7b16ad4d4fa95e33b046f0347a8882171b932e2ac8e69a93701193b5606f6ad0

Sharing

Copy URL Twitter E-mail

General

Target

7b16ad4d4fa95e33b046f0347a8882171b932e2ac8e69a93701193b5606f6ad0
Size

244KB
MD5

202aa4a47ae305cd6af2f019bd4e55c0
SHA1

bffa457a78c50d3a6a6344734972e3e64c70c8cc
SHA256

7b16ad4d4fa95e33b046f0347a8882171b932e2ac8e69a93701193b5606f6ad0
SHA512

154aceedb22e52b1000161f2cef8322eed0bcc3bcb229b57c9cdf32c66441669d7b881b05880f1eb6348ca59fc049d3c659a6c60daab3a561e0b579a8cd9c1e9
SSDEEP

6144:yRWpBO5ATt5dUsZrZXG0GP+Rg1f6oeAVONjaTLsthA:BfOEt0wdXG7+RgniNdrA

Score

N/A

Malware Config

Signatures

Files

7b16ad4d4fa95e33b046f0347a8882171b932e2ac8e69a93701193b5606f6ad0
.exe windows x86

e1ecf4b581bb2195f145796d5287811f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

tosbtapi

BtSetLinkSupervisionTimeout
BtGetConnectionHandle
BtNotifyEvent
BtMemFree
BtGetCOMMInfoList2
BtMemAlloc
BtOpenAPI
BtNotifyCOMM
BtCloseAPI
BtConnectCOMM2

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_ultoa
strtoul
sprintf
_splitpath
_stricmp
??2@YAPAXI@Z
__CxxFrameHandler
atoi
_setmbcp
??3@YAXPAX@Z

mfc42

ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord800
ord815
ord860
ord540
ord561
ord2512
ord2621
ord1134
ord6215
ord2864
ord2725
ord5265
ord4853
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord2575
ord4396
ord3402
ord3574
ord2582
ord6055
ord4078
ord1776
ord4402
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord1576
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord3370
ord4627
ord3640
ord686
ord609
ord693
ord641
ord1168
ord384
ord567
ord324
ord2301
ord2365
ord2302
ord4234
ord6334
ord2642
ord3092
ord2862
ord2096
ord4710
ord2379
ord755
ord470
ord6888
ord6905
ord6453
ord2554
ord4486
ord6375
ord4274
ord4673
ord2086
ord6376

kernel32

ReleaseMutex
GetStartupInfoA
GetModuleHandleA
LoadLibraryA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileStringA
GetModuleFileNameA
lstrcmpiA
GetPrivateProfileIntA
lstrlenA
lstrcatA
GetLastError
Sleep
lstrcpyA
FindFirstFileA
FindClose
OpenMutexA
CreateMutexA
GetExitCodeThread
CreateEventA
CreateThread
CloseHandle
WaitForSingleObject
SetEvent

user32

GetSystemMetrics
RegisterWindowMessageA
GetClientRect
SendMessageA
DrawIcon
IsIconic
EnableWindow
GetDlgItem
DestroyMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
GetSubMenu
LoadMenuA
wsprintfA
LoadImageA
FindWindowA
BringWindowToTop
PostQuitMessage
SetPropA
GetPropA
DefWindowProcA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
SetTimer
PostMessageA
RemovePropA

advapi32

RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
RegNotifyChangeKeyValue
RegDeleteValueA
RegQueryValueExA

shell32

Shell_NotifyIconA

comctl32

ImageList_ReplaceIcon

Exports

Exports

??4CECHelper@@QAEAAV0@ABV0@@Z
?ECH_RegDeleteDataList@@YAJPAPAPADK@Z
?ECH_RegGetDataList@@YAJPAPAPADPAK1@Z
?ECH_RegReadBINARY@@YAJKHPBDPAEPAK@Z
?ECH_RegReadDWORD@@YAJKHPBDPAK@Z
?ECH_RegWriteDWORD@@YAJKHPBDK@Z

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e1ecf4b581bb2195f145796d5287811f

Headers

File Characteristics

Imports

tosbtapi

msvcrt

mfc42

kernel32

user32

advapi32

shell32

comctl32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 16KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 48KB - Virtual size: 44KB

.text Size: 160KB - Virtual size: 160KB

.text
Size: 20KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 48KB - Virtual size: 44KB

.text
Size: 160KB - Virtual size: 160KB