2a16407ced0d3128e910a0cf9427ab7dede50cb599d7c529666d3e3a125e6ccf

Sharing

Copy URL

Twitter E-mail

General

Target

2a16407ced0d3128e910a0cf9427ab7dede50cb599d7c529666d3e3a125e6ccf
Size

304KB
MD5

2ad82ae01c3712801eb231e82b6a2800
SHA1

1f00c2ca43ccc2511a913de33561cf91ebfbc58f
SHA256

2a16407ced0d3128e910a0cf9427ab7dede50cb599d7c529666d3e3a125e6ccf
SHA512

81e52dd28f0909a50deb23b1bb0feca8f4c40b537334e208d96daffc897f97a6ea2d3f3cd89fce9abf647880b5bd0bd61d7dee23ddfd2b8da62c2916dcdfb38e
SSDEEP

6144:yvvjEGrfvjyQ/MkL2DxOJrdHNzgedbHuLJ7gcEW67/Pi:Yrfvjh/nSxOJrt9dzuL5g5RHi

Score

N/A

Malware Config

Signatures

Files

2a16407ced0d3128e910a0cf9427ab7dede50cb599d7c529666d3e3a125e6ccf
.exe windows x86

35e2459c455a2d6e629bf2db965aa155

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetUserObjectInformationA
MessageBoxA
GetProcessWindowStation

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoUninitialize
CoInitialize

msvcrt

_strupr
vsprintf
ctime
_purecall
malloc
swprintf
wcsstr
_errno
__CxxFrameHandler
strncpy
memcpy
sprintf
memmove
_splitpath
fread
fprintf
free
srand
fseek
_amsg_exit
fopen
calloc
memset
ftell
time
_snprintf
printf
localtime
_XcptFilter
strstr
strncmp
toupper
_stricmp
fflush
wcsncpy
fclose
_initterm
rand
_wcsicmp
_CxxThrowException

kernel32

QueryDosDeviceA
GetCurrentThreadId
DuplicateHandle
GetFileTime
LeaveCriticalSection
WaitForSingleObject
GetSystemTimeAsFileTime
GetFileSize
ReadFile
GetFullPathNameA
DeleteFileA
VirtualFree
SystemTimeToFileTime
GetTimeZoneInformation
OutputDebugStringA
WideCharToMultiByte
FlushFileBuffers
SetFilePointer
EnterCriticalSection
DeviceIoControl
FindNextFileA
FileTimeToSystemTime
CreateFileA
VirtualAlloc
CloseHandle
UnhandledExceptionFilter
CreateEventA
WriteFile
FreeLibrary
SetUnhandledExceptionFilter
CreateThread
FindClose
GetLogicalDrives
ResetEvent
DeleteCriticalSection
IsBadCodePtr
FindFirstFileA
GetSystemTime
GetModuleHandleA
RtlUnwind
VirtualAllocEx

atmlib

ATMFinish
ATMGetNtmFields
ATMGetBuildStr
ATMInstallSubstFontW
ATMGetFontInfoW
ATMGetVersionEx
ATMRemoveSubstFontA
ATMProperlyLoaded
ATMMakePFMW
ATMGetOutlineA
ATMBBoxBaseXYShowTextA
ATMXYShowTextA

psbase

SPSetProvParam
SPCloseItem
SPGetProvInfo

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 274KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35e2459c455a2d6e629bf2db965aa155

Headers

File Characteristics

Imports

user32

advapi32

ole32

msvcrt

kernel32

atmlib

psbase

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 274KB - Virtual size: 1.3MB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 274KB - Virtual size: 1.3MB

.rsrc
Size: 6KB - Virtual size: 5KB