9606961aac5b5a76bfc051b8b4b20ae4011a9ecfd331f78cb3d15c918da08aeb

Sharing

Copy URL Twitter E-mail

General

Target

9606961aac5b5a76bfc051b8b4b20ae4011a9ecfd331f78cb3d15c918da08aeb
Size

652KB
MD5

f25f1debd1183cda33e7ef5df85b31a8
SHA1

1db8dc0e7f4276dd09fb741b85ae13001d155527
SHA256

9606961aac5b5a76bfc051b8b4b20ae4011a9ecfd331f78cb3d15c918da08aeb
SHA512

3c4bd5b7c06c780913f627b7102de01fbdf2cecbe9911c5d1ebd1527177baa66772f208fe8bc56c9bc3a2f14687bf99f1ff7f87f833147a8eaba1c3a8e1105c4
SSDEEP

12288:/JfTdIAag7H4WToXwbswb9VOExxLEBfavTYsk8jk:hBZFYWvL+ExW5ATDkI

Score

N/A

Malware Config

Signatures

Files

9606961aac5b5a76bfc051b8b4b20ae4011a9ecfd331f78cb3d15c918da08aeb
.exe windows x86

9cdc48ede5e5e7b2cd58fe4e23e417e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

storm

ord253
ord252
ord269
ord267
ord266

fog

ord10019
gdwInvBitMasks
gdwBitMasks
ord10022
ord10029

ddraw

DirectDrawEnumerateA
DirectDrawCreate

user32

LoadStringA
LoadCursorA
DialogBoxIndirectParamA
DialogBoxParamA
wvsprintfA
CreateDialogIndirectParamA
CreateDialogParamA
CreateWindowExA
EnumDisplaySettingsA
SetCursor
DefWindowProcA
RegisterClassA
SendMessageA
PostMessageA
SetForegroundWindow
SetActiveWindow
SetFocus
BringWindowToTop
GetWindowTextA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
EndDialog
MessageBoxA
DestroyWindow
UnregisterClassA
ShowWindow
GetDlgItem
SetWindowTextA

gdi32

GetStockObject

kernel32

RtlUnwind
TlsGetValue
WideCharToMultiByte
CloseHandle
FlushFileBuffers
LCMapStringW
LCMapStringA
ReadFile
SetStdHandle
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
TlsSetValue
lstrlenA
SleepEx
CreateThread
GetLastError
CreateEventA
SetLastError
GetProcAddress
LoadLibraryA
LockResource
LoadResource
FindResourceExA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcpynA
TerminateProcess
GetCurrentProcess
GetEnvironmentStringsW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
GetEnvironmentVariableA
TlsAlloc
GetVersionExA
InterlockedDecrement
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapCreate
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
InterlockedIncrement
HeapDestroy
VirtualFree
HeapFree
WriteFile
HeapReAlloc
HeapAlloc
HeapSize

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9cdc48ede5e5e7b2cd58fe4e23e417e1

Headers

File Characteristics

Imports

storm

fog

ddraw

user32

gdi32

kernel32

advapi32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 24KB - Virtual size: 45KB

.rsrc Size: 80KB - Virtual size: 96KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 24KB - Virtual size: 45KB

.rsrc
Size: 80KB - Virtual size: 96KB