7fb6a3f2a36403db4f8712c9257c271b992d97bd6cc14304c0c342187357bb92

Sharing

Copy URL Twitter E-mail

General

Target

7fb6a3f2a36403db4f8712c9257c271b992d97bd6cc14304c0c342187357bb92
Size

70KB
MD5

f3cb56e2e41e2ef57046a47af3141480
SHA1

c95a66a340d15f6fb24275d6494c971d536104e9
SHA256

7fb6a3f2a36403db4f8712c9257c271b992d97bd6cc14304c0c342187357bb92
SHA512

41a3157a825b8f8226207153f6da0516a72ebc2fa8a67f8046250c04bb7cc156120a667bd0922b9ea388245fecde290929c85d2732c8e1dfec139a04f0e89654
SSDEEP

1536:fQHnkCi5AHN7QlGpMq1WIDVLQ9GdXnGUlB/b:fQniPlGpMq1WIRXdblBT

Score

N/A

Malware Config

Signatures

Files

7fb6a3f2a36403db4f8712c9257c271b992d97bd6cc14304c0c342187357bb92
.exe windows x86

82c7d8ad677af5ff776ab0a771b2470c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
ExpandEnvironmentStringsA
GetTempPathA
SetCurrentDirectoryA
FreeLibrary
lstrcmpA
GlobalFree
GlobalUnlock
DeleteFileA
ExitProcess
GetVersionExA
_llseek
_lread
_lopen
GetModuleFileNameA
Sleep
GetSystemDirectoryA
SetErrorMode
GetTempFileNameA
GetExitCodeProcess
WaitForSingleObject
CreateDirectoryA
GlobalAlloc
GetFileTime
CreateFileA
GetUserDefaultLangID
FreeResource
LockResource
GlobalLock
SizeofResource
FindResourceA
MulDiv
lstrcmpiA
lstrcpyA
lstrlenA
GetPrivateProfileIntA
GetPrivateProfileStringA
_lcreat
LoadLibraryA
SetFileTime
GetProcAddress
lstrcatA
_lwrite
_lclose
DosDateTimeToFileTime
LocalFileTimeToFileTime
CloseHandle
GetModuleHandleA
GetCommandLineA
LoadResource

user32

SetWindowTextA
ReleaseDC
LoadStringA
CharNextA
DestroyWindow
GetDlgItemTextA
EndDialog
SendMessageA
CreateDialogParamA
EnumChildWindows
MessageBoxA
SetTimer
ShowWindow
EnableWindow
ExitWindowsEx
wsprintfA
PeekMessageA
TranslateMessage
DispatchMessageA
GetDC
DialogBoxParamA
GetDlgItem

gdi32

GetDeviceCaps
DeleteObject
CreateFontA

advapi32

OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
CloseServiceHandle
OpenSCManagerA
RegSetValueExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyExA

shell32

ShellExecuteExA

wsock32

htons
closesocket
setsockopt
recv
shutdown
WSAAsyncSelect
WSAStartup
WSACleanup
socket
WSAGetLastError
connect
send
ioctlsocket
gethostbyname

Exports

Exports

_LanguageDlg@16
_PasswordDlg@16
_ProgressDlg@16
_UpdateCRC@8
_t1@40
_t2@12

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WISE
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dsrdmoz
Size: 72KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

foqkfgz
Size: 4KB - Virtual size: 76KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

82c7d8ad677af5ff776ab0a771b2470c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wsock32

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 67KB

.WISE Size: 512B - Virtual size: 4B

.rsrc Size: 38KB - Virtual size: 39KB

dsrdmoz Size: 72KB - Virtual size: 100KB

foqkfgz Size: 4KB - Virtual size: 76KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 67KB

.WISE
Size: 512B - Virtual size: 4B

.rsrc
Size: 38KB - Virtual size: 39KB

dsrdmoz
Size: 72KB - Virtual size: 100KB

foqkfgz
Size: 4KB - Virtual size: 76KB