8a142d126c48d63d75fe895854c0b5df15804223be317e6f2abb9eb54dcff612

Sharing

Copy URL Twitter E-mail

General

Target

8a142d126c48d63d75fe895854c0b5df15804223be317e6f2abb9eb54dcff612
Size

304KB
MD5

10c346cb67b59054ff65352a71cea64a
SHA1

1dbbd66544d188af31ba97dce9a2c616b7d54f48
SHA256

8a142d126c48d63d75fe895854c0b5df15804223be317e6f2abb9eb54dcff612
SHA512

5addb713e784a9ef3805fd4d1e135c7d948daa11180f09205ac250c071e174c5366a976b55f95810011c1d382dacf6a0c8c0f2c07f1621003f17c9ea8cc69bbe
SSDEEP

6144:+vvjEGrfvjyQ/MkL2DxOJrdHNzgedbHuLJ7gcEW67/Pi:Urfvjh/nSxOJrt9dzuL5g5RHi

Score

N/A

Malware Config

Signatures

Files

8a142d126c48d63d75fe895854c0b5df15804223be317e6f2abb9eb54dcff612
.exe windows x86

35e2459c455a2d6e629bf2db965aa155

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetUserObjectInformationA
MessageBoxA
GetProcessWindowStation

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoUninitialize
CoInitialize

msvcrt

_strupr
vsprintf
ctime
_purecall
malloc
swprintf
wcsstr
_errno
__CxxFrameHandler
strncpy
memcpy
sprintf
memmove
_splitpath
fread
fprintf
free
srand
fseek
_amsg_exit
fopen
calloc
memset
ftell
time
_snprintf
printf
localtime
_XcptFilter
strstr
strncmp
toupper
_stricmp
fflush
wcsncpy
fclose
_initterm
rand
_wcsicmp
_CxxThrowException

kernel32

QueryDosDeviceA
GetCurrentThreadId
DuplicateHandle
GetFileTime
LeaveCriticalSection
WaitForSingleObject
GetSystemTimeAsFileTime
GetFileSize
ReadFile
GetFullPathNameA
DeleteFileA
VirtualFree
SystemTimeToFileTime
GetTimeZoneInformation
OutputDebugStringA
WideCharToMultiByte
FlushFileBuffers
SetFilePointer
EnterCriticalSection
DeviceIoControl
FindNextFileA
FileTimeToSystemTime
CreateFileA
VirtualAlloc
CloseHandle
UnhandledExceptionFilter
CreateEventA
WriteFile
FreeLibrary
SetUnhandledExceptionFilter
CreateThread
FindClose
GetLogicalDrives
ResetEvent
DeleteCriticalSection
IsBadCodePtr
FindFirstFileA
GetSystemTime
GetModuleHandleA
RtlUnwind
VirtualAllocEx

atmlib

ATMFinish
ATMGetNtmFields
ATMGetBuildStr
ATMInstallSubstFontW
ATMGetFontInfoW
ATMGetVersionEx
ATMRemoveSubstFontA
ATMProperlyLoaded
ATMMakePFMW
ATMGetOutlineA
ATMBBoxBaseXYShowTextA
ATMXYShowTextA

psbase

SPSetProvParam
SPCloseItem
SPGetProvInfo

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35e2459c455a2d6e629bf2db965aa155

Headers

File Characteristics

Imports

user32

advapi32

ole32

msvcrt

kernel32

atmlib

psbase

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 274KB - Virtual size: 1.3MB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 274KB - Virtual size: 1.3MB

.rsrc
Size: 6KB - Virtual size: 5KB