7f087288acf4b2697c52878968192addccf731710e4783339e27e50dfd4a3db1

Sharing

Copy URL

Twitter E-mail

General

Target

7f087288acf4b2697c52878968192addccf731710e4783339e27e50dfd4a3db1
Size

144KB
MD5

c40af21747a1eade3ebf0744e348fed6
SHA1

0fa685e3e8fbd7836c215008d1a0879aa9edd7c4
SHA256

7f087288acf4b2697c52878968192addccf731710e4783339e27e50dfd4a3db1
SHA512

6855378d7dec2080319a876b173a1adadc8a05d1d6575d06ec2771fd88662beeddbfc8dab9a8418ba89d47e857e9bdad7d7c534028d7872a3d891a358b95c513
SSDEEP

3072:2EnuX1gX0Ef9ZoMb9QWhXSuB+fAu7bQNGOQNqEz5RcQEhSgQSFg3kmivdcOVjz:Nndf+tsVs2Fg0fuOVj

Score

N/A

Malware Config

Signatures

Files

7f087288acf4b2697c52878968192addccf731710e4783339e27e50dfd4a3db1
.exe windows x86

290989aafb11d7463d0b3de8e18e261b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_decode_pointer
_onexit
_lock
__dllonexit
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_stricmp
_controlfp_s
_strnicmp
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
calloc
_beginthreadex
realloc
strncat
_errno
strncmp
atoi
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??_U@YAPAXI@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
malloc
strchr
memmove
ceil
strstr
memcpy
memset
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
GetCurrentThreadId
lstrcmpiA
GetSystemInfo
GlobalMemoryStatusEx
GetProcAddress
LoadLibraryA
CloseHandle
TerminateThread
Sleep
WaitForSingleObject
SetEvent
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
CreateEventA
lstrcpyA
ResetEvent
lstrlenA
lstrcatA
GetWindowsDirectoryA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
GetLastError
CreateDirectoryA
GetFileAttributesA
GetVolumeInformationA
GetLogicalDriveStringsA
LocalFree
LocalReAlloc
LocalAlloc
GetFileSize
ReadFile
GetCurrentProcess
OpenProcess
GetTickCount
GetTempPathA
InterlockedExchange
WriteFile
SetFilePointer
CreateFileA
GetSystemDirectoryA
GetLocalTime
GlobalFree
TerminateProcess
WaitForMultipleObjects
GetStartupInfoA

user32

GetWindowTextA
GetKeyState
LoadCursorA
DestroyCursor
GetCursorInfo
GetDC
OpenWindowStationA
GetProcessWindowStation
GetWindowThreadProcessId
CloseWindow
SendMessageA
IsWindow
CreateWindowExA
TranslateMessage
GetMessageA
wsprintfA
CharNextA

gdi32

DeleteDC
GetDIBits
CreateCompatibleBitmap
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject

advapi32

OpenEventLogA
ClearEventLogA
CloseEventLog
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
OpenServiceA
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA

shell32

SHGetFileInfoA
SHGetSpecialFolderPathA

winmm

waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInStart
waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveOutClose

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

ws2_32

ntohs
getsockname
bind
inet_addr
recvfrom
__WSAFDIsSet
getpeername
accept
listen
WSACleanup
gethostname
inet_ntoa
socket
gethostbyname
htons
connect
select
recv
send
setsockopt
closesocket
sendto
WSAStartup

msvfw32

ICSeqCompressFrameEnd
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICSeqCompressFrame
ICClose
ICCompressorFree

psapi

EnumProcessModules

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

UTRF
haluo
server

Sections

BBB
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

AAA
Size: 4KB - Virtual size: 1011B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

290989aafb11d7463d0b3de8e18e261b

Headers

File Characteristics

Imports

msvcr80

kernel32

user32

gdi32

advapi32

shell32

winmm

msvcp80

ws2_32

msvfw32

psapi

wtsapi32

Exports

Exports

Sections

BBB Size: 4KB - Virtual size: 2KB

.text Size: 96KB - Virtual size: 93KB

AAA Size: 4KB - Virtual size: 1011B

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 1KB

BBB
Size: 4KB - Virtual size: 2KB

.text
Size: 96KB - Virtual size: 93KB

AAA
Size: 4KB - Virtual size: 1011B

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 1KB