eb74914821c37352212798a82e08d3bb67bf41e41b4ab8cbc03d070745516486

Sharing

Copy URL Twitter E-mail

General

Target

eb74914821c37352212798a82e08d3bb67bf41e41b4ab8cbc03d070745516486
Size

140KB
MD5

f5c61e2972bb032b0e8f9dd49cff211b
SHA1

8ee66fdacd42398b53f741ffab3507846530c551
SHA256

eb74914821c37352212798a82e08d3bb67bf41e41b4ab8cbc03d070745516486
SHA512

7e54533e4c8e5952498e54f3b9b74357ab29e7d105a6372da973dd2b9d73242a68b6cefdd2a58c2bb21f2ed6c4ec57493212722c0c04c307fc5b0d20cc5779f6
SSDEEP

3072:62uBO4ewNGhQI+ZUspb4wxd+F6p77Saon+4F:orG0rmwzE677Sai

Score

N/A

Malware Config

Signatures

Files

eb74914821c37352212798a82e08d3bb67bf41e41b4ab8cbc03d070745516486
.exe windows x86

7a14b70ff716506147d6f0c3edcd780a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalUnlock
ReleaseMutex
OpenEventA
SetErrorMode
DeviceIoControl
RaiseException
GetStartupInfoA
GetModuleHandleA
GetVersion
GetCurrentProcess
ExitProcess
GetLastError
GetModuleFileNameA
SetFilePointer
WriteFile
CreateFileA
RemoveDirectoryA
LocalAlloc
GetProcAddress
LocalFree
GetDiskFreeSpaceExA
GetDriveTypeA
CreateDirectoryA
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
GetProcessHeap
HeapAlloc
FreeLibrary
CreateThread
GetLocalTime
GetTickCount
Sleep
InterlockedExchange
SetEvent
VirtualFree
DeleteCriticalSection
DeleteFileA
MoveFileA
TerminateThread
GetVolumeInformationA
CreateProcessA
CloseHandle
LoadLibraryA
OutputDebugStringA

user32

EmptyClipboard
GetClipboardData
LoadCursorA
SendMessageA
SystemParametersInfoA
ReleaseDC
GetDC
GetDesktopWindow
SetRect
GetCursorPos
wsprintfA
SetProcessWindowStation
GetProcessWindowStation
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
CharNextA
DispatchMessageA
ExitWindowsEx
GetWindowTextA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
CloseWindow
IsWindow
PostMessageA
OpenDesktopA
GetUserObjectInformationA
OpenInputDesktop
SetClipboardData
TranslateMessage

gdi32

CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
CreateCompatibleBitmap
GetDIBits
DeleteObject
DeleteDC

advapi32

LookupAccountNameA
IsValidSid
LsaOpenPolicy
LsaFreeMemory
RegQueryValueA
RegOpenKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseEventLog
ClearEventLogA
OpenEventLogA
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
LookupAccountSidA
GetTokenInformation
LsaClose

shell32

SHGetFileInfoA

msvcrt

__getmainargs
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
atol
strncat
wcscpy
atoi
strcat
rename
strrchr
_except_handler3
free
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
__CxxFrameHandler
_CxxThrowException
memmove
ceil
_ftol
strlen
strstr
memcmp
rand
strcpy
putchar
puts
sprintf
strncpy
strchr
malloc
strcmp

winmm

waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInClose
waveOutReset
waveOutClose
waveOutUnprepareHeader
waveInOpen

ws2_32

gethostname
setsockopt
WSACleanup
getsockname
htonl
sendto
inet_addr
send
select
recv
htons
ntohs
socket
gethostbyname
closesocket
connect

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

netapi32

NetUserAdd
NetLocalGroupAddMembers

msvfw32

ICSeqCompressFrameEnd
ICSendMessage

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSFreeMemory

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a14b70ff716506147d6f0c3edcd780a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

winmm

ws2_32

wininet

msvcp60

netapi32

msvfw32

psapi

wtsapi32

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 20KB - Virtual size: 16KB