76f9e4404e8bfadd2aa50b74b48a89881f01312ad495fb65cacf78d762095c7d

Sharing

Copy URL Twitter E-mail

General

Target

76f9e4404e8bfadd2aa50b74b48a89881f01312ad495fb65cacf78d762095c7d
Size

742KB
MD5

0cbb41c8b569afcfc9315d98f289eed0
SHA1

b3bbde40c0b949f0fbdc9dd2cb1c9f4e97f2140e
SHA256

76f9e4404e8bfadd2aa50b74b48a89881f01312ad495fb65cacf78d762095c7d
SHA512

8b7278bd6a3fe8424a5e3540975973e64b97e1f7f0b641e43832c648e2f31011f8377444549d3b43e0fc9a78bda5b80d223214d39cc8ca5b6fb9fc6395e6ad57
SSDEEP

12288:aeANt+5GAexH6WcCXPMnS+YkfDBUIfrzU8cAOrD2hMkZp2UJjbp7an/acueDP:aeANt+5GjH/VfyR7fXcnDNwYuer

Score

N/A

Malware Config

Signatures

Files

76f9e4404e8bfadd2aa50b74b48a89881f01312ad495fb65cacf78d762095c7d
.exe windows x64

bd0d1104b23cdf68eb196e91bfc1ce6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcr80

??_V@YAXPEAX@Z
wcslen
??0exception@std@@QEAA@AEBV01@@Z
strlen
_getpid
?what@exception@std@@UEBAPEBDXZ
??0bad_cast@std@@QEAA@PEBD@Z
??3@YAXPEAX@Z
??_U@YAPEAX_K@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??1bad_cast@std@@UEAA@XZ
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
_time64
_ctime64
??2@YAPEAX_K@Z
??1exception@std@@UEAA@XZ
_purecall
_wgetenv
fclose
fflush
_wtoi
fputws
_wremove
ftell
fseek
_wfopen_s
_wrename
??8type_info@@QEBA_NAEBV0@@Z
_wgetcwd
memset
wcsncpy
__CxxFrameHandler3
__C_specific_handler
_unlock
__dllonexit
_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_wcsicmp
_wcsnicmp
_encode_pointer
memcpy

kernel32

GetFileAttributesW
CreateDirectoryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
ResetEvent
GetFullPathNameW
OpenProcess
Process32NextW
CloseHandle
CreateThread
InitializeCriticalSection
DeleteCriticalSection
SetEvent
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
CreateEventW
GetLastError
GetExitCodeProcess
SetProcessWorkingSetSize
GetCurrentProcess
OpenEventW
Sleep
OpenMutexW
CreateMutexW
LocalFree
WaitForSingleObject
GetCurrentDirectoryW
GetPrivateProfileStringW
HeapFree
GetEnvironmentVariableW
GetProcessHeap
CreateToolhelp32Snapshot
Process32FirstW
ProcessIdToSessionId
SetLastError

user32

OpenWindowStationW
GetProcessWindowStation
CloseDesktop
CloseWindowStation
OpenDesktopW
SetProcessWindowStation

advapi32

RegNotifyChangeKeyValue
RevertToSelf
CreateProcessAsUserW
DuplicateTokenEx
ImpersonateLoggedOnUser
OpenProcessToken
CloseServiceHandle
QueryServiceStatus
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenServiceW
OpenSCManagerW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
StartServiceW

shell32

CommandLineToArgvW

msvcp80

?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KPEB_W_K@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KXZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@_K0PEB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2_KB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXAEAV12@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA?AV12@_K0@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@AEBV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@AEBV12@@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IEAAPEA_WXZ
?max_size@?$allocator@_W@std@@QEBA_KXZ
?pbase@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_NXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$allocator@_W@std@@QEAA@AEBV01@@Z
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?allocate@?$allocator@_W@std@@QEAAPEA_W_K@Z
?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@H@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?pbackfail@?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@MEAAGG@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@H@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?underflow@?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@MEAAGXZ
?str@?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Xsgetn_s@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_K_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??0?$allocator@_W@std@@QEAA@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W@Z
?pbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?seekoff@?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@MEAA?AV?$fpos@H@2@_JHH@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXXZ
?seekpos@?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@MEAA?AV?$fpos@H@2@V32@H@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AEAV10@AEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
?overflow@?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@MEAAGG@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_J@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?deallocate@?$allocator@_W@std@@QEAAXPEA_W_K@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0id@locale@std@@QEAA@_K@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
?width@ios_base@std@@QEAA_J_J@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?_Getfacet@locale@std@@QEBAPEBVfacet@12@_K@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?flags@ios_base@std@@QEBAHXZ
?endl@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AEAV21@@Z
??1locale@std@@QEAA@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?_Incref@facet@locale@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Register@facet@locale@std@@QEAAXXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?widen@?$ctype@_W@std@@QEBA_WD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KXZ
?length@?$char_traits@_W@std@@SA_KPEB_W@Z
?width@ios_base@std@@QEBA_JXZ
?eq_int_type@?$char_traits@_W@std@@SA_NAEBG0@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??0_Lockit@std@@QEAA@H@Z
?uncaught_exception@std@@YA_NXZ
??1_Lockit@std@@QEAA@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??Bid@locale@std@@QEAA_KXZ
?eof@?$char_traits@_W@std@@SAGXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAX_K@Z
?good@ios_base@std@@QEBA_NXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z
??1?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@UEAA@XZ

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: 540KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bd0d1104b23cdf68eb196e91bfc1ce6d

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

kernel32

user32

advapi32

shell32

msvcp80

userenv

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 1KB

.vmp1 Size: 540KB - Virtual size: 1.8MB

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 1KB

.vmp1
Size: 540KB - Virtual size: 1.8MB