8befe92273761aa9e46738c692e6167266e7c9883c6c12c6830b3fa451520bcf

Sharing

Copy URL Twitter E-mail

General

Target

8befe92273761aa9e46738c692e6167266e7c9883c6c12c6830b3fa451520bcf
Size

687KB
MD5

1fc6601812d3ebbd843d76282bc88eb0
SHA1

b8c80a3e81c7ca8532de493ec83f9dd11b8e7094
SHA256

8befe92273761aa9e46738c692e6167266e7c9883c6c12c6830b3fa451520bcf
SHA512

41bfce6defbda8ecb5c9b759c1df13cc086ed6553c1284d831023467f1b5f0ac630a9fe079e776b96cc4a7576dc9cf7a25358b1252d0f22ade8360bd526f011e
SSDEEP

12288:T7djaB7OoRTQTR7djaB7OoRTQTDiiiiiiiiiiiiii/qmD:lGBJRTQTHGBJRTQTDiiiiiiiiiiiiiiz

Score

N/A

Malware Config

Signatures

Files

8befe92273761aa9e46738c692e6167266e7c9883c6c12c6830b3fa451520bcf
.exe windows x86

aff496115aef0ebcf5cdbe6b87c595b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CloseHandle
FindResourceExW
InterlockedDecrement
VirtualUnlock
FindResourceW
GetCurrentProcess
RaiseException
SetLastError
FreeLibrary
DeviceIoControl
GetVersionExW
GetProcAddress
LoadResource
CreateFileA
GetFileSize
GetModuleHandleW
GetTickCount
SizeofResource
SetEvent
DeleteCriticalSection
HeapAlloc
HeapDestroy
VirtualLock
GetModuleFileNameW
CreateFileMappingW
WideCharToMultiByte
HeapCreate
GetCurrentThreadId
MapViewOfFile
lstrlenW
HeapFree
UnmapViewOfFile
LoadLibraryW
ResetEvent
CreateFileW
LockResource
SetProcessWorkingSetSize
InterlockedIncrement
ReadFileEx
CreateEventW
SetCurrentDirectoryA
LoadLibraryA
InitializeCriticalSection
WaitForSingleObjectEx
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
GetThreadLocale
GetLocaleInfoA
GetProcessHeap
HeapSize
HeapReAlloc
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
GetACP

user32

UnregisterClassA
PostThreadMessageW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

PathCombineW
PathFileExistsW
PathCombineA

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr80

_waccess
_vsnwprintf_s
wcscpy_s
_recalloc
??2@YAPAXI@Z
memset
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
memmove_s
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
??3@YAXPAX@Z
memcpy_s
wcsrchr
calloc
free
exit
_CxxThrowException
_vsnprintf_s
__CxxFrameHandler3

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aff496115aef0ebcf5cdbe6b87c595b6

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

shlwapi

msvcp80

msvcr80

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 648KB - Virtual size: 648KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 648KB - Virtual size: 648KB