3fb931fea034d829e496dd7eaf696622ec8b32803c8f82c0b9cef68d43cc9aed

Sharing

Copy URL Twitter E-mail

General

Target

3fb931fea034d829e496dd7eaf696622ec8b32803c8f82c0b9cef68d43cc9aed
Size

195KB
MD5

1b4714e5b37b80100e7b159c51e372dd
SHA1

08b3f4fb492be5c20cb424cf87c2c76890d5bf91
SHA256

3fb931fea034d829e496dd7eaf696622ec8b32803c8f82c0b9cef68d43cc9aed
SHA512

f870da56f855a3c4f663f75690d3c39b8c369688609457ae8635068f3d51e9c9cf67405be41967af03d63220363daf7fc42a38bc4dfd8090a6021827119c9807
SSDEEP

3072:B7cdC3xA4UwhO1C0droI62GNzMF0v/LfP7NtC8rahvDRNhO4t424kwg5lasemYO/:B708AyhO1NQXLnna1RT+befemYOzgw

Score

N/A

Malware Config

Signatures

Files

3fb931fea034d829e496dd7eaf696622ec8b32803c8f82c0b9cef68d43cc9aed
.exe windows x86

85054bf3d13e550cceca0aebb4bb6b13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_strnicmp
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
calloc
_snprintf
_beginthreadex
atol
mbstowcs
wcstombs
_errno
_mbscmp
_mbsstr
sprintf
strncmp
atoi
realloc
strncat
srand
rand
printf
_time64
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??_U@YAPAXI@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
malloc
strchr
memmove
ceil
strstr
memcpy
memset
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z

shlwapi

SHDeleteKeyA

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
TerminateThread
Sleep
WaitForSingleObject
SetEvent
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
lstrcpyA
GetWindowsDirectoryA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
GetLastError
CreateDirectoryA
GetFileAttributesA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
DeleteFileA
GetFileSize
CreateFileA
SetFilePointer
MoveFileA
ReadFile
GetModuleFileNameA
SetLastError
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
ExitThread
GetTickCount
ExitProcess
WriteFile
GetSystemDirectoryA
GetLocalTime
HeapFree
HeapAlloc
GetProcessHeap
LocalSize
InterlockedExchange
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetStartupInfoA
CreatePipe
GlobalMemoryStatus
GetSystemInfo
OpenEventA
SetErrorMode
CreateMutexA
lstrcpyW
GlobalMemoryStatusEx
Process32Next
Process32First
Module32First
GetModuleHandleA
GetCurrentThreadId
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

SendMessageA
SystemParametersInfoA
BlockInput
GetSystemMetrics
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
SetCursorPos
GetCursorInfo
SetCapture
MapVirtualKeyA
DestroyCursor
LoadCursorA
GetKeyState
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
CharNextA
ReleaseDC
GetDC
GetDesktopWindow
SetRect
GetCursorPos
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop
GetThreadDesktop
OpenDesktopA
PostMessageA
CloseWindow
CloseClipboard
IsWindow
CreateWindowExA
WindowFromPoint
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA

gdi32

DeleteObject
DeleteDC
GetDIBits
CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC

advapi32

SetNamedSecurityInfoA
RegCreateKeyA
RegSetValueExA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
GetTokenInformation
LookupAccountSidA
GetUserNameA
AbortSystemShutdownA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
CreateServiceA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetEntriesInAclA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegRestoreKeyA
RegSaveKeyA
QueryServiceConfigA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
StartServiceA
EnumServicesStatusA
ChangeServiceConfig2A

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

winmm

waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveOutWrite
waveInStart
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveOutClose

ws2_32

listen
ioctlsocket
connect
WSAIoctl
accept
recv
send
setsockopt
closesocket
WSAStartup
getpeername
__WSAFDIsSet
recvfrom
bind
ntohs
getsockname
WSAGetLastError
WSACleanup
htonl
gethostname
inet_ntoa
inet_addr
sendto
socket
gethostbyname
select
htons

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvfw32

ICSeqCompressFrameStart
ICOpen
ICSeqCompressFrame
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage

iphlpapi

GetIfTable

netapi32

NetApiBufferFree
NetUserEnum
NetUserGetLocalGroups
NetUserGetInfo
NetUserSetInfo
NetUserDel

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSQuerySessionInformationW
WTSEnumerateSessionsA
WTSLogoffSession
WTSDisconnectSession
WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

Rtuh
SB360
de

Sections

AAA
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.55412
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85054bf3d13e550cceca0aebb4bb6b13

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

shlwapi

kernel32

user32

gdi32

advapi32

shell32

winmm

ws2_32

msvcp90

msvfw32

iphlpapi

netapi32

psapi

wtsapi32

Exports

Exports

Sections

AAA Size: 2KB - Virtual size: 2KB

.text Size: 152KB - Virtual size: 151KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 3KB - Virtual size: 2KB

.55412 Size: 1KB - Virtual size: 1KB

AAA
Size: 2KB - Virtual size: 2KB

.text
Size: 152KB - Virtual size: 151KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 3KB - Virtual size: 2KB

.55412
Size: 1KB - Virtual size: 1KB