345a9406bf82c2370e92b9af15d9d00a0d2842683c69d6050371bd7a097c1ab8

Sharing

Copy URL Twitter E-mail

General

Target

345a9406bf82c2370e92b9af15d9d00a0d2842683c69d6050371bd7a097c1ab8
Size

237KB
MD5

2289e1bf62e032284f5738d28f90c940
SHA1

ab2638d1d06a8af8bdd7e9a6a031c5438d46255c
SHA256

345a9406bf82c2370e92b9af15d9d00a0d2842683c69d6050371bd7a097c1ab8
SHA512

d30009b371f74ef798a9639d7bce6a1045eb3a37f202f5492f096df8e8f07cd3a2a15bf80583b4e7a1a010829ab2f9ca47e61d23e23ce2abe47eec894d94aa34
SSDEEP

6144:noE3mvLAEAPQPCn5tB3KHZW2sgqorhfgjkbb2q:nocmDmnjB38WM1gwb6q

Score

N/A

Malware Config

Signatures

Files

345a9406bf82c2370e92b9af15d9d00a0d2842683c69d6050371bd7a097c1ab8
.dll windows x86

80e300f60c79839f2a4039bd4fbd5c3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenA
InternetReadFile
InternetCloseHandle

msvcp60

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcrt

wcsrchr
wcsncpy
fwrite
swprintf
_strlwr
_strnicmp
tolower
atoi
strcat
_access
_atoi64
atol
strlen
memcmp
strchr
strcpy
strcmp
isspace
sprintf
memset
memcpy
isalnum
strtok
_wcslwr
abort
_stricmp
__dllonexit
_onexit
??1type_info@@UAE@XZ
_setjmp3
__CxxLongjmpUnwind
longjmp
?terminate@@YAXXZ
_adjust_fdiv
_initterm
strrchr
isprint
wcslen
wcscpy
wcscat
memmove
wcscmp
_snprintf
_mbsnbicmp
mktime
_waccess
vsprintf
_wfopen
_except_handler3
fprintf
_iob
_getpid
printf
wcsstr
_stat
sscanf
_mkdir
localtime
strftime
rename
free
_CxxThrowException
malloc
strncpy
remove
_filelength
strstr
srand
rand
getenv
abs
time
__CxxFrameHandler
fopen
fseek
ftell
??2@YAPAXI@Z
fread
_memicmp
fclose
_wstati64

ws2_32

htons
gethostbyname
ntohs
gethostname
bind
getprotobyname
WSAGetLastError
sendto
recvfrom
htonl
gethostbyaddr
ntohl
inet_ntoa
socket
inet_addr
setsockopt
WSAStartup

iphlpapi

SendARP
GetAdaptersInfo

advapi32

ChangeServiceConfigA
OpenServiceA
GetUserNameA
LookupAccountNameA
ConvertSidToStringSidW
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
RegConnectRegistryA
RegOpenKeyA
RegEnumKeyA
CreateServiceA
RegEnumKeyExA
DeleteService
RegQueryInfoKeyA
RegCreateKeyExA
RegEnumValueA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
StartServiceA
OpenSCManagerA
ControlService

user32

MessageBoxA
GetProcessWindowStation
OpenWindowStationA
GetSystemMetrics
ReleaseDC
GetDC
SetThreadDesktop
OpenDesktopA
SetProcessWindowStation

oleaut32

VariantInit
VariantClear
GetErrorInfo

kernel32

DeviceIoControl
ReadFile
GetCurrentProcessId
GetSystemInfo
LoadLibraryA
GetProcAddress
GetCurrentProcess
FindFirstFileA
FindNextFileA
FindClose
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetTempPathA
CopyFileA
LoadLibraryW
LockResource
SizeofResource
FreeLibrary
GetTickCount
InterlockedExchange
GetModuleFileNameW
GetLastError
MoveFileA
Sleep
DeleteFileA
CreateThread
WriteFile
CloseHandle
CreateFileA
OutputDebugStringA
DeleteFileW
SystemTimeToFileTime
GetFileSize
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
SetLastError
LocalFree
MoveFileW
GetVersionExA
SetFilePointer
MoveFileExA
GetWindowsDirectoryA
GetFileSizeEx
SetFilePointerEx
GetTempPathW

gdi32

GetDeviceCaps
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
BitBlt

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

Exports

Exports

DealA
DealB
DealC

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80e300f60c79839f2a4039bd4fbd5c3b

Headers

File Characteristics

Imports

wininet

msvcp60

msvcrt

ws2_32

iphlpapi

advapi32

user32

oleaut32

kernel32

gdi32

ole32

Exports

Exports

Sections

.text Size: 162KB - Virtual size: 161KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 18KB - Virtual size: 44KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 18KB - Virtual size: 44KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 13KB - Virtual size: 13KB