1f9f9a9890844b398dc16cde752bb79883963a2c141dd8681047264d26ec12d8

Sharing

Copy URL Twitter E-mail

General

Target

1f9f9a9890844b398dc16cde752bb79883963a2c141dd8681047264d26ec12d8
Size

484KB
MD5

0890e1bbd1b3460392c1780bd7955220
SHA1

cc3b1866c15fa2acbf9fa8b39619dc121243581e
SHA256

1f9f9a9890844b398dc16cde752bb79883963a2c141dd8681047264d26ec12d8
SHA512

a384ebf21866281cadff635fbfc261ca0d0bbaf76c504bb4a6c8d4185e5386e51051f30579471be5773d9cc5b904bdd37c0fa7333a695d27d0e751238ff32463
SSDEEP

3072:+D4ZgrwtJYkB+aFmInPJrLl3ae+givtT9xrW351wpwbnusOULsAN:I4SrYVPPJrLl3ae+gGTHrWwpsXLsq

Score

N/A

Malware Config

Signatures

Files

1f9f9a9890844b398dc16cde752bb79883963a2c141dd8681047264d26ec12d8
.exe windows x86

a10833f6c8f33b3ed519fdb5d484b1f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasDeleteEntryA

shlwapi

SHDeleteValueA
SHDeleteKeyA
PathFileExistsA
PathIsDirectoryA

modfrwk

CreateModContainer

mfc42

ord4284
ord665
ord1979
ord2393
ord5442
ord268
ord3318
ord5186
ord354
ord1567
ord1088
ord2431
ord2122
ord5290
ord6320
ord3573
ord1641
ord3571
ord3706
ord1640
ord2864
ord2575
ord3402
ord3574
ord567
ord5572
ord2915
ord6877
ord858
ord5450
ord5834
ord6394
ord2841
ord2448
ord2044
ord2107
ord3903
ord324
ord641
ord4234
ord4710
ord2860
ord3721
ord795
ord755
ord470
ord2859
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord860
ord561
ord941
ord861
ord6283
ord6282
ord2621
ord1134
ord3181
ord4058
ord2781
ord668
ord2770
ord356
ord6883
ord4278
ord801
ord4202
ord4277
ord541
ord5683
ord926
ord2764
ord6876
ord2725
ord1105
ord5861
ord1980
ord2820
ord3178
ord3310
ord6467
ord5856
ord939
ord6143
ord6930
ord6928
ord1997
ord922
ord5465
ord798
ord5194
ord533
ord940
ord2370
ord2645
ord1146
ord3089
ord6172
ord6379
ord4123
ord4133
ord5788
ord4297
ord2754
ord5782
ord5781
ord5787
ord2567
ord816
ord562
ord5440
ord6383
ord3693
ord5785
ord289
ord613
ord5875
ord6880
ord3874
ord535
ord4809
ord3797
ord4275
ord2405
ord556
ord323
ord609
ord809
ord640
ord4424
ord4396
ord1776
ord6055
ord1795
ord2379
ord4299
ord2414
ord3663
ord3626
ord3619
ord1168
ord5280
ord6605
ord6334
ord4853
ord4376
ord6199
ord3092
ord6380
ord6197
ord924
ord269
ord826
ord600
ord1578
ord537
ord2243
ord2302
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord5265
ord823
ord540
ord2818
ord800
ord825
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord815
ord1243
ord1197
ord1570
ord1253
ord1255
ord1576

msvcrt

__p__fmode
__set_app_type
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_EH_prolog
strcmp
_stat
fopen
fprintf
fclose
atoi
__p___argc
__p___argv
strcat
_mbsnbcpy
_mbsicmp
_ftol
_wtoi
strcpy
wcslen
_access
_mbscmp
strlen
memset
memcpy
__CxxFrameHandler
sprintf
_wcsicmp
_setmbcp
_controlfp

kernel32

GetLastError
GetCommandLineA
GetVersion
ReadProcessMemory
CloseHandle
WideCharToMultiByte
FindResourceA
OpenProcess
FreeResource
LockResource
SizeofResource
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalFree
InterlockedDecrement
MultiByteToWideChar
OutputDebugStringA
GetSystemDirectoryA
GetCurrentProcess
CreateDirectoryA
CreateProcessA
GetModuleFileNameA
CopyFileA
SetFileAttributesA
DeleteFileA
RemoveDirectoryA
GetVersionExA
WaitForSingleObject
CreateEventA
GetCurrentProcessId
SetCurrentDirectoryA
ResetEvent
TerminateThread
SetEvent
Sleep
TerminateProcess
GetExitCodeProcess
FreeLibrary
GetProcAddress
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
LoadLibraryExA
ReleaseMutex
GetLocalTime
CreateMutexA
GetCurrentThreadId
MulDiv
LocalFree
LocalAlloc
GetModuleHandleA
GetStartupInfoA
LoadResource

user32

UpdateWindow
CallWindowProcA
SystemParametersInfoA
SetWindowLongA
GetPropA
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
LoadIconA
EnumWindows
GetWindowThreadProcessId
SendMessageTimeoutA
RegisterWindowMessageA
FindWindowA
PostMessageA
GetActiveWindow
GetDesktopWindow
MessageBoxA
BeginPaint
EndPaint
GetWindowTextA
AdjustWindowRectEx
MoveWindow
GetWindow
GetDlgCtrlID
GetClassNameA
GetDC
IsWindow
EnumChildWindows
GetParent
KillTimer
SetTimer
IsWindowVisible
InvalidateRect
GetWindowRect
DrawFocusRect
WindowFromDC
LoadBitmapA
GetSysColor
GetFocus
SetCapture
ReleaseCapture
GetCapture
ClientToScreen
GetMenu
InflateRect
OffsetRect
SetPropA
SetRect
SendMessageA
GetClientRect
EnableWindow
GetCursorPos
CopyRect
IsRectEmpty
PtInRect
IntersectRect
FillRect
SetWindowRgn

gdi32

CreateFontW
GetTextExtentPointA
GetTextMetricsA
GetStockObject
SetTextColor
GetClipRgn
GetObjectA
GetBkColor
CreateRectRgnIndirect
CreateRoundRectRgn
GetRgnBox
FillRgn
RoundRect
StretchBlt
CreateFontIndirectA
GetPixel
BitBlt
CreateCompatibleDC
CombineRgn
CreateRectRgn
CreateFontA
CreateSolidBrush
DeleteObject
SetBkMode
CreatePen
SelectObject
CreateCompatibleBitmap

advapi32

RegDeleteValueA
RegEnumValueA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA

shell32

SHGetFolderPathA
SHGetSpecialFolderPathA
SHChangeNotify

ole32

OleInitialize
OleUninitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoInitialize

gdiplus

GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromGraphics
GdipBitmapGetPixel
GdiplusStartup
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDrawImageI
GdipSetRenderingOrigin
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a10833f6c8f33b3ed519fdb5d484b1f6

Headers

File Characteristics

Imports

rasapi32

shlwapi

modfrwk

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

gdiplus

msvcp60

Sections

.text Size: 100KB - Virtual size: 98KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 348KB - Virtual size: 348KB

.text
Size: 100KB - Virtual size: 98KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 348KB - Virtual size: 348KB