73c81fbf37db467670e9b7d9124c3565c174c4bd1c5402d99fe9c8d941ca84d8

Sharing

Copy URL Twitter E-mail

General

Target

73c81fbf37db467670e9b7d9124c3565c174c4bd1c5402d99fe9c8d941ca84d8
Size

984KB
MD5

0accd9e8eafde57cb8401763b5454191
SHA1

4baf929ab7436ae65bcfd258feb3f16d775e94c1
SHA256

73c81fbf37db467670e9b7d9124c3565c174c4bd1c5402d99fe9c8d941ca84d8
SHA512

0ea90dc109a2b77f17f265c9da3d621464e492eecb31d9d87421e0eaf5d497583d0db5841c15aedb854e09e6c4504120778dfd46219ca76d2801230e27077ac6
SSDEEP

12288:7ToQap5zfPBs0l9LBU8qXxzSiWgIsspDK2jekcRbxF:4zj1s0l9LBU8qXxzrWhtZjh

Score

N/A

Malware Config

Signatures

Files

73c81fbf37db467670e9b7d9124c3565c174c4bd1c5402d99fe9c8d941ca84d8
.exe windows x86

db06692372ce2de9769ed6a513ecb392

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

controlcan

ord11
ord16
ord6
ord1
ord13
ord17
ord2
ord10
ord5
ord14

mfc100d

ord316
ord9163
ord884
ord1351
ord12516
ord14987
ord15152
ord3184
ord15044
ord15487
ord9148
ord1727
ord10061
ord15240
ord8087
ord955
ord1395
ord8307
ord2197
ord8835
ord10938
ord5600
ord356
ord1024
ord5041
ord4085
ord2685
ord4651
ord10078
ord4131
ord12983
ord13035
ord15818
ord12939
ord10004
ord2964
ord14880
ord6841
ord2838
ord2813
ord12613
ord2842
ord4301
ord4374
ord4407
ord4449
ord4500
ord4452
ord4033
ord9143
ord13362
ord8929
ord9856
ord15148
ord3424
ord3536
ord4436
ord8102
ord973
ord1411
ord8314
ord2696
ord4663
ord13083
ord1290
ord270
ord2196
ord6975
ord14380
ord10245
ord5575
ord6122
ord5893
ord4048
ord15438
ord8796
ord14988
ord14065
ord14943
ord6412
ord7548
ord6942
ord7526
ord15093
ord14348
ord851
ord1334
ord852
ord1309
ord805
ord463
ord1095
ord3487
ord804
ord8861
ord855
ord843
ord13540
ord1471
ord509
ord1128
ord8179
ord6389
ord5741
ord7243
ord10000
ord4424
ord11194
ord8320
ord986
ord1421
ord2244
ord4727
ord1409
ord1382
ord1402
ord7497
ord2693
ord4660
ord11073
ord6309
ord13910
ord13082
ord13131
ord11247
ord8994
ord4983
ord13121
ord13113
ord6497
ord4044
ord16019
ord16022
ord16020
ord16023
ord16018
ord16021
ord8709
ord13440
ord15706
ord12826
ord16627
ord6522
ord8656
ord13929
ord4279
ord4337
ord10266
ord15833
ord8635
ord15835
ord13448
ord13447
ord2559
ord5822
ord16308
ord13844
ord9200
ord9292
ord351
ord1023
ord9202
ord4137
ord14301
ord2067
ord6128
ord6488
ord3549
ord14609
ord5641
ord11389
ord971
ord939
ord8503
ord9235
ord3987
ord3886
ord9149
ord7675
ord9289
ord8941
ord2553
ord14664
ord15042
ord9298
ord14310
ord8348
ord14354
ord1815
ord14359
ord14703
ord14937
ord13766
ord14503
ord15245
ord15241
ord1774
ord12481
ord8993
ord862
ord1335
ord14101
ord7506
ord4409
ord11882
ord1697
ord1444
ord503
ord6150
ord474
ord1102
ord6077
ord4041
ord4053
ord14600
ord13449
ord15330
ord15839
ord7188
ord7801
ord417
ord1059
ord8165
ord10105
ord13037
ord444
ord1079
ord6935
ord15102
ord7667
ord3342
ord5503
ord11241
ord12745
ord11650
ord6804
ord9177
ord6468
ord8510
ord13755
ord14007
ord8099
ord969
ord1407
ord4849
ord8311
ord15785
ord11642
ord2690
ord4657
ord12960
ord12556
ord5348
ord2839
ord2815
ord12614
ord2840
ord9857
ord3427
ord3539
ord6398
ord7854
ord406
ord1054
ord3453
ord3452
ord14072
ord5045
ord2765
ord4062
ord369
ord1029
ord3883
ord2035
ord9618
ord5058
ord8086
ord954
ord1394
ord8321
ord13399
ord871
ord1343
ord14075
ord9679
ord9180
ord3780
ord4482
ord9678
ord9179
ord11489
ord10003
ord3423
ord4435
ord5223
ord3887
ord12993
ord11859
ord12229
ord4281
ord3581
ord3580
ord3334
ord3333
ord6839
ord14876
ord3472
ord3469
ord8986
ord2963
ord16611
ord16613
ord16612
ord16610
ord16614
ord16596
ord16523
ord16524
ord10007
ord12950
ord4028
ord12781
ord15828
ord9834
ord13036
ord4876
ord2742
ord7669
ord11845
ord10126
ord3432
ord15019
ord13138
ord13136
ord1753
ord1760
ord1766
ord1764
ord1771
ord5324
ord5361
ord5332
ord5344
ord5340
ord5336
ord5366
ord5357
ord5328
ord5370
ord2871
ord12986
ord4133
ord3544
ord3543
ord3431
ord13032
ord5664
ord6047
ord6306
ord10219
ord6019
ord6334
ord5667
ord5884
ord5647
ord8412
ord8413
ord8403
ord5882
ord8998
ord11078
ord10079
ord4545
ord2597
ord14148
ord9903
ord311
ord6501
ord3199
ord306
ord1731
ord1460
ord6450
ord4074
ord7553
ord8599
ord14005
ord7546
ord6358
ord4081
ord15613
ord4803
ord9631
ord7668
ord9243
ord1143
ord532
ord15536
ord1463
ord2267
ord14465
ord11273
ord5577
ord6356
ord5773
ord14383
ord8790
ord4047
ord5349
ord5315
ord5319
ord9613
ord6410
ord5352
ord4887
ord16531
ord4874
ord3235
ord2199
ord4856
ord1669
ord8509
ord5896
ord15334
ord999
ord322
ord8163
ord4261
ord1442
ord1057
ord413
ord7799
ord1435
ord14753
ord8783
ord4046
ord14729
ord15748
ord5897
ord14431
ord8776
ord1434
ord9685
ord15836
ord8636
ord15834
ord7518
ord12557
ord964
ord2478
ord2294
ord14811
ord2072

msvcr100d

_CIsqrt
clock
sprintf
strtok_s
fopen_s
fgets
_CRT_RTC_INITW
_setmbcp
memset
_CxxThrowException
__CxxFrameHandler3
strstr
fclose
fwrite
_invoke_watson
_controlfp_s
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_initterm_e
_initterm
_CrtDbgReportW
_CrtSetCheckCount
_acmdln
_ismbblead
exit
_cexit
_XcptFilter
_exit
__getmainargs
_amsg_exit
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
malloc
realloc
free
fprintf
_chdir
rename
atol
strtod
strtok
sscanf
memmove
atof
fgetc
rewind
ftell
fseek
fopen
sprintf_s
atoi

kernel32

HeapFree
LoadLibraryW
GetProcAddress
RaiseException
LocalFree
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetProcessHeap
GetModuleFileNameW
VirtualQuery
FreeLibrary
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
FindClose
FindNextFileA
FindFirstFileA
GetCurrentThreadId
GetCurrentDirectoryA
CreateDirectoryA
CloseHandle
ReleaseMutex
GetLastError
CreateMutexA
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocalTime
SetCurrentDirectoryA
CopyFileA
DeleteFileA
lstrcpyA
Sleep
IsProcessorFeaturePresent

user32

RegisterDeviceNotificationA
GetKeyState
UnhookWindowsHookEx
GetSystemMetrics
SetWindowsHookExA
CallNextHookEx
SetRect
GetDlgCtrlID
GetMessagePos
SendMessageA
SetWindowLongA
GetWindowLongA
GetCursorPos

gdi32

CreateSolidBrush

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shell32

ShellExecuteA

shlwapi

PathFileExistsA

oleaut32

SysAllocString
VariantClear

rpcrt4

UuidFromStringA

Sections

.text
Size: 211KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 398KB - Virtual size: 398KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db06692372ce2de9769ed6a513ecb392

Headers

DLL Characteristics

File Characteristics

Imports

controlcan

mfc100d

msvcr100d

kernel32

user32

gdi32

comdlg32

shell32

shlwapi

oleaut32

rpcrt4

Sections

.text Size: 211KB - Virtual size: 211KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 212KB - Virtual size: 2.1MB

.rsrc Size: 398KB - Virtual size: 398KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 211KB - Virtual size: 211KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 212KB - Virtual size: 2.1MB

.rsrc
Size: 398KB - Virtual size: 398KB

.reloc
Size: 33KB - Virtual size: 33KB