564f523b352725746b004670f60e686f56bdc773657eb9b06971c9fa37d43ac4

Sharing

Copy URL Twitter E-mail

General

Target

564f523b352725746b004670f60e686f56bdc773657eb9b06971c9fa37d43ac4
Size

351KB
MD5

5704752a4c14f9d016afc0984ff1e78d
SHA1

b59a85b536c2207ef4c7dd579df885846d3d924d
SHA256

564f523b352725746b004670f60e686f56bdc773657eb9b06971c9fa37d43ac4
SHA512

f42cf5695ad56ef722b393d5eebb8d05bb10d98ada608dbdfc9ff16cca433599c2dab3680560b564616f40cd9e92326a6dfa6d2a96cf41ab2104033d1b5c4844
SSDEEP

6144:BzUFEUoii1kdHOei8LmD6r/BnB60UaueP9pWU6JbbRPj9O:1UyUDH5tLfr/PhU5eP9cUIbFjQ

Score

N/A

Malware Config

Signatures

Files

564f523b352725746b004670f60e686f56bdc773657eb9b06971c9fa37d43ac4
.dll windows x86

7614cd90667ca207daa2cced681ab99a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wctomb
wcsstr
wcsrchr
wcsncpy
wcsncmp
wcschr
tolower
time
swprintf
strtoul
strstr
strrchr
strncmp
strchr
sprintf
realloc
rand
printf
memset
memcpy
mbtowc
malloc
localeconv
isxdigit
iswprint
iswctype
isupper
isspace
isleadbyte
isdigit
isalpha
gmtime
free
fprintf
fopen
ferror
fclose
clock
calloc
atoi
_wcsicmp
_unlock
_strtime
_strrev
_strnicmp
_strlwr
_stricmp
_snprintf
_read
_purecall
_lseeki64
_lsearch
_lock
_itoa
_ismbblead
_isatty
_iob
_initterm
_fileno
__badioinfo
__dllonexit
__mb_cur_max
__pioinfo
_errno
_atoi64
_amsg_exit
_XcptFilter

dbghelp

SymInitialize
SymGetTypeInfo
SymFunctionTableAccess
SymFindFileInPath
SymEnumerateSymbolsW64
SymEnumSymbols
SymCleanup
ImageRvaToVa
FindExecutableImageEx

user32

DispatchMessageA
EnumChildWindows
GetWindowThreadProcessId
GetClassNameA
wsprintfW
TranslateMessage
SetWindowTextA
PeekMessageA
EnumWindows

kernel32

CreateFileMappingA
CreateFileA
CompareFileTime
HeapFree
lstrlenA
lstrcmpA
WriteFile
WideCharToMultiByte
WaitForMultipleObjectsEx
VirtualQuery
VirtualFreeEx
VirtualAllocEx
VirtualAlloc
UnregisterWaitEx
UnmapViewOfFile
TerminateProcess
SystemTimeToFileTime
SetNamedPipeHandleState
SetFilePointer
SetFileApisToANSI
SearchPathA
RtlUnwind
ReadFile
QueryPerformanceCounter
OutputDebugStringA
MultiByteToWideChar
MapViewOfFile
LockResource
LockFileEx
LocalFree
LoadResource
LoadLibraryA
IsBadStringPtrA
InterlockedExchange
InterlockedCompareExchange
CreateTapePartition
HeapAlloc
GetVersionExW
GetVersionExA
GetVersion
GetTickCount
GetSystemTimeAsFileTime
GetProcessPriorityBoost
GetProcessHeap
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetLocalTime
GetLastError
GetFileSize
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
GetCPInfo
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindClose
ExitProcess
CloseHandle

ole32

CoInitialize
CoCreateInstance
CoUninitialize

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegCloseKey

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

HelperGetCurrentRowMessage
PlaneIntersectLine
StartCompressBuffer
StopSaveData
Vec2TransformCoordArray
Vec3TransformArray

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7614cd90667ca207daa2cced681ab99a

Headers

File Characteristics

Imports

msvcrt

dbghelp

user32

kernel32

ole32

advapi32

version

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 166KB - Virtual size: 166KB

.data Size: 68KB - Virtual size: 71KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 166KB - Virtual size: 166KB

.data
Size: 68KB - Virtual size: 71KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 3KB - Virtual size: 3KB