b74d9e6922b28783cb49d72a3b32080a1044a10758beca9227c7a26fb5165c2a

Sharing

Copy URL Twitter E-mail

General

Target

b74d9e6922b28783cb49d72a3b32080a1044a10758beca9227c7a26fb5165c2a
Size

873KB
MD5

35332953067f1c8eb26e22d5f155c09c
SHA1

c023b385d6eaf3cfe1b0691b24cf7acc371da405
SHA256

b74d9e6922b28783cb49d72a3b32080a1044a10758beca9227c7a26fb5165c2a
SHA512

75c3c013545b0d95f40ef2b7b5605b942616a1ac770b7360e40602d205a4c33ed88b7fb26b112fa18e5828698a45fc4748a3028f6670614d9c2172b5ce1a3e57
SSDEEP

24576:YsTbi5PSagkMCR4OkHf+BUwOnl5F/XYumxoev:YsTON3COk2U3jF/XYu2

Score

N/A

Malware Config

Signatures

Files

b74d9e6922b28783cb49d72a3b32080a1044a10758beca9227c7a26fb5165c2a
.exe windows x86

91aaf25cbf91048778f646dcd51717a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

iswalnum
fabs
_seh_longjmp_unwind
_ftime
_execlp
__getmainargs
__threadhandle
__set_app_type
_utime
_mbsnset
??4exception@@QAEAAV0@ABV0@@Z
rewind
_mbsicmp
_getch
__p__commode
wprintf
iswcntrl
exit
_isnan
??8type_info@@QBEHABV0@@Z
wcsxfrm
towlower
__RTtypeid
strcpy
puts
_ismbbkprint

user32

GetInternalWindowPos
IsCharAlphaA
PostQuitMessage
EnumDisplaySettingsExA
SetClipboardData
IMPSetIMEW
RegisterClassW
DdeUnaccessData
IMPGetIMEW
ModifyMenuW
GetMouseMovePointsEx
DefWindowProcW
CharToOemW
GetSystemMetrics
PrintWindow
LoadBitmapA
DdeImpersonateClient
CallMsgFilterW
UnhookWindowsHookEx
GetKeyState
FindWindowW
LoadKeyboardLayoutW

msvcirt

?clog@@3Vostream_withassign@@A
?get@istream@@QAEAAV1@AAE@Z
??0ofstream@@QAE@PBDHH@Z
??1istrstream@@UAE@XZ
??0istrstream@@QAE@ABV0@@Z
??1istream_withassign@@UAE@XZ
??4Iostream_init@@QAEAAV0@ABV0@@Z
??1streambuf@@UAE@XZ
??_Distream@@QAEXXZ
?close@ofstream@@QAEXXZ
??_7ostrstream@@6B@
??6ostream@@QAEAAV0@K@Z
?opfx@ostream@@QAEHXZ
??_Eostream@@UAEPAXI@Z
??_7exception@@6B@
?sbumpc@streambuf@@QAEHXZ
?cout@@3Vostream_withassign@@A
??_Giostream@@UAEPAXI@Z
?rdbuf@ios@@QBEPAVstreambuf@@XZ

wship6

WSHGetProviderGuid
WSHOpenSocket
WSHStringToAddress
WSHIoctl
WSHJoinLeaf
WSHGetWSAProtocolInfo
WSHAddressToString
WSHGetSockaddrType
WSHSetSocketInformation
WSHGetWinsockMapping
WSHGetWildcardSockaddr
WSHNotify
WSHOpenSocket2
WSHEnumProtocols
WSHGetSocketInformation

ntdll

NtDisplayString
ZwDebugActiveProcess
memcpy
ZwQueryMultipleValueKey
RtlCancelTimer
_vsnwprintf
ZwResetEvent
NtWaitForMultipleObjects
RtlCheckRegistryKey
RtlCompareString
NtQuerySystemEnvironmentValue
RtlSetControlSecurityDescriptor
ZwGetContextThread
RtlSetGroupSecurityDescriptor
RtlFindMessage
RtlxUnicodeStringToOemSize
RtlMoveMemory
RtlpNtQueryValueKey
NtQueryIoCompletion
RtlEnlargedUnsignedMultiply
NtPrivilegeObjectAuditAlarm
NtDeleteAtom

kernel32

GetStartupInfoW
SetHandleContext
GetModuleHandleW
LoadModule
GetFirmwareEnvironmentVariableA
FindFirstVolumeW
WriteConsoleInputVDMW
DefineDosDeviceA
FindNextVolumeW
LoadLibraryW
HeapAlloc
GetNamedPipeInfo
GlobalAlloc

Sections

.text
Size: 403KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 207KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91aaf25cbf91048778f646dcd51717a4

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

user32

msvcirt

wship6

ntdll

kernel32

Sections

.text Size: 403KB - Virtual size: 403KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 207KB - Virtual size: 1.6MB

.rsrc Size: 142KB - Virtual size: 142KB

.reloc Size: 1024B - Virtual size: 964B

.text
Size: 403KB - Virtual size: 403KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 207KB - Virtual size: 1.6MB

.rsrc
Size: 142KB - Virtual size: 142KB

.reloc
Size: 1024B - Virtual size: 964B