ce6d70b1e1eab7b08351708fdeb0dd36d518cca0a4f7f074a8eccf8a281e9ec7

Sharing

Copy URL Twitter E-mail

General

Target

ce6d70b1e1eab7b08351708fdeb0dd36d518cca0a4f7f074a8eccf8a281e9ec7
Size

216KB
MD5

d998778f5be0285d54d85ad2b85b1ceb
SHA1

aec4c088640249e01aba80ef6726fafc97daa785
SHA256

ce6d70b1e1eab7b08351708fdeb0dd36d518cca0a4f7f074a8eccf8a281e9ec7
SHA512

2eacd979a0b57e85af3130de9979ccfc9f032359bd7f84d2fa49228c94087b2e8fe53e8bf29f46c4e3fc2a1e59b97cc8ce1a0f925baf380c7b7356a6b21e1a65
SSDEEP

6144:lndZTpkl2GZ4FazNg8cf98m4SPsKXTcxHs2n/UHz:ljsmP5YxHs2nC

Score

N/A

Malware Config

Signatures

Files

ce6d70b1e1eab7b08351708fdeb0dd36d518cca0a4f7f074a8eccf8a281e9ec7
.dll windows x86

c2bc2c002d72b997956f58f3fbecae2f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
lstrlenA
lstrcatA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
WriteFile
UnmapViewOfFile
GetTempPathA
Process32First
Process32Next
CreateToolhelp32Snapshot
Module32First
Module32Next
GetSystemDirectoryA
OpenProcess
TerminateProcess
WaitForSingleObject
GetLongPathNameA
FindFirstFileA
FindClose
SetFileAttributesA
CreateDirectoryA
lstrcmpiA
GetCurrentProcess
GetVersionExA
GetVersion
CreateFileA
GetFileSize
GetLastError
DeleteFileA
Sleep
GetModuleFileNameA
GetWindowsDirectoryA
GetLogicalDrives
GetDriveTypeA
CloseHandle
DeviceIoControl

user32

wsprintfA
SendMessageA
FindWindowA
EnumChildWindows
SetTimer
GetWindowTextA
KillTimer

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegEnumKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegSetKeySecurity
RegOpenKeyA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDestroyHash
CryptReleaseContext

shell32

SHGetSpecialFolderPathA

msvcp60

?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0runtime_error@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??_7runtime_error@std@@6B@
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?freeze@strstreambuf@std@@QAEX_N@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@strstreambuf@std@@MAEHH@Z
?overflow@strstreambuf@std@@MAEHH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
?_Global@_Locimp@locale@std@@0PAV123@A
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??1strstreambuf@std@@UAE@XZ
??1ostrstream@std@@UAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ

msvcrt

strncpy
_strlwr
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
fwrite
_strdup
strrchr
??2@YAPAXI@Z
__CxxFrameHandler
_splitpath
sprintf
strtok
fclose
fread
fopen
_itoa
_mbsnbcpy
free
malloc
realloc
_mbsupr
_mbslwr
memmove
_mbsinc
_ismbcspace
_mbsstr
_mbscmp
_vsnprintf
calloc
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
??0exception@@QAE@XZ
_purecall
fseek
ftell

msvcirt

??0ifstream@@QAE@XZ
??_Difstream@@QAEXXZ
??1ios@@UAE@XZ
??1ifstream@@UAE@XZ
?close@ifstream@@QAEXXZ
?read@istream@@QAEAAV1@PADH@Z
?open@ifstream@@QAEXPBDHH@Z
?sh_read@filebuf@@2HB

Exports

Exports

EngineMonX
PowerScanMonX
ReleaseMonX
RepairMonX
StartMon
StopMon
UnProtectMon

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2bc2c002d72b997956f58f3fbecae2f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp60

msvcrt

msvcirt

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 12KB - Virtual size: 105KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 12KB - Virtual size: 105KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 24KB - Virtual size: 20KB