1cded3609c60781868fdcce5dc12282f3021a4fe1e6fb798663a5b78f256fa94

Sharing

Copy URL Twitter E-mail

General

Target

1cded3609c60781868fdcce5dc12282f3021a4fe1e6fb798663a5b78f256fa94
Size

260KB
MD5

2b933cc7cffe7362f1e101fcb3f6b0e0
SHA1

615f3085fcc745964c3b645ea860be4a03664544
SHA256

1cded3609c60781868fdcce5dc12282f3021a4fe1e6fb798663a5b78f256fa94
SHA512

ad8888827fcd829474ed8b8ad370075e753823f7ca60da31d4bad4137ef0755dbd951762c5e79b35af38c26c04cfe6eb2c8d1fc00b4d77c06b4b73a66887c16f
SSDEEP

6144:WnNVb+AANq1h3iUYB3dnYz+2Tq2tRug3awa6PyOi+hvh0:IxYB3e+2Tq2Dugqwabivh

Score

N/A

Malware Config

Signatures

Files

1cded3609c60781868fdcce5dc12282f3021a4fe1e6fb798663a5b78f256fa94
.exe windows x86

b99d88f6d8a08adef893094c0f70895e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
strcpy
exit
toupper
strlen
_ftol
ceil
_endthread
strcmp
strncpy
_beginthread
atoi
??1type_info@@UAE@XZ
_CxxThrowException
strstr
srand
rand
_snprintf
memset
_vsnprintf
strncat

kernel32

LocalFree
GetSystemTime
CreateFileA
GetFileSize
WriteFile
ReadFile
FreeLibrary
LoadLibraryA
GetProcAddress
OpenProcess
VirtualAllocEx
WinExec
GetComputerNameA
GetLocaleInfoA
GetTickCount
Sleep
TerminateThread
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetCurrentProcessId
ExitProcess
GetLastError
SetFileAttributesA
CopyFileA
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
SetErrorMode
GetTempPathA
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersionExA
GetFileAttributesA
SetProcessPriorityBoost
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
MoveFileExA
GetEnvironmentVariableA
GetShortPathNameA
lstrlenA
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteFileA
CloseHandle
CreateRemoteThread
WriteProcessMemory
SetFilePointer

user32

VkKeyScanA
FindWindowA
SetFocus
SetForegroundWindow
CloseClipboard
SetClipboardData
ShowWindow
OpenClipboard
EmptyClipboard
GetWindowThreadProcessId
BlockInput
keybd_event

ws2_32

htons
socket
connect
send
inet_addr
gethostbyname
recv
WSACleanup
WSAStartup
closesocket

wininet

InternetOpenUrlA
InternetOpenA
InternetReadFile

urlmon

URLDownloadToFileA

shell32

SHChangeNotify
ShellExecuteA
ShellExecuteExA

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

ntdll

NtQuerySystemInformation
ZwSystemDebugControl

oleaut32

VariantInit
SysAllocString
VariantClear

ole32

CoUninitialize
CoCreateInstance
CoInitialize

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3vd9r6d3
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ll5r65mu
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kv0rikef
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b99d88f6d8a08adef893094c0f70895e

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

wininet

urlmon

shell32

advapi32

ntdll

oleaut32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 4KB

3vd9r6d3 Size: 100KB - Virtual size: 100KB

ll5r65mu Size: 116KB - Virtual size: 116KB

kv0rikef Size: 12KB - Virtual size: 12KB

.text
Size: 24KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 4KB

3vd9r6d3
Size: 100KB - Virtual size: 100KB

ll5r65mu
Size: 116KB - Virtual size: 116KB

kv0rikef
Size: 12KB - Virtual size: 12KB