770ae0248d2469a99d80953e9974264415b01eeb6ae4e1b23fd6e9fe0d09b1ec

Sharing

Copy URL Twitter E-mail

General

Target

770ae0248d2469a99d80953e9974264415b01eeb6ae4e1b23fd6e9fe0d09b1ec
Size

204KB
MD5

edfaad8a05f2471cff82862bc4a51bd7
SHA1

e1847b8001f65fdbd23906832cdd92676a6167d0
SHA256

770ae0248d2469a99d80953e9974264415b01eeb6ae4e1b23fd6e9fe0d09b1ec
SHA512

1816b10a516c1c5b7b9595ce471d2f6d77d932cb2299b0efa818d137fcd06d737fb7a93fd7e2d13c9081b9b9b16c85cb66c961f1071b3d6a0f690f278eae44f4
SSDEEP

3072:wKIFhEzGKUWULSdcOcFX+rnApE2ailH6XDDa7gvctf/eEySgusBMmz912igCkOfc:wK7hBDO7gNSXo551rgLOKOVXNk

Score

N/A

Malware Config

Signatures

Files

770ae0248d2469a99d80953e9974264415b01eeb6ae4e1b23fd6e9fe0d09b1ec
.exe windows x86

4747971624f4b5e26122e1dbcaecd932

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

_onexit
_lock
_controlfp_s
_decode_pointer
_invoke_watson
__dllonexit
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__set_app_type
_strnicmp
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
calloc
_snprintf
_beginthreadex
atol
mbstowcs
wcstombs
_errno
_mbscmp
_mbsstr
sprintf
strncmp
atoi
realloc
strncat
srand
rand
_time64
strncpy
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
strrchr
??_U@YAPAXI@Z
free
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
malloc
strchr
memmove
ceil
strstr
memcpy
memset
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??2@YAPAXI@Z

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
GetProcAddress
LoadLibraryA
CloseHandle
WaitForSingleObject
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
CreateEventA
InterlockedExchange
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
lstrcpyA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDriveStringsA
LocalFree
LocalReAlloc
LocalAlloc
RemoveDirectoryA
DeleteFileA
CreateFileA
WriteFile
SetFilePointer
MoveFileA
ReadFile
GetModuleFileNameA
GetCurrentProcess
CreateRemoteThread
ExitThread
GetTickCount
ExitProcess
GetSystemDirectoryA
GetLocalTime
LocalSize
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
DisconnectNamedPipe
TerminateProcess
PeekNamedPipe
WaitForMultipleObjects
GetStartupInfoA
CreatePipe
GlobalMemoryStatus
GetSystemInfo
OpenEventA
SetErrorMode
CreateMutexA
lstrcpyW
GlobalMemoryStatusEx
Process32Next
lstrcmpiA
Process32First
Module32First
GetModuleHandleA
GetCurrentThreadId
InterlockedCompareExchange

user32

CloseClipboard
SetClipboardData
LoadCursorA
OpenClipboard
GetSystemMetrics
SystemParametersInfoA
GetCursorInfo
ReleaseDC
GetDC
SetRect
SetProcessWindowStation
GetProcessWindowStation
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenInputDesktop
GetUserObjectInformationA
GetThreadDesktop
OpenDesktopA
PostMessageA
CloseWindow
IsWindow
CreateWindowExA
DestroyCursor
wsprintfA
GetForegroundWindow
SendMessageA

gdi32

DeleteObject
DeleteDC
GetDIBits
CreateCompatibleBitmap
SelectObject
CreateDIBSection
CreateCompatibleDC
BitBlt

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
ClearEventLogA
RegQueryValueExA
RegSetValueExA
QueryServiceStatus
ControlService
DeleteService
CloseServiceHandle
RegOpenKeyExA
RegQueryValueA
RegCloseKey
LsaOpenPolicy
LsaRetrievePrivateData
LookupAccountNameA
IsValidSid
GetTokenInformation
LookupAccountSidA
GetUserNameA
AbortSystemShutdownA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
CreateServiceA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
QueryServiceConfigA
UnlockServiceDatabase
ChangeServiceConfigA
LockServiceDatabase
StartServiceA
EnumServicesStatusA
ChangeServiceConfig2A

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

winmm

waveOutReset
waveInUnprepareHeader
waveInReset
waveInStop
waveOutPrepareHeader
waveOutGetNumDevs
waveInAddBuffer
waveOutWrite
waveOutUnprepareHeader
waveOutClose
waveInStart
waveInPrepareHeader
waveInOpen
waveInGetNumDevs
waveInClose

ws2_32

getpeername
accept
listen
ioctlsocket
__WSAFDIsSet
select
recv
send
setsockopt
closesocket
WSAStartup
recvfrom
bind
ntohs
getsockname
WSAGetLastError
WSACleanup
htonl
gethostname
inet_ntoa
WSASocketA
inet_addr
sendto
socket
gethostbyname
WSAIoctl
connect
htons

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvfw32

ICSeqCompressFrame
ICSeqCompressFrameStart
ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd

iphlpapi

GetIfTable

netapi32

NetUserGetLocalGroups
NetApiBufferFree
NetUserEnum
NetUserGetInfo
NetUserSetInfo
NetLocalGroupAddMembers
NetUserDel

psapi

GetModuleFileNameExA
EnumProcessModules

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsA
WTSLogoffSession
WTSDisconnectSession

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.66524
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tqjzfho
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4747971624f4b5e26122e1dbcaecd932

Headers

File Characteristics

Imports

msvcr80

kernel32

user32

gdi32

advapi32

shell32

winmm

ws2_32

msvcp80

msvfw32

iphlpapi

netapi32

psapi

wtsapi32

Sections

.text Size: 132KB - Virtual size: 130KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 1KB

.66524 Size: 32KB - Virtual size: 32KB

tqjzfho Size: - Virtual size: 4KB

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 1KB

.66524
Size: 32KB - Virtual size: 32KB

tqjzfho
Size: - Virtual size: 4KB