02abe3bdb716513b7c55609d72ec347ce6c0ddcb574c7c62231e006a0592179d

Sharing

Copy URL Twitter E-mail

General

Target

02abe3bdb716513b7c55609d72ec347ce6c0ddcb574c7c62231e006a0592179d
Size

164KB
MD5

5bfae6985422ea10f8f53f84f5b66859
SHA1

70ed0a8af83c5e4c4654c33dc79d461d323a8c70
SHA256

02abe3bdb716513b7c55609d72ec347ce6c0ddcb574c7c62231e006a0592179d
SHA512

71c2375aef0c18d7f802da58bd690f11a861245273508f6e890ea6c1662bd46b257ee23f52447332d464763614f2a42297819f2c0052576f8ad1b42718c67aea
SSDEEP

3072:jCpyGPbzJtNnOxgpNSCZYOFNXqetVG7cjewl:e8GjzJtNOWSqh3tVGoje0

Score

N/A

Malware Config

Signatures

Files

02abe3bdb716513b7c55609d72ec347ce6c0ddcb574c7c62231e006a0592179d
.exe windows x86

30b3242496ad854e94abb936f15d4482

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32First
ExitProcess
HeapFree
HeapAlloc
GetProcessHeap
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
MoveFileA
PeekNamedPipe
WaitForMultipleObjects
GlobalMemoryStatus
GetSystemInfo
OpenEventA
SetErrorMode
LocalSize
lstrcmpiA
GetCurrentThreadId
GetModuleHandleA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetFileSize
RemoveDirectoryA
LocalAlloc
FindFirstFileA
LocalReAlloc
Process32Next
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
FreeLibrary
MultiByteToWideChar
GetWindowsDirectoryA
lstrcatA
GetVersionExA
GetPrivateProfileSectionNamesA
lstrlenA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
lstrcpyA
CancelIo
Sleep
InterlockedExchange
ResetEvent
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
TerminateThread
CloseHandle
CreateEventA
SetEvent
WaitForSingleObject
LoadLibraryA
GetProcAddress
GetTickCount
ExitThread
GetCurrentProcess
CreateProcessA
GetLastError
GetModuleFileNameA
DeleteFileA
FindNextFileA
SetLastError
CreateThread
ResumeThread
CreatePipe

user32

OpenClipboard
GetClipboardData
GetSystemMetrics
LoadCursorA
DestroyCursor
ReleaseDC
GetDC
GetDesktopWindow
SetRect
EmptyClipboard
CloseClipboard
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
ExitWindowsEx
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
GetCursorPos
SetClipboardData
CloseWindow
CreateWindowExA
IsWindow
GetMessageA
SetCursorPos
WindowFromPoint
SetCapture
mouse_event
MapVirtualKeyA
SendMessageA
GetForegroundWindow
GetWindowTextA
MessageBoxA
wsprintfA
GetCursorInfo
PostMessageA
OpenDesktopA
GetThreadDesktop
GetUserObjectInformationA
OpenInputDesktop

gdi32

CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
CreateCompatibleBitmap
GetDIBits
DeleteObject
DeleteDC

advapi32

OpenSCManagerA
IsValidSid
LsaFreeMemory
LsaClose
LsaRetrievePrivateData
LsaOpenPolicy
SetNamedSecurityInfoA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
SetEntriesInAclA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
CloseServiceHandle
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
RegSetValueExA
RegCreateKeyA
RegQueryValueA
RegOpenKeyExA
CloseEventLog
ClearEventLogA
OpenEventLogA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
LookupAccountSidA
GetTokenInformation
LookupAccountNameA

shell32

SHGetFileInfoA
ShellExecuteA
SHGetSpecialFolderPathA

msvcrt

_strupr
_strnicmp
_acmdln
_strrev
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_strcmpi
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
atoi
realloc
strncat
strtok
time
srand
rand
printf
strrchr
strncpy
sprintf
_except_handler3
free
malloc
strcmp
strcat
strchr
strcpy
memmove
memset
??2@YAPAXI@Z
__CxxFrameHandler
_CxxThrowException
??3@YAXPAX@Z
memcpy
ceil
_ftol
strlen
strstr

shlwapi

SHDeleteKeyA

winmm

waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutWrite
waveInOpen
waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInStop
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInReset
waveOutClose

ws2_32

WSAStartup
WSAIoctl
setsockopt
connect
getsockname
WSAGetLastError
WSACleanup
htonl
gethostname
inet_ntoa
WSASocketA
inet_addr
sendto
send
closesocket
gethostbyname
socket
recv
select
htons

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameEnd
ICCompressorFree
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

LALA
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

BBV
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

KKK
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

LLLE
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30b3242496ad854e94abb936f15d4482

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

shlwapi

winmm

ws2_32

msvcp60

wininet

msvfw32

psapi

wtsapi32

Sections

.text Size: 104KB - Virtual size: 101KB

LALA Size: 4KB - Virtual size: 1KB

BBV Size: 4KB - Virtual size: 1KB

KKK Size: 4KB - Virtual size: 3KB

LLLE Size: 4KB - Virtual size: 1KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 12KB - Virtual size: 15KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 104KB - Virtual size: 101KB

LALA
Size: 4KB - Virtual size: 1KB

BBV
Size: 4KB - Virtual size: 1KB

KKK
Size: 4KB - Virtual size: 3KB

LLLE
Size: 4KB - Virtual size: 1KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 12KB - Virtual size: 15KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB