0c5fcc6812a53de7a0c45809f9c6e3ebe58c360a46f2663692da412d0a4d303f

Sharing

Copy URL Twitter E-mail

General

Target

0c5fcc6812a53de7a0c45809f9c6e3ebe58c360a46f2663692da412d0a4d303f
Size

159KB
MD5

b7166724d5f285a40551074a0c74fc30
SHA1

d642aa85d9725694d5f35ecd3dc7d02d205ffc1a
SHA256

0c5fcc6812a53de7a0c45809f9c6e3ebe58c360a46f2663692da412d0a4d303f
SHA512

c8eff03211e9003283d4240a2ecf6b2165d361ede8245f25eb148c8ca2919a8b0c70e63ffbc7bb77c34c93aafe5b4d4d0ca295eb1820dee4491afb27e294cb0c
SSDEEP

3072:28K8Q/9bt8pocgLS6YuGNm3uDGufKiC3Y+xHhYdAsiVxkj9C57OCFpglak3SoMrY:vQVSe+YR/gkhL+uoMrgaOUZb27

Score

N/A

Malware Config

Signatures

Files

0c5fcc6812a53de7a0c45809f9c6e3ebe58c360a46f2663692da412d0a4d303f
.exe windows x86

0c95b116df2c95c4e820e230bc565c90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_onexit
_lock
_decode_pointer
_unlock
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__dllonexit
_strnicmp
?terminate@@YAXXZ
_stricmp
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
calloc
_beginthreadex
realloc
strncat
_errno
strncmp
atoi
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??_U@YAPAXI@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
malloc
strchr
memmove
ceil
strstr
memcpy
memset
_CxxThrowException
__CxxFrameHandler3
??3@YAXPAX@Z
??2@YAPAXI@Z

shlwapi

SHDeleteKeyA

kernel32

GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
GetSystemTimeAsFileTime
CreateEventA
CloseHandle
GetProcAddress
LoadLibraryA
WaitForSingleObject
SetEvent
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
Sleep
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
CancelIo
lstrcpyA
lstrlenA
lstrcatA
FreeLibrary
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
GetLastError
CreateDirectoryA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
DeleteFileA
GetFileSize
CreateFileA
WriteFile
SetFilePointer
GetModuleFileNameA
SetLastError
GetCurrentProcess
CreateRemoteThread
WriteProcessMemory
OpenProcess
ExitProcess
SetFileAttributesA
MoveFileExA
GetTickCount
GetTempPathA
GetLocalTime
HeapFree
HeapAlloc
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetStartupInfoA
CreatePipe
GetSystemInfo
DefineDosDeviceA
LocalSize
Process32Next
lstrcmpiA
GetCurrentThreadId

user32

SetProcessWindowStation
SetRect
GetDC
ReleaseDC
GetCursorInfo
SystemParametersInfoA
GetWindowThreadProcessId
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
DestroyCursor
GetKeyState
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetThreadDesktop
OpenDesktopA
GetUserObjectInformationA
PostMessageA
CloseWindow
SendMessageA
IsWindow
CreateWindowExA
CloseClipboard
DispatchMessageA
TranslateMessage
GetMessageA
wsprintfA
GetWindowTextA
GetAsyncKeyState
LoadCursorA

gdi32

CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
GetDIBits
DeleteDC
DeleteObject

advapi32

DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
LookupAccountSidA
OpenProcessToken
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
ControlService
QueryServiceStatus
OpenServiceA
RegSetValueExA
RegCreateKeyA
SetNamedSecurityInfoA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetEntriesInAclA
RegQueryValueExA
RegOpenKeyA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
RegSetKeySecurity
InitializeSecurityDescriptor
AddAccessAllowedAce

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

winmm

waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveOutWrite
waveInStart
waveInPrepareHeader
waveOutClose
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ws2_32

getpeername
accept
listen
__WSAFDIsSet
gethostname
recvfrom
sendto
bind
getsockname
ntohs
inet_addr
inet_ntoa
socket
gethostbyname
htons
connect
WSAIoctl
select
recv
send
setsockopt
closesocket
WSAStartup
WSACleanup

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

ICSeqCompressFrameStart
ICOpen
ICSeqCompressFrame
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage

psapi

EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

BBB
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

AAA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TTT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.998652
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0c95b116df2c95c4e820e230bc565c90

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

shlwapi

kernel32

user32

gdi32

advapi32

shell32

winmm

msvcp90

ws2_32

wininet

avicap32

msvfw32

psapi

wtsapi32

Sections

BBB Size: 2KB - Virtual size: 2KB

.text Size: 98KB - Virtual size: 97KB

AAA Size: 1KB - Virtual size: 1KB

TTT Size: 5KB - Virtual size: 4KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 13KB - Virtual size: 12KB

.998652 Size: 1KB - Virtual size: 1KB

BBB
Size: 2KB - Virtual size: 2KB

.text
Size: 98KB - Virtual size: 97KB

AAA
Size: 1KB - Virtual size: 1KB

TTT
Size: 5KB - Virtual size: 4KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 13KB - Virtual size: 12KB

.998652
Size: 1KB - Virtual size: 1KB