6b5eb033cd53af1e9a42a618aeba97236f0167349a07a09e8e29e10e5dd5075f

Sharing

Copy URL Twitter E-mail

General

Target

6b5eb033cd53af1e9a42a618aeba97236f0167349a07a09e8e29e10e5dd5075f
Size

88KB
MD5

64f22a6d9a6e40cf35420edee8a5ca63
SHA1

28356ee3bcb34658f9b7b503450480570f439d12
SHA256

6b5eb033cd53af1e9a42a618aeba97236f0167349a07a09e8e29e10e5dd5075f
SHA512

25406fc1c9c389e5d1ccfe3eb62585da463e901578e35cd00b645d554bd873940e55939339fbfe9ef42c6c254ed70ffc6929512797a5fff4dc70885a1b470f3a
SSDEEP

1536:qq0wDY0p2L1QwllQV122XfsXcvGl2J9sr8OX5Og1IVYfI3IR:qqJDY0p2iwl6ZsXgGmsrpOg1IVf3k

Score

N/A

Malware Config

Signatures

Files

6b5eb033cd53af1e9a42a618aeba97236f0167349a07a09e8e29e10e5dd5075f
.dll windows x86

8229ff023a8b05fa4166086398591f79

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80u

ord1271
ord1058
ord4119
ord1894
ord760
ord572
ord3189
ord4255
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2985
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord3155
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord416
ord354
ord3176
ord4256
ord5199
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord4884
ord4729
ord4206
ord5178
ord1785
ord709
ord501
ord2651
ord6063
ord1555
ord5803
ord4574
ord266
ord265
ord6086
ord3635
ord1925
ord1118
ord3204
ord1472
ord6749
ord6751
ord3390
ord280
ord384
ord3927
ord5083
ord2897
ord2460
ord5319
ord5398
ord1430
ord6284
ord2011
ord629
ord776
ord4026
ord777
ord2310
ord370
ord2260
ord2261
ord5558
ord4074
ord618
ord5416
ord1908
ord3990
ord386
ord2271
ord2279
ord2745
ord774
ord631
ord267
ord575
ord1079
ord6111
ord6700
ord282
ord2895
ord1479
ord5524
ord4101
ord870
ord899
ord651
ord620
ord605
ord2121
ord900
ord293
ord2311
ord896
ord1093
ord371
ord1168
ord762
ord5708
ord1176
ord283
ord577
ord1178
ord1182
ord2384
ord764

msvcr80

__dllonexit
_unlock
wcsncpy_s
wcscat_s
_wsplitpath_s
vswprintf_s
wcsncmp
wcsrchr
swscanf_s
srand
rand
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
_encode_pointer
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
wprintf
_set_invalid_parameter_handler
memcpy_s
_i64tow_s
memset
memcpy
__CxxFrameHandler3
wcsftime
_localtime64_s
_time64
strchr
_recalloc
_lock
_onexit
_decode_pointer
_except_handler4_common
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_CxxThrowException
__clean_type_info_names_internal

kernel32

WriteFile
SetFileAttributesW
DeleteFileW
GetPrivateProfileIntW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
WritePrivateProfileStringW
lstrlenA
VirtualQueryEx
GetModuleFileNameA
CreateFileA
CloseHandle
GetVersionExW
IsBadReadPtr
VirtualProtect
GetLastError
MultiByteToWideChar
SetLastError
GetModuleFileNameW
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
OpenProcess
GetCurrentProcessId
GetSystemDefaultLCID
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultUILanguage
GetSystemDefaultLangID
GetOEMCP
GetACP
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
LoadLibraryW
GetCurrentThreadId
CreateFileW
GetUserDefaultLCID
WideCharToMultiByte
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
SetUnhandledExceptionFilter

user32

EnableWindow
SendMessageW
GetSystemMetrics
KillTimer
SetTimer
GetClientRect
MessageBeep
LoadBitmapW
GetWindowRect
UnregisterClassA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW

shell32

SHGetFolderPathW

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysAllocString

log

?GetExeFolder@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetUserAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?CreateObjectFromFile@@YAJPB_WPAUIUnknown@@ABU_GUID@@2PAPAX@Z

msvcp80

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?allocate@?$allocator@D@std@@QAEPADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z

imagehlp

SymSetOptions
SymInitialize
SymFunctionTableAccess
StackWalk
SymGetSymFromAddr
SymGetModuleInfo
SymLoadModule

psapi

EnumProcessModules

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetConnectA
InternetCloseHandle

Exports

Exports

?SetExceptionCatcher@@YAXPB_WH@Z

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8229ff023a8b05fa4166086398591f79

Headers

File Characteristics

Imports

mfc80u

msvcr80

kernel32

user32

advapi32

shell32

oleaut32

log

msvcp80

imagehlp

psapi

version

wininet

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 8KB - Virtual size: 5KB