f1905389f092bc2e7cdb92a5a664d8cc727bb1070c109d11cb2125e1334a4bbc

Sharing

Copy URL Twitter E-mail

General

Target

f1905389f092bc2e7cdb92a5a664d8cc727bb1070c109d11cb2125e1334a4bbc
Size

124KB
MD5

7d5d62e3d3d07189383c2fd14a4ed3b8
SHA1

43712be36f4475c1b4e186d115d2c54f3d065c8e
SHA256

f1905389f092bc2e7cdb92a5a664d8cc727bb1070c109d11cb2125e1334a4bbc
SHA512

b549f3445a8e670886a8c0e367164454a35aa5e11fded7b9c68c73e072574c7063cfe1ea7edb304f8ef011e26db095cef364667a2513284b8bcee98fc1d8d200
SSDEEP

3072:+YsJGHTXlbdMOBt3MNvEdEV2OMz28oKMznhjVgjXkhOBeXUE3UcR9:+mTX7ChYVygUOQkEEcR

Score

N/A

Malware Config

Signatures

Files

f1905389f092bc2e7cdb92a5a664d8cc727bb1070c109d11cb2125e1334a4bbc
.exe windows x86

5b0606617abd33c65736dd3e03984ba8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_onexit
_invoke_watson
__dllonexit
_strrev
_controlfp_s
_strnicmp
_lock
_decode_pointer
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
calloc
_beginthreadex
atoi
strncat
srand
rand
_time64
strrchr
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
sprintf
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
malloc
strchr
memmove
ceil
strstr
memcpy
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z
memset

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
LoadLibraryA
WaitForSingleObject
SetEvent
GetProcAddress
CreateEventA
CloseHandle
TerminateThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
CancelIo
lstrcpyA
ResetEvent
lstrlenA
lstrcatA
GetLastError
GetFileAttributesA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
MoveFileA
ReadFile
DeleteFileA
GetModuleFileNameA
CreateProcessA
GetCurrentProcess
ExitThread
GetTickCount
Process32Next
Process32First
ExitProcess
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
PeekNamedPipe
WaitForMultipleObjects
GetStartupInfoA
CreatePipe
GlobalMemoryStatus
GetSystemInfo
OpenEventA
SetErrorMode
LocalSize
lstrcmpiA
GetCurrentThreadId
InterlockedCompareExchange

user32

SetProcessWindowStation
GetCursorPos
SetRect
GetDesktopWindow
GetDC
ReleaseDC
GetCursorInfo
SendMessageA
SystemParametersInfoA
GetSystemMetrics
OpenWindowStationA
CloseDesktop
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
SetCapture
MapVirtualKeyA
keybd_event
DestroyCursor
LoadCursorA
GetForegroundWindow
GetProcessWindowStation
ExitWindowsEx
GetWindowThreadProcessId
IsWindowVisible
GetClipboardData
EnumWindows
SetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
GetThreadDesktop
OpenDesktopA
PostMessageA
IsWindow
CreateWindowExA
WindowFromPoint
CloseWindow
OpenClipboard
wsprintfA
CharNextA
MessageBoxA
GetWindowTextA

gdi32

GetDIBits
CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteDC
DeleteObject

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

SHGetFileInfoA
ShellExecuteA

ws2_32

WSAStartup
closesocket
getsockname
WSAGetLastError
htonl
gethostname
inet_ntoa
WSASocketA
inet_addr
sendto
socket
gethostbyname
htons
connect
WSAIoctl
send
recv
select
setsockopt

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA

msvfw32

ICSeqCompressFrameStart
ICOpen
ICSeqCompressFrame
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage

psapi

GetModuleFileNameExA
EnumProcessModules

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

JJN
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

caoni
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DDF
Size: 4KB - Virtual size: 560B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

KKO
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

WWE
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

AAS
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.225
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b0606617abd33c65736dd3e03984ba8

Headers

File Characteristics

Imports

msvcr80

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcp80

wininet

msvfw32

psapi

Sections

.text Size: 56KB - Virtual size: 54KB

JJN Size: 4KB - Virtual size: 3KB

caoni Size: 12KB - Virtual size: 8KB

DDF Size: 4KB - Virtual size: 560B

KKO Size: 4KB - Virtual size: 1KB

WWE Size: 4KB - Virtual size: 1KB

AAS Size: 4KB - Virtual size: 1KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 4KB

.225 Size: 4KB - Virtual size: 4KB

.text
Size: 56KB - Virtual size: 54KB

JJN
Size: 4KB - Virtual size: 3KB

caoni
Size: 12KB - Virtual size: 8KB

DDF
Size: 4KB - Virtual size: 560B

KKO
Size: 4KB - Virtual size: 1KB

WWE
Size: 4KB - Virtual size: 1KB

AAS
Size: 4KB - Virtual size: 1KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 4KB

.225
Size: 4KB - Virtual size: 4KB