a9206fdc2d8447607f8ed614b2050baef32ee77d9e1da201cd3e0f03d82391cb

Sharing

Copy URL Twitter E-mail

General

Target

a9206fdc2d8447607f8ed614b2050baef32ee77d9e1da201cd3e0f03d82391cb
Size

78KB
MD5

07cacaf39b9faa5e6f13c26a65e72ff2
SHA1

e278fcc7a03282146b5e5ffb9082450953b9a42f
SHA256

a9206fdc2d8447607f8ed614b2050baef32ee77d9e1da201cd3e0f03d82391cb
SHA512

63ddaba740b05a3947c173902ad682ecc359151447053fa84a9cd303b9e2ba3e98928e290b0e48ae912cfa7bc3e62f2302c579a85ebd0346548b396eae757767
SSDEEP

1536:6b5zRLX+FUMJUVwfD4xJm5IR6PJxhjVInTZzaD2WPd9cfkogWF/:63Lu264nMa6PJlIwD2WPd91oF/

Score

N/A

Malware Config

Signatures

Files

a9206fdc2d8447607f8ed614b2050baef32ee77d9e1da201cd3e0f03d82391cb
.exe windows x86

5ee340aeca42c605afb4e1b2f350e215

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
exit
_XcptFilter
_exit
_cexit
??3@YAXPAX@Z
__getmainargs
_amsg_exit
bsearch
wcstok_s
wcstoul
wcschr
_wsplitpath_s
wcsrchr
swscanf_s
_wcsnicmp
isxdigit
iswspace
_errno
??2@YAPAXI@Z
fflush
fgetws
wcsftime
vfwprintf_s
btowc
fread
fclose
fwrite
_open_osfhandle
_fdopen
_mbsinc
fwprintf_s
wcspbrk
wprintf_s
printf_s
_mbspbrk
vswprintf_s
_vscwprintf
wcsncpy_s
_vsnwprintf_s
_wsetlocale
swprintf_s
_setmode
__iob_func
memcpy
memset
wcsncmp
_swab
_access_s
_waccess_s
_get_osfhandle
_fileno
_time64
_localtime64_s
_wcsicmp
memcpy_s
_crt_debugger_hook

kernel32

SetLastError
GetShortPathNameA
GetShortPathNameW
ReadFile
GetACP
CloseHandle
GetFileSize
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetFullPathNameA
GetFullPathNameW
CreateFileA
CreateFileW
LocalAlloc
GetProcAddress
LoadLibraryA
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetFileType
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryW
GetCurrentDirectoryA
MultiByteToWideChar
AreFileApisANSI
FormatMessageW
HeapAlloc
GetProcessHeap
FormatMessageA
HeapFree
GetLastError
GetConsoleOutputCP
WideCharToMultiByte
GetConsoleScreenBufferInfo
GetStdHandle
GetModuleFileNameA
FreeLibrary
GetVersionExA
GetCommandLineW
GetModuleFileNameW
IsValidCodePage
FindClose

mscoree

CorBindToCurrentRuntime
GetCORVersion
LoadLibraryShim

ole32

CoInitializeEx
CoUninitialize

oleaut32

SysStringLen
SysAllocString
GetErrorInfo
SysFreeString
VariantInit
VariantClear
SysAllocStringLen

shlwapi

PathCommonPrefixW
PathCanonicalizeW
PathRemoveFileSpecW
PathAppendW
PathIsUNCW
PathIsURLW
PathRelativePathToW

user32

LoadStringA
LoadStringW

cscomp

GetMessageDll
CreateCompilerFactory

advapi32

CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptHashData

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5ee340aeca42c605afb4e1b2f350e215

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

kernel32

mscoree

ole32

oleaut32

shlwapi

user32

cscomp

advapi32

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 7KB - Virtual size: 7KB