b2c833f2bf5de39051010b46015c41ea0f24046787ddfcc42599d707e19921dd

Sharing

Copy URL Twitter E-mail

General

Target

b2c833f2bf5de39051010b46015c41ea0f24046787ddfcc42599d707e19921dd
Size

400KB
MD5

0a86ec3d60f02e33916b16490e2d640f
SHA1

c521a7de89ab57c8f834edfe632bf8cf8be66487
SHA256

b2c833f2bf5de39051010b46015c41ea0f24046787ddfcc42599d707e19921dd
SHA512

814a9ab1ef79bfe40fd85ada1385454f2dd302ec996351f439a3fcdf1d252d640db5a85f1103646dad62c655702ba9686b7bf6dd81b4d49626291c3207dc6fce
SSDEEP

6144:/Hyen3H3zBKpwDyypuQ6ubCfjXJWbLEamQ/z6KktoA+01w78WCDglDemHpwSo:vyenHzsXXJs/z3qglDNZo

Score

N/A

Malware Config

Signatures

Files

b2c833f2bf5de39051010b46015c41ea0f24046787ddfcc42599d707e19921dd
.exe windows x86

656fcbadb3fb8ac49d2168dfd71c1a12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
CreateThread
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
RtlUnwind
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
RaiseException
GetStartupInfoA
GetProcessHeap
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
HeapAlloc
HeapFree
ExitProcess
GetOEMCP
GetCPInfo
SetErrorMode
GlobalFlags
InterlockedIncrement
GetFileTime
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedDecrement
GetModuleFileNameW
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalAddAtomA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GetCurrentProcessId
CreateEventA
GetCurrentThreadId
SetThreadPriority
CloseHandle
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetTickCount
SetLastError
LocalFree
SetConsoleCtrlHandler
GetModuleHandleA
FormatMessageA
GetFileAttributesA
lstrlenA
lstrcmpiA
GetVersion
MultiByteToWideChar
GetLastError
CompareStringW
CompareStringA
SetEvent
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForSingleObject
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchange
ResumeThread
SuspendThread
Sleep
LeaveCriticalSection
FindResourceA
EnterCriticalSection
LoadResource
LockResource
SizeofResource
SetHandleCount
WideCharToMultiByte
CreateFileW

user32

GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
SetCursor
GetWindowTextA
RegisterWindowMessageA
PostQuitMessage
GetSystemMetrics
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
WaitMessage
PostMessageA
PeekMessageA
DispatchMessageA
CharUpperA
KillTimer
SetTimer
EnableWindow
PostThreadMessageA
IsWindow
RemovePropA
GetPropA
SetPropA
GetClassNameA
GetClassLongA
GetCapture
LoadIconA
WinHelpA
SetWindowTextA
ShowWindow
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
DestroyMenu
LoadCursorA
GetSysColorBrush
GetWindow
UnregisterClassA

gdi32

OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyA
EnumServicesStatusA
OpenSCManagerA
UnlockServiceDatabase
LockServiceDatabase
OpenServiceA
DeleteService
CreateServiceA
QueryServiceConfigA
QueryServiceStatus
StartServiceA
ControlService
CloseServiceHandle
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegCloseKey
RegFlushKey
RegDeleteKeyA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegOpenKeyExA

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
UrlUnescapeA

ws2_32

WSAGetLastError
setsockopt
listen
ntohs
inet_addr
gethostbyname
recv
send
WSAAsyncSelect
recvfrom
sendto
connect
WSASetLastError
getpeername
bind
htons
htonl
select
socket
accept
closesocket
WSACleanup
WSAStartup
inet_ntoa

oleaut32

VariantTimeToSystemTime
VarUdateFromDate
SystemTimeToVariantTime
VarDateFromStr
VariantClear
VariantChangeType
VariantInit

libmysql

mysql_ping
mysql_fetch_row
mysql_num_rows
mysql_store_result
mysql_error
mysql_errno
mysql_query
mysql_real_connect
mysql_options
mysql_init
mysql_close

wininet

InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA

Sections

.text
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

656fcbadb3fb8ac49d2168dfd71c1a12

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

ws2_32

oleaut32

libmysql

wininet

Sections

.text Size: 284KB - Virtual size: 283KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 36KB - Virtual size: 32KB

.text
Size: 284KB - Virtual size: 283KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 36KB - Virtual size: 32KB