a01f489aaa1257655587cc90400904587314a6db4837b9a040ffd47624331ffc

Sharing

Copy URL Twitter E-mail

General

Target

a01f489aaa1257655587cc90400904587314a6db4837b9a040ffd47624331ffc
Size

75KB
MD5

d1b7d1a8cd22c5f048d0863b6acaa061
SHA1

6c5983210c2865b68b4794dddd4ac24d12c2094a
SHA256

a01f489aaa1257655587cc90400904587314a6db4837b9a040ffd47624331ffc
SHA512

ad9186b3792cf377014749f0cebbd3d9f66b7dd01ae374961d08258edb019483f177daf9b56e96cf8f4751c275666069daa09d05cc77c8fc9ecb4a11f3827ba4
SSDEEP

1536:9W6ABp4wOAqJq0v4Psiq5fP6XMQ6kPX8D6OVr8FHuUo+:9WHUwOAqJHv40iq5KXMoP8GOsuj+

Score

N/A

Malware Config

Signatures

Files

a01f489aaa1257655587cc90400904587314a6db4837b9a040ffd47624331ffc
.dll windows x86

408920071f4e28c5975fa2ebcb0a2840

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

featureman

?SetToHead@CFeatureValues@@QAEXXZ
?GetValue@CFeatureManager@@QAEXAAVCFeatureInformation@@@Z
?GetValue@CFeatureValues@@QAEPBDXZ
??0CFeatureInformation@@QAE@XZ
?GetInstance@CFeatureManager@@SAPAV1@XZ
?SetNodePath@CFeatureInformation@@QAEXPBD@Z
?NextElement@CFeatureValues@@QAE_NXZ
??1CFeatureInformation@@QAE@XZ

diagnostic

?Log@CDiagnostic@@SAXPBD0@Z

mfc80

ord3934
ord764
ord578
ord781
ord4108
ord2902
ord4081
ord304
ord310
ord762
ord1175
ord371
ord1098
ord1084
ord2322
ord876
ord2272
ord1486
ord1069
ord911
ord784
ord1115
ord1482

msvcr80

_stricmp
free
_decode_pointer
_except_handler4_common
_encode_pointer
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_encoded_null
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
__CxxFrameHandler3
__CppXcptFilter

kernel32

GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetVersionExA
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
OpenProcess
CloseHandle
FreeLibrary
GetThreadLocale

Exports

Exports

Firewall_IsAnyFirewallRunning
Firewall_IsFirewallRunning

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

408920071f4e28c5975fa2ebcb0a2840

Headers

File Characteristics

Imports

featureman

diagnostic

mfc80

msvcr80

kernel32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 60KB - Virtual size: 61KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 60KB - Virtual size: 61KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB