dff6de0777f78558a1b6c34e2b1c2d044e124b900a960d176e91fb94805f5b63

Sharing

Copy URL Twitter E-mail

General

Target

dff6de0777f78558a1b6c34e2b1c2d044e124b900a960d176e91fb94805f5b63
Size

380KB
MD5

37630bd48207055773a402d219b22ff0
SHA1

fe3ec445505c0fc8aba7775075eee3a3514d90fc
SHA256

dff6de0777f78558a1b6c34e2b1c2d044e124b900a960d176e91fb94805f5b63
SHA512

e0d7803fa8e98d6e360def31ef41230f63ab54bb6ff8d8eb25e391310e9f9c5144f7cb4c35eca40f873b1c249d433f89f96b6d42389ccc1dcd4c9ac5cd89f4d9
SSDEEP

1536:RX80u4Ot9PAn4yuOF3lurKfh2y2+7Hcba/jiQGxCYNvcmDCFCkqeQhiQ:K5Ts4yuOF3EKfh2yH7Zbixd5DobqfiQ

Score

N/A

Malware Config

Signatures

Files

dff6de0777f78558a1b6c34e2b1c2d044e124b900a960d176e91fb94805f5b63
.exe windows x86

721ab6f292e5670c43b04172b9ec484d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bdmframework

?GetSystemDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?GetWindowsDirectoryW@utils@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ

shlwapi

PathRemoveFileSpecW
wnsprintfW
PathFileExistsW

kernel32

GetModuleFileNameW
LoadLibraryW
GetCurrentProcessId
GetEnvironmentVariableW
SetEnvironmentVariableW
lstrcmpiW
CloseHandle
GetWindowsDirectoryW
GetProcAddress
LocalFree
GetLastError
ExitProcess
GetModuleHandleW
GetCommandLineW
SetDllDirectoryW
InterlockedDecrement
InterlockedIncrement
GetSystemTimeAsFileTime
GetProcessTimes
LocalAlloc
GetSystemDirectoryW
CreateFileW
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
ReleaseMutex
WideCharToMultiByte
WaitForSingleObject
SetLastError
GetCurrentProcess
FreeLibrary
CreateMutexW

user32

DestroyIcon

shell32

CommandLineToArgvW

msvcp80

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

msvcr80

_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
__wgetmainargs
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
??_V@YAXPAX@Z
wcschr
??2@YAPAXI@Z
_wcsicmp
_amsg_exit
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
wcsncpy_s
ferror
fopen
_write
ftell
_read
fclose
_setmode
fgets
_close
fprintf
?_open@@YAHPBDHH@Z
fseek
__iob_func
fread
fflush
??3@YAXPAX@Z
clearerr
_lseek
fwrite
_unlock
feof
wcsncat_s
_snwprintf
__CxxFrameHandler3
memset
memcpy
_except_handler3
_fileno
_CxxThrowException

imagehlp

UnMapAndLoad
MapAndLoad

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z
OPENSSL_Applink

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 340KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.adata
Size: 4KB - Virtual size: 466B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

721ab6f292e5670c43b04172b9ec484d

Headers

DLL Characteristics

File Characteristics

Imports

bdmframework

shlwapi

kernel32

user32

shell32

msvcp80

msvcr80

imagehlp

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 340KB - Virtual size: 337KB

.reloc Size: 4KB - Virtual size: 3KB

.adata Size: 4KB - Virtual size: 466B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 340KB - Virtual size: 337KB

.reloc
Size: 4KB - Virtual size: 3KB

.adata
Size: 4KB - Virtual size: 466B