f7057b340e5fce3df13f03fdeb206a7287d2b46d68fe9636c82c8ef50a7e5572

Sharing

Copy URL Twitter E-mail

General

Target

f7057b340e5fce3df13f03fdeb206a7287d2b46d68fe9636c82c8ef50a7e5572
Size

428KB
MD5

0ec467760537ac30afb7e8b19fae4a90
SHA1

ac1ead3f992eff3c4eac4566ac44cbe0acc8f409
SHA256

f7057b340e5fce3df13f03fdeb206a7287d2b46d68fe9636c82c8ef50a7e5572
SHA512

0ea314f99861359c56765f87d05a108a85728ccbea17e21add3e6a404a88f5c73eddc1baf5ac77bd545cd5716dc18b8e4b46d51ad649e47334cc2350cb5c5c99
SSDEEP

6144:EFXF++16Y6C0WbfoiRY5wALXqo1jmUZxL6xQGQW8w:+XFHVn0Wbfoiu3LXqs76l5

Score

N/A

Malware Config

Signatures

Files

f7057b340e5fce3df13f03fdeb206a7287d2b46d68fe9636c82c8ef50a7e5572
.exe windows x86

effc8978ebe58071283cd52f0817aee8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

reduinfo

CreateReduProcInfo
ReleaseReduProcInfo
GetReduProcInfo
ReleaseReduProcLock
CreateReduProcLock
SetReduProcInfo

filetrans

SCTransFile_UninitDll
SCTransFile_InitDll
SCTransFile_ReleaseTask
SCTransFile_AddTask
SCTransFile_DealTask
SCTransFile_GetEndCode

almsnanls

Alm_PrepareFileTransfer

oprsnanls

Opr_PrepareFileTransfer

scsysinfo

GetSysRunInfo

proccontrol

ReleaseProcInfo
InitProcessInfo
GetProcInfoStatus
SetProcInfoStatus

trdrwlock

TryLockDBOperate
UnLockDBOperate

scinfownd

SCINFO_RemoveInfo
SCINFO_SetInfoToWnd

mfc42d

ord2103
ord1784
ord2412
ord4078
ord4081
ord3692
ord3575
ord2679
ord4021
ord973
ord4279
ord2717
ord2223
ord2222
ord3429
ord4756
ord3361
ord1365
ord3651
ord4174
ord1781
ord4118
ord3618
ord4210
ord2077
ord1309
ord1857
ord3069
ord3944
ord3666
ord2076
ord1566
ord5078
ord3002
ord4064
ord1344
ord1830
ord1631
ord4205
ord2340
ord2481
ord2584
ord3691
ord2473
ord2585
ord2341
ord2432
ord2339
ord3143
ord3144
ord3142
ord2431
ord3367
ord3786
ord3661
ord4492
ord697
ord681
ord599
ord313
ord516
ord479
ord354
ord728
ord571
ord684
ord880
ord487
ord1096
ord3452
ord1855
ord2055
ord2054
ord4689
ord1624
ord1179
ord3450
ord1656
ord450
ord3685
ord4183
ord1239
ord1969
ord3710
ord5076
ord632
ord1826
ord5011
ord1808
ord3068
ord3436
ord398
ord422
ord4656
ord4951
ord1590
ord734
ord4061
ord4195
ord4017
ord1862
ord4753
ord3362
ord1364
ord4176
ord4208
ord2078
ord1310
ord3670
ord4191
ord3658
ord1952
ord1228
ord2875
ord586
ord680
ord574
ord736
ord492
ord335
ord478
ord317
ord1757
ord3524
ord4934
ord3831
ord337
ord721
ord588
ord4393
ord685
ord493
ord485
ord901
ord3355
ord824
ord4405
ord4381
ord5019
ord5016
ord1549
ord2256
ord3112
ord3110
ord590
ord1510
ord4123
ord342
ord3042
ord554
ord1509
ord767
ord758
ord765
ord768
ord290
ord965
ord899
ord945
ord813
ord2168
ord2044
ord3530
ord772
ord788
ord791
ord593
ord3268
ord926
ord823
ord985
ord903
ord2489
ord3343
ord3338
ord2142
ord2133
ord345
ord4330
ord1041
ord509
ord4302
ord2291
ord3555
ord2640
ord2936
ord410
ord714
ord1042
ord643
ord4264
ord5093
ord3382
ord2419
ord797
ord803
ord1996
ord1122
ord1100
ord4256
ord5084
ord1493
ord1789
ord2661
ord4227
ord4230
ord3366
ord4239
ord4215
ord4409
ord3784
ord3657
ord2023
ord1287
ord708
ord986
ord531
ord2105
ord3519
ord4170
ord1098
ord4642
ord723
ord3779
ord3776
ord3774
ord3552
ord5077
ord3702
ord1880
ord1860
ord4415
ord1033
ord4130
ord4229
ord3826
ord4408
ord2021
ord1285
ord2986
ord706
ord528
ord1886
ord5065
ord567
ord4228
ord4143
ord308
ord4295
ord2063
ord996
ord468
ord3446
ord4820
ord2052
ord1135
ord3629
ord3948
ord3231
ord2104
ord1577
ord1044
ord881
ord4402
ord1523
ord5103
ord4448
ord2170
ord683
ord4125
ord484
ord739
ord511
ord3403
ord1401
ord3527
ord3825
ord2411
ord2415
ord5058
ord1858
ord1876
ord4178
ord4420
ord1350
ord4304
ord2484
ord4387
ord3656
ord4000
ord3950
ord1797
ord3636
ord2753
ord2509
ord4749
ord3373
ord4785
ord4901
ord3785
ord3660
ord328
ord582
ord3938
ord1232
ord1956
ord3778
ord3777
ord1490
ord3551
ord3758
ord3978
ord4068
ord3611
ord3616
ord3836
ord3970
ord3729
ord3739
ord3738
ord3726
ord3728
ord3725
ord4004
ord4002
ord3379
ord4175
ord4216
ord3001
ord1343
ord3664
ord526
ord704
ord4190
ord1871
ord1284
ord2020
ord3369
ord740
ord1756
ord5056
ord4896
ord2995
ord5072
ord3201
ord3170
ord877
ord454
ord2069
ord3400
ord3717
ord4403
ord4380
ord1417
ord719
ord730
ord1190
ord790
ord1264

msvcrtd

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_acmdln
_controlfp
memcpy
atoi
strcpy
memset
_chkesp
__CxxFrameHandler
_setmbcp
exit
_XcptFilter
_exit
_onexit
__dllonexit

kernel32

GetCurrentProcessId
GetModuleHandleA
GetStartupInfoA
GetTickCount
WaitForSingleObject
CreateToolhelp32Snapshot
Thread32First
Thread32Next
TerminateProcess
GetModuleFileNameA
CreateProcessA
OpenProcess
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
TerminateThread
FormatMessageA
LocalFree
InterlockedExchangeAdd
InterlockedExchange
WritePrivateProfileStringA
GetSystemDirectoryA
DeleteFileA
Sleep

user32

PostThreadMessageA
SetWindowPos
FindWindowA
RegisterWindowMessageA
IsWindow
PostMessageA
GetCursorPos
LoadIconA

shell32

Shell_NotifyIconA

mfco42d

ord1143
ord332
ord798

mfcn42d

ord277

wsock32

gethostname
gethostbyname
inet_addr

psapi

GetModuleBaseNameA
GetModuleFileNameExA
EnumProcessModules
EnumProcesses

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tc
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

effc8978ebe58071283cd52f0817aee8

Headers

File Characteristics

Imports

reduinfo

filetrans

almsnanls

oprsnanls

scsysinfo

proccontrol

trdrwlock

scinfownd

mfc42d

msvcrtd

kernel32

user32

shell32

mfco42d

mfcn42d

wsock32

psapi

Sections

.text Size: 148KB - Virtual size: 146KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 3KB

.idata Size: 12KB - Virtual size: 8KB

.rsrc Size: 40KB - Virtual size: 36KB

.reloc Size: 8KB - Virtual size: 5KB

.tc Size: 200KB - Virtual size: 200KB

.text
Size: 148KB - Virtual size: 146KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 3KB

.idata
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 40KB - Virtual size: 36KB

.reloc
Size: 8KB - Virtual size: 5KB

.tc
Size: 200KB - Virtual size: 200KB