8a70cf72c888e1bf898c45a99c55fe967bc911e997c9ba9d0a824953cc62fbd9

Sharing

Copy URL Twitter E-mail

General

Target

8a70cf72c888e1bf898c45a99c55fe967bc911e997c9ba9d0a824953cc62fbd9
Size

136KB
MD5

0da3a57533ae4f446753a972fd659d88
SHA1

74af76ba0703e2692c0cd0c7272db15563ca3e4a
SHA256

8a70cf72c888e1bf898c45a99c55fe967bc911e997c9ba9d0a824953cc62fbd9
SHA512

1881e6d22e5137fee9ff8221d6a16e87666d989f86cbc03f2f90c1c3ef15f40c24e7f8f1412ab1383526194adfc3e742f6dd850a59b64f23c2e22c51ae5091dd
SSDEEP

3072:rt+APXEP0WszY91195LKd+Dwu2+oSNTrKxPnx:rt+APXe955LKAJ2Erqx

Score

N/A

Malware Config

Signatures

Files

8a70cf72c888e1bf898c45a99c55fe967bc911e997c9ba9d0a824953cc62fbd9
.exe windows x86

2278b847798e98e4b1a198d33cf5dc9a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msioff10.ocx

DeleteOfficeData
GetOfficeData

mfc42

ord3470
ord1238
ord842
ord939
ord3115
ord941
ord2814
ord2813
ord836
ord1601
ord539
ord537
ord825
ord540
ord850
ord800
ord823
ord858

msvcrt

_acmdln
exit
_XcptFilter
__set_app_type
__getmainargs
__setusermatherr
__p__fmode
_initterm
memset
memcpy
realloc
malloc
free
_adjust_fdiv
__CxxFrameHandler
memcmp
__p__commode
_exit
_controlfp
?terminate@@YAXXZ
_except_handler3
_EH_prolog
_wcsicmp

kernel32

MultiByteToWideChar
FreeLibrary
IsDBCSLeadByte
GetCurrentThreadId
lstrcpynA
InterlockedDecrement
GetCommandLineA
lstrcmpiA
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
lstrlenA
GetShortPathNameA
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
LoadResource
lstrlenW
LoadLibraryExA
GetLastError
FindResourceA
SizeofResource
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA

user32

GetMessageA
CharNextA
PostThreadMessageA
DispatchMessageA

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

ole32

CoTaskMemAlloc
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoSuspendClassObjects

oleaut32

SysStringLen
LoadRegTypeLi
VariantClear
LoadTypeLi
VarUI4FromStr
SysFreeString
RegisterTypeLi
SysAllocString

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0data
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2278b847798e98e4b1a198d33cf5dc9a

Headers

File Characteristics

Imports

msioff10.ocx

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 40KB - Virtual size: 38KB

.data Size: 16KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 2KB

.0data Size: 72KB - Virtual size: 72KB

.text
Size: 40KB - Virtual size: 38KB

.data
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 2KB

.0data
Size: 72KB - Virtual size: 72KB