11272b22281ac23bb8286428f2e45c14f58703d3fb9581ee8214edc66ef13b1c

Sharing

Copy URL Twitter E-mail

General

Target

11272b22281ac23bb8286428f2e45c14f58703d3fb9581ee8214edc66ef13b1c
Size

180KB
MD5

e59ef514930c9483e01988c23a84bdd8
SHA1

d2b4dbddf30a079e86de1a6ed603f29cebfd8678
SHA256

11272b22281ac23bb8286428f2e45c14f58703d3fb9581ee8214edc66ef13b1c
SHA512

2b0c0bf7054643bd103713b8f2d6cda9e4bc4e51be5cf7ca56b7e6ee525134e583cdb6d5743114e18f47f3f6c74e0343f5b72ce192dd54aa0dc42bec54ad912b
SSDEEP

3072:qehIxRt5Gi69aa+MGYJXGupeEl0AJgn72ERI4blo072Zub9uRVTeFr/3:faY+upl0AJgnKMf72q9uRY

Score

N/A

Malware Config

Signatures

Files

11272b22281ac23bb8286428f2e45c14f58703d3fb9581ee8214edc66ef13b1c
.exe windows x86

7e27c43b63633655d915fa240c4288c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr70

wcstol
_vsnwprintf
realloc
wcsncmp
_wcsnicmp
vswprintf
malloc
free
wcsncpy
memcpy
memset
strcpy
fprintf
_iob
strlen
memcmp
sprintf
strcmp
strncpy
strchr
__CxxFrameHandler
strcat
printf
wcsstr
wcscpy
strrchr
wcslen
fclose
fread
fopen
localtime
time
clock
_stricmp
swprintf
_purecall
wcschr
fgets
_except_handler3
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
__p___winitenv
_cexit
_XcptFilter
_exit
_c_exit
qsort
isalnum
isalpha
isdigit
isspace
strtod
memmove
vsprintf
_mbsinc
strncmp
strncat
wcscmp
swscanf
fwprintf
wcscat
wprintf
wcsrchr
exit
_wfopen
??2@YAPAXI@Z

advapi32

DeregisterEventSource
LookupAccountSidA
CryptAcquireContextA
RegQueryValueExW
RegEnumValueW
RegEnumValueA
RegReplaceKeyW
RegReplaceKeyA
RegRestoreKeyW
RegRestoreKeyA
RegUnLoadKeyW
RegUnLoadKeyA
RegLoadKeyW
RegLoadKeyA
RegDeleteValueW
RegDeleteValueA
RegQueryValueW
RegQueryValueA
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegDeleteKeyW
RegDeleteKeyA
RegOpenKeyExW
RegOpenKeyExA
SetFileSecurityW
SetFileSecurityA
RegisterEventSourceA
ReportEventW
GetUserNameW
GetUserNameA
RegQueryValueExA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegEnumKeyExW
RegEnumKeyExA
LookupAccountNameA
LookupAccountNameW
RegCloseKey
LookupAccountSidW
IsTextUnicode
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext

kernel32

OutputDebugStringW
OutputDebugStringA
GetVersionExW
GetVersionExA
FindFirstFileW
FindFirstFileA
RemoveDirectoryW
RemoveDirectoryA
CreateDirectoryW
CreateDirectoryA
CreateSemaphoreW
CreateSemaphoreA
GetVolumeInformationW
GetVolumeInformationA
GetDriveTypeW
GetDriveTypeA
MoveFileExW
DeleteFileA
MoveFileW
FatalAppExitA
FatalAppExitW
CreateMutexA
CreateMutexW
CreateEventA
CreateEventW
OpenEventA
LocalAlloc
LocalFree
SetLastError
GetLastError
GetFileSize
CloseHandle
UnmapViewOfFile
MapViewOfFile
GetCurrentProcessId
OpenEventW
DeleteFileW
GetBinaryTypeA
lstrcmpiA
GetStdHandle
GetModuleHandleA
MoveFileA
CopyFileW
CopyFileA
CreateFileW
CreateFileA
WritePrivateProfileStringW
WritePrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStringA
GetModuleFileNameW
SearchPathW
SearchPathA
FormatMessageW
FormatMessageA
LoadLibraryExW
LoadLibraryExA
lstrlenW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCommandLineW
FindNextFileW
FindNextFileA
GetWindowsDirectoryW
GetWindowsDirectoryA
GetSystemDirectoryW
GetSystemDirectoryA
GetModuleFileNameA
CompareStringA
ExitProcess
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
GetTempFileNameA
GetTempFileNameW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetComputerNameA
InterlockedExchange
GetComputerNameW
CreateFileMappingA
CreateFileMappingW
OpenFileMappingA
OpenFileMappingW
CreateProcessA
CreateProcessW
GetCPInfo
GetFullPathNameA
GetFullPathNameW
EnumResourceLanguagesW
GetDateFormatA
GetDateFormatW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetTempPathA
GetTempPathW
GetEnvironmentVariableA
GetEnvironmentVariableW
lstrcatW
lstrcpyW
FreeLibrary
OpenProcess
WriteFile
VirtualAlloc
VirtualQuery
GetProcessAffinityMask
GetCurrentProcess
RaiseException
ReadFile

mscoree

StrongNameGetPublicKey
StrongNameErrorInfo
StrongNameSignatureSize
StrongNameSignatureGeneration
StrongNameKeyInstall
StrongNameFreeBuffer
StrongNameKeyDelete

ole32

CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitializeEx

user32

CharPrevW
MessageBoxW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
LoadStringW
LoadStringA
GetClassNameW
GetClassNameA
PostMessageW
PostMessageA
PeekMessageA
PeekMessageW
DispatchMessageA
DispatchMessageW

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 414KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e27c43b63633655d915fa240c4288c4

Headers

File Characteristics

Imports

msvcr70

advapi32

kernel32

mscoree

ole32

user32

Sections

.text Size: 144KB - Virtual size: 140KB

.data Size: 28KB - Virtual size: 414KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 144KB - Virtual size: 140KB

.data
Size: 28KB - Virtual size: 414KB

.rsrc
Size: 4KB - Virtual size: 1KB