c1fff0f3e118464ed5376063f4c4bee03adafc1927de67acffde438ccb5cd69d

Sharing

Copy URL Twitter E-mail

General

Target

c1fff0f3e118464ed5376063f4c4bee03adafc1927de67acffde438ccb5cd69d
Size

2.0MB
MD5

f9824c13f9317cc2ffdce11326640390
SHA1

94737b5e9fceec580be4750afb54cd92e687101f
SHA256

c1fff0f3e118464ed5376063f4c4bee03adafc1927de67acffde438ccb5cd69d
SHA512

e8cb5d265d3f72d90bcbff753c56c37d427ca0efb8072574ca97d14b8b7edde79fb508e5b8355aead7dc5af0816d3886b47efb59eab3a0a6879ce2ea99447c6a
SSDEEP

24576:6nhlbwkYrntKff5NSkJqUuZQqeZlA2U95C4qD8w+OI4YST2F0PkuVMefQfSShK0d:6roK9/OZqD8w+O3YQ2F8CefQfS05JZ

Score

N/A

Malware Config

Signatures

Files

c1fff0f3e118464ed5376063f4c4bee03adafc1927de67acffde438ccb5cd69d
.dll windows x86

51aa9179606926423639f5806075fa48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_ftime
exit
_getcwd
_chdrive
_chdir
realloc
printf
_access
_open
_getpid
_strdup
_stricmp
fflush
_errno
_fullpath
_sopen
_fdopen
fsetpos
fgetpos
fclose
remove
fopen
tolower
_snprintf
_itoa
strpbrk
strncpy
_ftol
sscanf
_purecall
isgraph
isspace
vsprintf
_mbscmp
getenv
_mbsicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
_EH_prolog
strtoul
fputc
getc
fwrite
time
ctime
fgets
bsearch
atol
ftell
strncmp
fputs
toupper
strchr
memmove
__CxxFrameHandler
rand
setlocale
ungetc
qsort
setvbuf
fseek
fgetc
fprintf
putc
_isctype
strstr
__mb_cur_max
_pctype
strtol
sprintf
malloc
fread
free
_iob
getchar
_popen
perror
_wunlink
_wremove
_waccess
_wrename
rename
_wstat
_close
_wopen
_wfreopen
freopen
_wfopen
atoi
_findfirst
_findnext
_stat
_findclose
memcmp
_beginthread
_endthread
_putenv
clearerr
srand
__p__environ
longjmp
abs
calloc
strcat
strrchr
_sys_nerr
_sys_errlist
_exit
localtime
memset
mktime
strcmp
memcpy
strlen
strcpy
_setjmp3
_unlink

mfc42

ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord1116
ord4612
ord4610
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord774
ord815
ord502
ord561
ord4160
ord5981
ord2514
ord617
ord2558
ord1146
ord5301
ord296
ord986
ord520
ord2528
ord6199
ord4159
ord2614
ord6283
ord6282
ord858
ord1200
ord5572
ord2919
ord537
ord535
ord939
ord941
ord2884
ord641
ord3452
ord2515
ord355
ord2818
ord3499
ord2725
ord924
ord4129
ord2763
ord2652
ord3815
ord5805
ord1669
ord922
ord926
ord6376
ord4673
ord6403
ord6402
ord3522
ord3521
ord2915
ord5265
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord2370
ord2301
ord4234
ord6334
ord4476
ord3089
ord4853
ord6197
ord6380
ord2642
ord3092
ord4710
ord3663
ord3571
ord3573
ord3626
ord755
ord2414
ord640
ord5785
ord1640
ord323
ord1641
ord6880
ord470
ord613
ord6329
ord289
ord3619
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord2243
ord338
ord4420
ord1825
ord4238
ord4823
ord2516
ord361
ord1197
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord2863
ord5856
ord2494
ord2627
ord2626
ord4457
ord6067
ord3482
ord2820
ord3811
ord4220
ord2584
ord3654
ord2438
ord6270
ord5710
ord1644
ord940
ord2864
ord5472
ord5252
ord5004
ord4676
ord4671
ord4448
ord2404
ord5341
ord2964
ord2995
ord4882
ord6381
ord4900
ord5062
ord4939
ord4941
ord4630
ord4589
ord4587
ord4898
ord4369
ord4892
ord4532
ord5076
ord4341
ord4349
ord4888
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4107
ord5240
ord5290
ord3748
ord1726
ord5257
ord3282
ord4432
ord5828
ord515
ord1918
ord4261
ord813
ord654
ord4722
ord2859
ord6662
ord6778
ord6136
ord6134
ord4504
ord4130
ord3771
ord3329
ord3763
ord3496
ord1908
ord1690
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord496
ord768
ord4259
ord4715
ord3402
ord3698
ord2585
ord6154
ord1570
ord4365
ord4056
ord5471
ord4121
ord2389
ord5085
ord1709
ord1714
ord4404
ord5234
ord6369
ord5279
ord5258
ord2444
ord3722
ord765
ord796
ord567
ord529
ord6215
ord2108
ord6000
ord4265
ord6069
ord4299
ord3294
ord2117
ord2379
ord5039
ord4123
ord2764
ord1768
ord2882
ord795
ord6241
ord2645
ord5789
ord2860
ord5873
ord5850
ord1842
ord4242
ord366
ord674
ord3797
ord3072
ord3870
ord4499
ord975
ord6195
ord3295
ord4366
ord5086
ord1715
ord5064
ord5248
ord3730
ord807
ord554
ord4163
ord4284
ord2120
ord5882
ord2012
ord4083
ord4076
ord5871
ord1710
ord4268
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord4275
ord3874
ord3317
ord2080
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord4854
ord5287
ord4835
ord656
ord609
ord692
ord1907
ord3610
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord4396
ord3574
ord489
ord2302
ord4258
ord3803
ord4377
ord2448
ord2044
ord6222
ord923
ord4976
ord4358
ord6028
ord5834
ord5450
ord6394
ord3699
ord2358
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord5890
ord4287
ord2079
ord4277
ord2737
ord5271
ord2937
ord4124
ord1929
ord3721
ord5875
ord4446
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord6467
ord540
ord860
ord5714
ord800
ord1175
ord6828
ord2530

kernel32

SetEvent
GetModuleHandleA
WideCharToMultiByte
GetCommandLineW
GetEnvironmentVariableA
GetEnvironmentVariableW
SetErrorMode
CreateEventA
GetProcessTimes
GetCurrentProcess
SetLastError
GetVolumeInformationA
GetDriveTypeA
ResetEvent
VirtualFree
FindFirstFileW
FindNextFileW
CreateFileA
ReadFile
WriteFile
DeviceIoControl
GetCurrentProcessId
GetSystemTime
SystemTimeToFileTime
GetLocalTime
GetFileSize
SearchPathA
CreateSemaphoreA
OpenSemaphoreA
ReleaseSemaphore
CreateMutexA
GetLastError
WaitForSingleObject
ReleaseMutex
CloseHandle
VirtualAlloc
GetProcAddress
GetVersion
SetHandleInformation
GetWindowsDirectoryA
GetTickCount
FindFirstFileA
FindNextFileA
FindClose
FreeLibrary
LoadLibraryA
MultiByteToWideChar
GlobalAlloc
GlobalLock
WinExec
FindResourceA
LoadResource
LockResource
GetPrivateProfileSectionA
GetPrivateProfileIntA
WriteProfileStringA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
GetVersionExA
LocalAlloc
LocalFree
InterlockedIncrement
InterlockedDecrement
Sleep
SizeofResource
WritePrivateProfileSectionA

user32

GetMenuStringA
GetMenuState
InsertMenuA
GetSubMenu
DialogBoxIndirectParamA
CreateDialogIndirectParamA
MoveWindow
GetMenu
SetWindowTextA
SetFocus
EndDialog
GetDlgItemTextA
GetDlgItemTextW
SetDlgItemTextA
GetWindowLongA
GetDlgItem
EnableWindow
GetWindowRect
FillRect
GetSystemMetrics
GetActiveWindow
LoadBitmapA
GetCapture
PeekMessageA
LoadIconA
SendMessageA
PostQuitMessage
ShowWindow
DeleteMenu
GetMenuItemID
LoadStringA
MessageBoxA
InvalidateRect
MessageBeep
SetWindowLongA
GetSysColor
DestroyIcon
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeClientTransaction
DdeFreeStringHandle
DdeDisconnect
DdeUninitialize
wsprintfA
ClientToScreen
LoadCursorA
SetCursor
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
GetParent
GetDC
ReleaseDC
GetClientRect
GetFocus
LoadMenuA
ScreenToClient
CheckMenuItem
SetTimer
ModifyMenuA
RemoveMenu
GetMenuItemCount

gdi32

BitBlt
GetStockObject
GetDeviceCaps
SelectObject
GetTextExtentPoint32A
CreateFontIndirectA
GetObjectA
CreateCompatibleDC

comdlg32

CommDlgExtendedError
GetOpenFileNameA

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyExA
GetUserNameW
GetUserNameA
RegSetValueExW
RegQueryValueExW
RegQueryValueExA

shell32

DragQueryFileA
SHGetPathFromIDListA
ShellExecuteA
SHGetMalloc
SHBrowseForFolderA
DragFinish

ole32

CoCreateInstance

oleaut32

SysAllocStringLen
SysFreeString

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wsock32

inet_ntoa
setsockopt
ntohs
WSAGetLastError
ntohl
htonl
gethostname
gethostbyname
gethostbyaddr
inet_addr
ioctlsocket
WSACleanup
send
WSAStartup
getsockname
getsockopt
__WSAFDIsSet
select
connect
socket
htons
getprotobyname
closesocket
recv

comctl32

ord17

netapi32

Netbios

Exports

Exports

DCCPP_AbiVersion
DCCPP_Process

Sections

.text
Size: 940KB - Virtual size: 939KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 560KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 746KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

51aa9179606926423639f5806075fa48

Headers

File Characteristics

Imports

msvcrt

mfc42

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

version

wsock32

comctl32

netapi32

Exports

Exports

Sections

.text Size: 940KB - Virtual size: 939KB

.textidx Size: 560KB - Virtual size: 556KB

CONST Size: 4KB - Virtual size: 80B

.rdata Size: 236KB - Virtual size: 234KB

.data Size: 188KB - Virtual size: 746KB

.rsrc Size: 32KB - Virtual size: 31KB

.reloc Size: 108KB - Virtual size: 105KB

.text
Size: 940KB - Virtual size: 939KB

.textidx
Size: 560KB - Virtual size: 556KB

CONST
Size: 4KB - Virtual size: 80B

.rdata
Size: 236KB - Virtual size: 234KB

.data
Size: 188KB - Virtual size: 746KB

.rsrc
Size: 32KB - Virtual size: 31KB

.reloc
Size: 108KB - Virtual size: 105KB