d2bf6b8bbe79bde350c703727f2fa12097346e0f763ab8b5ac46acfa7c4d51e3

Sharing

Copy URL Twitter E-mail

General

Target

d2bf6b8bbe79bde350c703727f2fa12097346e0f763ab8b5ac46acfa7c4d51e3
Size

124KB
MD5

34b2919f30dec2f5d7f0343f333536d0
SHA1

1773eb11352a2b82056a583e08de0bad6723c71f
SHA256

d2bf6b8bbe79bde350c703727f2fa12097346e0f763ab8b5ac46acfa7c4d51e3
SHA512

fd286a037f6881f97ad91b8b9a91b0c781272fd5409b3bb8d9d7b1571e18ee6bf0dad8f0db6a99f766f37a60042359f6a87359044861cd192022d3c6ba2f672f
SSDEEP

1536:/6lSb8UTSR7O5GjQja3PSAtil+pbTpKCNg5osc3WZf+KSSDbXjt21OG:SlvUTSR7O584ASuu+skWZ+KSSXj81OG

Score

N/A

Malware Config

Signatures

Files

d2bf6b8bbe79bde350c703727f2fa12097346e0f763ab8b5ac46acfa7c4d51e3
.exe windows x86

4d8aa96c79570450369722a9e6122094

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

strcat
memcpy
_onexit
__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
free
calloc
_beginthreadex
atoi
strncat
strtok
strrchr
??3@YAXPAX@Z
_except_handler3
strcmp
malloc
strchr
strcpy
memcmp
??2@YAPAXI@Z
memset
strstr
strlen
_ftol
ceil
_CxxThrowException
__CxxFrameHandler
memmove
_strupr
_strnicmp

shlwapi

SHDeleteKeyA

kernel32

LocalAlloc
LoadLibraryA
VirtualFree
VirtualAlloc
lstrcpyA
SetEvent
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetVersionExA
Sleep
CloseHandle
ReadFile
SetFilePointer
GetLastError
SetLastError
LocalFree
CreateProcessA
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
RaiseException
ExitProcess
MoveFileA
CreateEventA
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameA
CopyFileA
ReleaseMutex
SetErrorMode
CreateThread
WriteFile
GetModuleHandleA
GetStartupInfoA
InterlockedExchange
GetProcAddress
OpenProcess

advapi32

LsaClose
IsValidSid
LookupAccountNameA
GetTokenInformation
LookupAccountSidA
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegEnumValueA
RegEnumKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
FreeSid
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueA
RegOpenKeyA
RegQueryValueExA
SetEntriesInAclA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
LsaOpenPolicy
LsaRetrievePrivateData

userenv

CreateEnvironmentBlock

msvfw32

ICSendMessage
ICSeqCompressFrameEnd

Exports

Exports

WinMain

Sections

.data
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d8aa96c79570450369722a9e6122094

Headers

File Characteristics

Imports

msvcrt

shlwapi

kernel32

advapi32

userenv

msvfw32

Exports

Exports

Sections

.data Size: 104KB - Virtual size: 101KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 316B

.reloc Size: 4KB - Virtual size: 3KB

.data
Size: 104KB - Virtual size: 101KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 316B

.reloc
Size: 4KB - Virtual size: 3KB