0abd978f817cb43a72d9826e978391c4a10a0dde96e021016d2bdf6b91857c18

Sharing

Copy URL

Twitter E-mail

General

Target

0abd978f817cb43a72d9826e978391c4a10a0dde96e021016d2bdf6b91857c18
Size

140KB
MD5

daa5a91e58cced58303c20a593494bfc
SHA1

ce2e226616593346350e4cb05170256e57ae436b
SHA256

0abd978f817cb43a72d9826e978391c4a10a0dde96e021016d2bdf6b91857c18
SHA512

c33945140e225f62a88fb214fb94a06e453ec468848763db6da3cfde06fa8ee11c749b2297eb712be9e20424c45e51feb72ca0a772fe981e1f0ee18ce5dba488
SSDEEP

3072:62uBO4ewNGhQI+ZUspb4wxd+F6p77Satn+4D:orG0rmwzE677Saj

Score

N/A

Malware Config

Signatures

Files

0abd978f817cb43a72d9826e978391c4a10a0dde96e021016d2bdf6b91857c18
.exe windows x86

7a14b70ff716506147d6f0c3edcd780a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalUnlock
ReleaseMutex
OpenEventA
SetErrorMode
DeviceIoControl
RaiseException
GetStartupInfoA
GetModuleHandleA
GetVersion
GetCurrentProcess
ExitProcess
GetLastError
GetModuleFileNameA
SetFilePointer
WriteFile
CreateFileA
RemoveDirectoryA
LocalAlloc
GetProcAddress
LocalFree
GetDiskFreeSpaceExA
GetDriveTypeA
CreateDirectoryA
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
GetProcessHeap
HeapAlloc
FreeLibrary
CreateThread
GetLocalTime
GetTickCount
Sleep
InterlockedExchange
SetEvent
VirtualFree
DeleteCriticalSection
DeleteFileA
MoveFileA
TerminateThread
GetVolumeInformationA
CreateProcessA
CloseHandle
LoadLibraryA
OutputDebugStringA

user32

EmptyClipboard
GetClipboardData
LoadCursorA
SendMessageA
SystemParametersInfoA
ReleaseDC
GetDC
GetDesktopWindow
SetRect
GetCursorPos
wsprintfA
SetProcessWindowStation
GetProcessWindowStation
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
CharNextA
DispatchMessageA
ExitWindowsEx
GetWindowTextA
GetForegroundWindow
GetAsyncKeyState
GetKeyState
keybd_event
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
CloseWindow
IsWindow
PostMessageA
OpenDesktopA
GetUserObjectInformationA
OpenInputDesktop
SetClipboardData
TranslateMessage

gdi32

CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
CreateCompatibleBitmap
GetDIBits
DeleteObject
DeleteDC

advapi32

LookupAccountNameA
IsValidSid
LsaOpenPolicy
LsaFreeMemory
RegQueryValueA
RegOpenKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseEventLog
ClearEventLogA
OpenEventLogA
RegEnumKeyExA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
LookupAccountSidA
GetTokenInformation
LsaClose

shell32

SHGetFileInfoA

msvcrt

__getmainargs
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
atol
strncat
wcscpy
atoi
strcat
rename
strrchr
_except_handler3
free
memset
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
__CxxFrameHandler
_CxxThrowException
memmove
ceil
_ftol
strlen
strstr
memcmp
rand
strcpy
putchar
puts
sprintf
strncpy
strchr
malloc
strcmp

winmm

waveInReset
waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInClose
waveOutReset
waveOutClose
waveOutUnprepareHeader
waveInOpen

ws2_32

gethostname
setsockopt
WSACleanup
getsockname
htonl
sendto
inet_addr
send
select
recv
htons
ntohs
socket
gethostbyname
closesocket
connect

wininet

InternetOpenUrlA
InternetCloseHandle
InternetOpenA
InternetReadFile

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

netapi32

NetUserAdd
NetLocalGroupAddMembers

msvfw32

ICSeqCompressFrameEnd
ICSendMessage

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSFreeMemory

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a14b70ff716506147d6f0c3edcd780a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

winmm

ws2_32

wininet

msvcp60

netapi32

msvfw32

psapi

wtsapi32

Sections

.text Size: 88KB - Virtual size: 85KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 88KB - Virtual size: 85KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 20KB - Virtual size: 16KB