4edbdd06d6c9f6c136f8692703b966803736a353f6110f0cf6b7cf1c8ba22b22

Sharing

Copy URL

Twitter E-mail

General

Target

4edbdd06d6c9f6c136f8692703b966803736a353f6110f0cf6b7cf1c8ba22b22
Size

304KB
MD5

99415edb557f83645f9d75f529d8660e
SHA1

47df8a5f412fb4d156cd19ada04057ca8acf5c15
SHA256

4edbdd06d6c9f6c136f8692703b966803736a353f6110f0cf6b7cf1c8ba22b22
SHA512

11bb78ad2466eb922d4cefdedbfee2038f5e2405d6a596b915bb18bb1bcb9f8adb2bc2602953ed7f7d02d621e81f654eb393825841edd6258a34283d43d9cd66
SSDEEP

6144:vvvjEGrfvjyQ/MkL2DxOJrdHNzgedbHuLJ7gcEW67/Pi:zrfvjh/nSxOJrt9dzuL5g5RHi

Score

N/A

Malware Config

Signatures

Files

4edbdd06d6c9f6c136f8692703b966803736a353f6110f0cf6b7cf1c8ba22b22
.exe windows x86

35e2459c455a2d6e629bf2db965aa155

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetUserObjectInformationA
MessageBoxA
GetProcessWindowStation

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoUninitialize
CoInitialize

msvcrt

_strupr
vsprintf
ctime
_purecall
malloc
swprintf
wcsstr
_errno
__CxxFrameHandler
strncpy
memcpy
sprintf
memmove
_splitpath
fread
fprintf
free
srand
fseek
_amsg_exit
fopen
calloc
memset
ftell
time
_snprintf
printf
localtime
_XcptFilter
strstr
strncmp
toupper
_stricmp
fflush
wcsncpy
fclose
_initterm
rand
_wcsicmp
_CxxThrowException

kernel32

QueryDosDeviceA
GetCurrentThreadId
DuplicateHandle
GetFileTime
LeaveCriticalSection
WaitForSingleObject
GetSystemTimeAsFileTime
GetFileSize
ReadFile
GetFullPathNameA
DeleteFileA
VirtualFree
SystemTimeToFileTime
GetTimeZoneInformation
OutputDebugStringA
WideCharToMultiByte
FlushFileBuffers
SetFilePointer
EnterCriticalSection
DeviceIoControl
FindNextFileA
FileTimeToSystemTime
CreateFileA
VirtualAlloc
CloseHandle
UnhandledExceptionFilter
CreateEventA
WriteFile
FreeLibrary
SetUnhandledExceptionFilter
CreateThread
FindClose
GetLogicalDrives
ResetEvent
DeleteCriticalSection
IsBadCodePtr
FindFirstFileA
GetSystemTime
GetModuleHandleA
RtlUnwind
VirtualAllocEx

atmlib

ATMFinish
ATMGetNtmFields
ATMGetBuildStr
ATMInstallSubstFontW
ATMGetFontInfoW
ATMGetVersionEx
ATMRemoveSubstFontA
ATMProperlyLoaded
ATMMakePFMW
ATMGetOutlineA
ATMBBoxBaseXYShowTextA
ATMXYShowTextA

psbase

SPSetProvParam
SPCloseItem
SPGetProvInfo

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35e2459c455a2d6e629bf2db965aa155

Headers

File Characteristics

Imports

user32

advapi32

ole32

msvcrt

kernel32

atmlib

psbase

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 274KB - Virtual size: 1.3MB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 274KB - Virtual size: 1.3MB

.rsrc
Size: 6KB - Virtual size: 5KB