord16310
ord6272
ord17400
ord14146
ord21209
ord12336
ord10739
ord18455
ord11971
ord7706
ord14837
ord18933
ord565
ord20078
ord2763
ord7437
ord18838
ord21702
ord9337
ord2244
ord17976
ord8666
ord17223
ord19018
ord11683
ord10677
ord10419
ord7136
ord7386
ord13383
ord2554
ord9248
ord631
ord12710
ord22055
ord11443
ord1436
ord5451
ord8756
ord5011
ord14802
ord3766
ord3182
ord20538
ord14510
ord20746
ord15273
ord9328
ord12288
ord4516
ord12568
ord20702
ord10568
ord12217
ord11519
ord15362
ord20009
ord10170
ord8363
ord16248
ord1543
ord1134
ord9455
ord18279
ord17838
ord10760
ord5513
ord18021
ord2451
ord7558
ord1759
ord15044
ord6689
ord9525
ord17099
ord13843
ord7319
ord19948
ord14394
ord18943
ord4033
ord20459
ord20285
ord5428
ord17702
ord20461
ord16157
ord21047
ord10323
ord19971
ord22024
ord639
ord17988
ord8930
ord5620
ord2043
ord8037
ord6150
ord15537
ord6543
ord6949
ord8274
ord15331
ord1270
ord12871
ord16728
ord13871
ord18879
ord10017
ord8924
ord902
ord4120
ord4499
ord6942
ord12139
ord5826
ord5429
ord3837
ord16387
ord17242
ord1307
ord10904
ord16184
ord18723
ord19671
ord15740
ord5730
ord16219
ord21926
ord5009
ord17172
ord11997
ord17783
ord5307
ord15342
ord17640
ord1020
ord4307
ord20416
ord11194
ord1687
ord16878
ord12333
ord7984
ord229
ord15465
ord16263
ord16500
ord19190
ord5174
ord21859
ord12519
ord7027
ord4609
ord21910
ord19401
ord1356
ord4927
ord1838
ord12148
ord18525
ord20337
ord15055
ord15721
ord19066
ord1198
ord11240
ord6147
ord13216
ord4551
ord13553
ord3223
ord21368
ord20989
ord8075
ord5208
ord5851
ord5159
ord21204
ord11835
ord5371
ord9196
ord1228
ord21844
ord916
ord18379
ord13987
ord9464
ord8458
ord3548
ord13091
ord16740
ord19774
ord7225
ord4669
ord14627
ord14321
ord16470
ord2056
ord6947
ord19674
ord5488
ord7452
ord10695
ord18483
ord20511
ord9968
ord2138
ord5272
ord19184
ord932
ord2669
ord805
ord2663
ord17675
ord56
ord20192
ord12838
ord409
ord6005
ord12666
ord20342
ord16167
ord4881
ord12625
ord19735
ord15881
ord13788
ord3560
ord15868
ord11868
ord21220
ord5031
ord7792
ord18891
ord21431
ord1615
ord4223
ord19146
ord6630
ord9492
ord21555
ord8069
ord2843
ord3459
ord4534
ord13578
ord19397
ord15923
ord4812
ord10236
ord4937
ord12450
ord20389
ord10009
ord17680
ord8058
ord8177
ord20608
ord4287
ord6273
ord14075
ord13613
ord19555
ord9607
ord449
ord15224
ord7836
ord535
ord5710
ord14907
ord10869
ord9015
ord689
ord3350
ord12746
ord18126
ord854
ord2568
ord21724
ord9321
ord2769
ord19694
ord8448
ord13016
ord13371
ord5021
ord2449
ord240
ord10574
ord20037
ord6202
ord3587
ord17827
ord20395
ord21892
ord10005
ord6811
ord149
ord20980
ord21835
ord12044
ord4582
ord19798
ord4507
ord9636
ord5825
ord21404
ord16354
ord19843
ord1029
ord15496
ord10661
ord3507
ord8287
ord17513
ord19621
ord9914
ord12947
ord7488
ord15327
ord76
ord7310
ord7980
ord3482
ord5518
ord6584
ord17237
ord10510
ord2631
ord17303
ord7304
ord4490
ord10704
ord22060
ord12636
ord11348
ord4107
ord17044
ord8377
ord2008
ord16512
ord14377
ord12446
ord18687
ord19786
ord5070
ord21429
ord4877
ord1701
ord12485
ord4198
ord10059
ord6748
ord21320
ord3891
ord7527
ord21544
ord20299

msvcr71

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
_callnewh
malloc
strchr
isdigit
isupper
memmove
strtoul
isxdigit
sprintf
rand
srand
_mktemp
_strupr
wcscmp
_stricmp
_setjmp3
__CxxLongjmpUnwind
fopen
_purecall
wcslen
_CxxThrowException
__CxxFrameHandler
??_V@YAXPAX@Z
??3@YAXPAX@Z
_access

Sections

.text
Size: 224KB - Virtual size: 221KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 560KB - Virtual size: 559KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

63f271c09ff96813101992f6164e7d4d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

pk83

msvcr71

Sections

.text Size: 224KB - Virtual size: 221KB

CONST Size: 12KB - Virtual size: 9KB

_TEXT Size: 2.6MB - Virtual size: 2.6MB

xdata Size: 32KB - Virtual size: 29KB

text Size: 28KB - Virtual size: 25KB

_BSS Size: - Virtual size: 48B

.rdata Size: 560KB - Virtual size: 559KB

.data Size: 4KB - Virtual size: 1KB

_DATA Size: 4KB - Virtual size: 2KB

.rsrc Size: 32KB - Virtual size: 32KB

.text
Size: 224KB - Virtual size: 221KB

CONST
Size: 12KB - Virtual size: 9KB

_TEXT
Size: 2.6MB - Virtual size: 2.6MB

xdata
Size: 32KB - Virtual size: 29KB

text
Size: 28KB - Virtual size: 25KB

_BSS
Size: - Virtual size: 48B

.rdata
Size: 560KB - Virtual size: 559KB

.data
Size: 4KB - Virtual size: 1KB

_DATA
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 32KB - Virtual size: 32KB