5c54a05ead0eec6f683e00620a999863fc0ebe71230fb5b3be127a3c058ca6d7

Sharing

Copy URL Twitter E-mail

General

Target

5c54a05ead0eec6f683e00620a999863fc0ebe71230fb5b3be127a3c058ca6d7
Size

116KB
MD5

0148822b4c7ce56e413b7314271eeea8
SHA1

e53b66ae466b71ed4b25fe5f853707898fd6b597
SHA256

5c54a05ead0eec6f683e00620a999863fc0ebe71230fb5b3be127a3c058ca6d7
SHA512

b1d72bf75157f88db10aa3e6c6ac3b271f7e1c87fa7d3cc7a29f966f0b7207fef591c3de7c92acc0e490df24ca37969d776a05603efa1d5fead9b3df501c63c1
SSDEEP

1536:W0pWlchMBQ/D4fcR56WQNEqVe17dwgF4fxnCocWBU97:BElRBQr1D6jm17dwXpnsWBO7

Score

N/A

Malware Config

Signatures

Files

5c54a05ead0eec6f683e00620a999863fc0ebe71230fb5b3be127a3c058ca6d7
.exe windows x86

d7b0e23c90a345ef3455d04566fcf7af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadResource

msvcrt

setvbuf
__RTCastToVoid
_strlwr
_lock
_getcwd
_fsopen
_CIsin
__mb_cur_max
_itow
_nextafter
_mbsnbicoll
_CxxThrowException
_ismbcalnum
_memccpy
__badioinfo
_safe_fprem1
_mbsicmp
tan
strftime
wcsstr
_mbsnbcnt
_y0
_wspawnlpe
_lrotl
mbtowc
_CIacos
_wpgmptr
getenv
_wfdopen
__unguarded_readlc_active
_cabs
_chmod
_sleep
__wargv
_safe_fdivr
_findfirst
_getche
iswdigit
_dup
setlocale
rewind
_strnset
gets
_Getdays
_getmbcp
_environ
freopen
_mbsnbcpy
strcpy
_vsnprintf
_set_error_mode
getwchar
_fstati64
_mbcasemap
wcstoul
_time64
isalpha
_logb
_write
_fstat64
strtod
_inp
_wspawnvpe
ldiv
_mktime64
_ftol
_ismbckata
_ismbchira
_expand
__RTtypeid
_mbsnccnt
_wmakepath
_putws
_seh_longjmp_unwind
is_wctype
_ismbbkalnum
wcsftime
log10
_CIexp
_tzset
_adj_fpatan
_longjmpex
_ismbbkana
_spawnvpe
__winitenv
ferror
_mbccpy
_fpclass
_snwprintf
fmod
__STRINGTOLD
_mbctoupper
vprintf
_except_handler2
_mbsstr
_getch
_mbsdup
fclose
wcsncat
_setjmp
_ismbcgraph
fwrite
iscntrl
_purecall
strlen
_wtempnam
_execl
_fgetchar
_getw
_mbspbrk
_wchmod
__argc
_filbuf
__p__commode
fputs
_rotl
_flushall
fsetpos
__setlc_active
_fileno
_wsopen
_ismbbkpunct
_ismbbprint
vsprintf
frexp
_utime64
_setsystime
__p__fileinfo
_acmdln
towupper
_mbsncpy
getchar
_strcmpi
__p__mbctype
__p__wpgmptr
_getws
_locking
__isascii
vfwprintf
_lfind
_wspawnv
_mbsnbcoll
remove
__p__wenviron
_wcsncoll
time
_toupper
_wcsnset
_mbscpy
_execlp
_filelength
_hypot
_mbsnbset
wcslen
strxfrm
_ultow
__pioinfo
_ismbcpunct
_wfindnext64
_utime
clock
strncpy
towlower
_wchdir
_mbsinc
_ismbcalpha
getwc
_ismbcl2
wcscpy
_cgets
_wunlink
_mbscmp
_CIlog
__crtCompareStringA
_execv
_ismbcdigit
_mbslen
_wremove
_mbsbtype
__initenv
_wcsrev
_ismbcupper
cosh
_y1
_fullpath
isleadbyte
fopen
_pipe
_lrotr
_mbbtombc
_pclose
wscanf
__p__acmdln
_putch
_heapused
__p__winver
atan
strcspn
_wgetenv
_cexit
__p___mb_cur_max
iswprint
wcsncpy
mbstowcs
_setmode
_commit
__fpecode
_cwait
_chgsign
_wfindnext
strrchr
_wfreopen
ungetwc
_wtol
_ismbstrail
_adjust_fdiv
_ismbcl1
_wopen
_CIcosh
_wcsicoll
_scalb
_wtoi64
_winmajor
wcspbrk
_lseek
_loaddll
_mbctolower
_timezone
__setusermatherr
__unDName
_cputs
__CxxFrameHandler
toupper
_spawnvp
_mbsdec
__p__winmajor
_beginthread
_ctime64
__p__pwctype
_adj_fprem1
_itoa
_mbcjmstojis
_fputchar
_strnicmp
_outp
_findnext
tmpfile
fflush
iswcntrl
_daylight
_localtime64
_mbcjistojms
_fmode
raise
_wcsdup
_heapchk
wprintf
_mbsnset
modf
_wsetlocale
__unDNameEx
_strncoll
wcscat
_spawnl
_isctype
_wexecl
abs
tolower
_ismbbtrail
strcmp
_chdrive
malloc
_get_osfhandle
strtol
__toascii
_i64toa
_execve
_CIcos
fputc
_controlfp
_pgmptr
_getdiskfree
atoi
_chdir
_wcsicmp
strncmp
strcoll
_safe_fdiv
isupper
isgraph
_mbsncmp
_fileinfo
ceil
_pwctype
_msize
strpbrk
__pxcptinfoptrs
_wfindfirst64
_wspawnve
clearerr
_ismbcl0
localtime
_heapmin
__lconv_init
memmove
_adj_fdivr_m32i
_flsbuf
perror
iswpunct
_ltoa
iswctype
rename
_wutime
_wasctime
_adj_fdiv_m32
_wfindnexti64
_mktemp
_ismbclegal
_CIsqrt
__p__environ
_getdllprocaddr
_strrev
_stricoll
isprint
signal
strtok
_dup2
_amsg_exit
__threadhandle
wcsspn
_osver
_mbctohira
swscanf
_CIfmod
_cprintf
_mbscat
__p__dstbias
_ismbcspace
_i64tow
puts
_CItanh
_wstrtime
_strerror
__getmainargs
vfprintf
qsort
_ismbcsymbol
atexit
__p___argc
_stat64
_mbsspnp
_beginthreadex
_fdopen
_except_handler3
_sopen
_wcsnicmp
_findnext64
_wspawnlp
_aexit_rtn
_wcmdln
_mbscspn
_assert
_rmtmp
fscanf
_mbsnicoll
iswalpha
tanh
_mbctombb
_adj_fdivr_m64
_mbslwr
_heapwalk
_lsearch
iswxdigit
_searchenv
fabs
exit
_open_osfhandle
_wexecve
iswalnum
_EH_prolog
_strdate
sqrt
_adj_fptan
_seterrormode
_mbsrev
_getsystime
difftime
_Getmonths
_ismbbkprint
_waccess
iswspace
_wpopen
iswgraph
__p__daylight
_wcslwr
_wfindfirst
__doserrno
cos
isxdigit
_findclose
feof
_wstat
_HUGE
__lc_codepage
_ismbblead
_wspawnl
_getdrives
_swab
_snprintf
fgets
fgetws
_mbsncoll
__dllonexit
__p___winitenv
sin
_spawnve
div
_spawnlpe
_wcsupr
_sys_nerr
_wsystem
_strnicoll
ctime
_mbsninc
isalnum
_strupr
_finite
__p__mbcasemap
_rmdir
_setmbcp
putwchar
strspn
__RTDynamicCast
_ungetch
_popen
_initterm
_wutime64
exp
_gmtime64
free
__iscsym
__CxxLongjmpUnwind
_adj_fdivr_m32
_mbsnbicmp
_execvpe
__argv
_j1
_wcreat
_mbsupr
_wcsset
_rotr
_outpd
_wstati64
iswupper

samlib

SamGetGroupsForUser
SamAddMemberToGroup
SamChangePasswordUser
SamiSetBootKeyInformation
SamiChangePasswordUser
SamOpenDomain

user32

SendMessageA
DialogBoxParamA

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d7b0e23c90a345ef3455d04566fcf7af

Headers

File Characteristics

Imports

kernel32

msvcrt

samlib

user32

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 53KB - Virtual size: 56KB

.rdata Size: 1KB - Virtual size: 6KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 53KB - Virtual size: 56KB

.rdata
Size: 1KB - Virtual size: 6KB