36f4c14e43a7223de7d0d49fc3e5b788d5e244a294e949bdef8cdfae6ef07b8c

Sharing

Copy URL Twitter E-mail

General

Target

36f4c14e43a7223de7d0d49fc3e5b788d5e244a294e949bdef8cdfae6ef07b8c
Size

247KB
MD5

0286ed075af6c0038d1b7dc11a0fa980
SHA1

d20c1ebc7e80fabbac01b3bee5b0118f2903a037
SHA256

36f4c14e43a7223de7d0d49fc3e5b788d5e244a294e949bdef8cdfae6ef07b8c
SHA512

bc8889e02ee7b1df629c3c239c42b65c45bb70c096a673a54188a896703644a2383cca118ff1f475edb608e9f0fa3d9cd8ecbed11e56c61ab70c93ba5f272558
SSDEEP

6144:L0HCHnzgggTkVIzLziBTBqWXd+iFO55qORZGo/kz:IiHnzgggTkVIzLzMTsWXYioz8

Score

N/A

Malware Config

Signatures

Files

36f4c14e43a7223de7d0d49fc3e5b788d5e244a294e949bdef8cdfae6ef07b8c
.exe windows x86

1ef12795a165945dfe38ccc24ef89be8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
TerminateProcess
OpenProcess
GetTickCount
DeleteFileW
GetVolumeInformationW
LocalFree
CopyFileW
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
Sleep
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
TerminateThread
GetFileSize
CreateFileW
GetModuleFileNameW
GetTempPathW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
ReadFile
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
GetSystemInfo
GetVersionExW
GetModuleHandleW
GetProcAddress
SetUnhandledExceptionFilter
GetLastError

user32

MoveWindow
IsWindowVisible
ScreenToClient
GetWindowRect
SetWindowTextW
GetDesktopWindow
GetWindowLongW
RemovePropW
SetWindowLongW
CreateWindowExW
DestroyWindow
DefWindowProcW
ReleaseDC
GetDC
GetClientRect
PostQuitMessage
UnregisterClassA
GetMessageW
TranslateMessage
DispatchMessageW
LoadCursorW
RegisterClassExW
GetParent
LoadIconW
GetPropW
CreateDialogParamW
KillTimer
SetTimer
UpdateWindow
ShowWindow
EndDialog
IsWindow
EnableWindow
SetDlgItemTextW
SendMessageW
GetDlgItem
IsDialogMessageW
SetPropW

gdi32

GetDeviceCaps

advapi32

CreateWellKnownSid
OpenProcessToken
CheckTokenMembership
GetTokenInformation
CryptAcquireContextW
CryptImportKey
CryptSetKeyParam
CryptDecrypt
CryptDestroyKey
CryptReleaseContext

shell32

ShellExecuteExW
SHCreateDirectoryExW
CommandLineToArgvW
SHFileOperationW
ShellExecuteW

ole32

CoInitialize
CoUninitialize

shlwapi

PathFindFileNameW
PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW

msvcp80

?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

comctl32

InitCommonControlsEx

msvcr80

_lock
__CxxFrameHandler3
memcpy
ferror
_fseeki64
_ftelli64
fread
_wfopen
fopen
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_CxxThrowException
??3@YAXPAX@Z
??_V@YAXPAX@Z
_purecall
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
?what@exception@std@@UBEPBDXZ
_invalid_parameter_noinfo
memmove_s
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
sprintf_s
strcat_s
memcpy_s
malloc
free
iswspace
_wtoi
_vscwprintf
vswprintf_s
_beginthread
_wfopen_s
fwrite
fclose
_vscprintf
_mbsstr
vsprintf_s
wcsncpy_s
_wcsicmp
wcsnlen
wcsstr
isalpha
tolower
atoi
_atoi64
_stricmp
sscanf_s
strpbrk
atof
memset
_unlock
__dllonexit
_encode_pointer

iphlpapi

GetAdaptersInfo

ws2_32

__WSAFDIsSet
closesocket
WSACleanup
WSAStartup
ioctlsocket
connect
htons
inet_addr
inet_ntoa
gethostbyname
socket
ntohl
htonl
send
recv
select

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ef12795a165945dfe38ccc24ef89be8

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

msvcp80

comctl32

msvcr80

iphlpapi

ws2_32

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 80KB - Virtual size: 80KB