78465dac4538fbed687ff070bf8eb048ce321722ac6ae88e19de22df3d29f7e3

Sharing

Copy URL Twitter E-mail

General

Target

78465dac4538fbed687ff070bf8eb048ce321722ac6ae88e19de22df3d29f7e3
Size

228KB
MD5

136e9507e75b67c6a89b79a5e1960c50
SHA1

726eb2cd45842292ea57cafd17594b69d9f39c67
SHA256

78465dac4538fbed687ff070bf8eb048ce321722ac6ae88e19de22df3d29f7e3
SHA512

02c23dfadb620c1b307f2eeb046f50d85fb0a7264cc3650339b9dd311149ee30ceb9893b7c30a5ec36156474865120057ac34b006ba65fbf984c8185184b70ff
SSDEEP

3072:CXwAag5Se14SwWRjONrqbHY+V3bAmkVfsEd7io9cGX:ZAaCXrON4LjkVfsU9cGX

Score

N/A

Malware Config

Signatures

Files

78465dac4538fbed687ff070bf8eb048ce321722ac6ae88e19de22df3d29f7e3
.exe windows x86

d9070da324160df4ae4d579d7beac435

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
IsBadCodePtr
GetCurrentThreadId
GetCommandLineA
GetCurrentProcessId
IsValidCodePage
GetUserDefaultUILanguage
GetUserDefaultLCID
MultiByteToWideChar
lstrlenW
lstrlenA
WideCharToMultiByte
Thread32Next
ResumeThread
SuspendThread
OpenThread
Thread32First
Sleep
SetPriorityClass
GetTickCount
GetLastError
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
SetEvent
CreateThread
VirtualProtect
IsBadReadPtr
GetModuleHandleA
CloseHandle
GetSystemInfo
LocalFree
GetStartupInfoA
GetVersion
GetUserDefaultLangID
MulDiv

user32

GetCapture
IsMenu
GetDesktopWindow
GetCursor
GetActiveWindow
IsCharLowerA
CharUpperA
CharLowerA
GetWindowRect
PostMessageA
GetSystemMetrics
IsCharUpperA
IsCharAlphaA
GetFocus
GetForegroundWindow
CreateWindowExA
GetInputState
IsCharAlphaNumericA
IsWindow

advapi32

RegCreateKeyExA

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoUninitialize

oleaut32

SysAllocStringByteLen
GetErrorInfo
SysAllocString
VariantClear
SysStringByteLen
SysAllocStringLen
SysFreeString
SysStringLen

msvcp60

?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPADD@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??1?$ctype@D@std@@UAE@XZ
??0_Lockit@std@@QAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
?_Iscloc@locale@std@@QBE_NXZ
??0?$ctype@D@std@@QAE@PBF_NI@Z
??1_Lockit@std@@QAE@XZ
?_Xran@std@@YAXXZ
??_7bad_cast@std@@6B@
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_tolower@?$ctype@D@std@@MBEDD@Z
?do_toupper@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_toupper@?$ctype@D@std@@MBEDD@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0locale@std@@QAE@PBDH@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??1locale@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z

msvcrt

memcmp
_strdup
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
atoi
sprintf
strncat
strcat
_strnicmp
_stricmp
strstr
strchr
strncpy
strcpy
free
_itoa
??0exception@@QAE@ABQBD@Z
wcslen
malloc
_CxxThrowException
??0exception@@QAE@ABV0@@Z
strlen
__CxxFrameHandler
_except_handler3
rand
srand
memset
??2@YAPAXI@Z
memcpy
wcscmp

ws2_32

send
getsockopt
connect
htons
setsockopt
socket
gethostbyname
WSAStartup
recv
closesocket
WSACleanup

Sections

.text
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d9070da324160df4ae4d579d7beac435

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp60

msvcrt

ws2_32

Sections

.text Size: 188KB - Virtual size: 184KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 4KB

.text
Size: 188KB - Virtual size: 184KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 4KB