ab91d3a3eb428a8377a3785980dbf54092d87bda29ad54b9c67a2e001c9aaca1

Sharing

Copy URL Twitter E-mail

General

Target

ab91d3a3eb428a8377a3785980dbf54092d87bda29ad54b9c67a2e001c9aaca1
Size

238KB
MD5

6ce764c16e7ab861d7d41ca1dba3b23b
SHA1

57a97bb25ce9e41a7d91cd73fe36db8f3b9597ea
SHA256

ab91d3a3eb428a8377a3785980dbf54092d87bda29ad54b9c67a2e001c9aaca1
SHA512

d5ff27c009308c4a8a902c94964e05b11e889ad37af086b1a33b9e3ddaeec6bd28b744229e66a2c78ef8a535c590aebcb4252ae72f33a4caa86c75c11a17b76b
SSDEEP

3072:jPootcW0YPoLR0dKE7Ef5c0w+w5bnqTThPbnRqyGdf3u++RHlWCMITWasKgiEe8f:1tvmR0kEA/wTWbhof30RJGggLXf

Score

N/A

Malware Config

Signatures

Files

ab91d3a3eb428a8377a3785980dbf54092d87bda29ad54b9c67a2e001c9aaca1
.exe windows x86

9e49d5d02ca49412a94ba5e7dda0e16b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsnicmp
wcschr
_wcsicmp
wcscpy
_wcsupr
wcslen
wcspbrk
memmove
wcstoul
_snwprintf
wcsrchr
??3@YAXPAX@Z
_itow
_ultow
wcscat
qsort
_wcslwr
wcsspn
towlower
_vsnwprintf
free
_initterm
malloc
_adjust_fdiv
__dllonexit
_onexit
_except_handler3
__CxxFrameHandler
??2@YAPAXI@Z
wcsstr
wcsncpy

msvcp60

?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIIG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?_Xran@std@@YAXXZ
?_Xlen@std@@YAXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPAGII@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z

advapi32

RegCreateKeyExW
RegDeleteValueW
EqualSid
RegConnectRegistryW
RegDeleteKeyW
GetOldestEventLogRecord
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
IsValidSid
ClearEventLogW
ReadEventLogW
OpenBackupEventLogA
OpenEventLogW
GetNumberOfEventLogRecords
CloseEventLog
BackupEventLogW
ConvertStringSidToSidW
LookupAccountSidW
GetLengthSid
RegQueryValueExW

kernel32

GetLocalTime
GetTimeZoneInformation
GetProcessHeap
HeapAlloc
HeapFree
GetWindowsDirectoryW
WideCharToMultiByte
DisableThreadLibraryCalls
IsBadReadPtr
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetTickCount
GetLocaleInfoW
IsBadStringPtrW
LocalAlloc
GlobalAlloc
GlobalLock
CloseHandle
GlobalFree
LoadLibraryA
lstrcpynW
GetSystemWindowsDirectoryW
FileTimeToSystemTime
lstrcatW
GetTimeFormatW
GetDateFormatW
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetDriveTypeW
SetUnhandledExceptionFilter
CreateThread
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetUserDefaultLCID
GlobalUnlock
GetComputerNameW
GetCommandLineW
DeleteFileW
GetFileAttributesExW
WriteFile
GetFileSize
DeleteCriticalSection
InterlockedIncrement
MultiByteToWideChar
GetLastError
InterlockedDecrement
LocalFree
GetModuleHandleA
GetModuleHandleW
GetProcAddress
lstrcmpiW
lstrcmpW
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
FreeLibrary
FormatMessageW
ExpandEnvironmentStringsW
lstrcpyW
lstrlenW
CreateFileW

user32

EnableWindow
CloseClipboard
SetClipboardData
IsDlgButtonChecked
EmptyClipboard
OpenClipboard
ShowWindow
SetDlgItemTextW
SetFocus
ReleaseDC
GetDC
SetWindowPos
CheckRadioButton
PostMessageW
DestroyWindow
GetWindowLongW
CreateDialogParamW
DialogBoxParamW
EndDialog
GetClientRect
CharUpperBuffA
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
GetWindow
IsCharAlphaW
GetWindowTextLengthW
SetDlgItemInt
GetDlgItemInt
LoadStringW
RegisterClassW
CreateWindowExW
DefWindowProcW
WinHelpW
FindWindowExW
EnumThreadWindows
IsWindowEnabled
SetWindowLongW
GetDlgItem
RegisterClipboardFormatW
wsprintfW
GetSystemMetrics
LoadCursorW
SetCursor
GetParent
GetDlgItemTextW
SendMessageW
LoadBitmapW
LoadImageW
LoadIconW
GetSysColor
MessageBoxW
SetForegroundWindow
DestroyIcon
GetWindowTextW
CheckDlgButton
SetWindowTextW
GetWindowRect
GetClassNameW

gdi32

CreateFontIndirectW
GetMapMode
SetMapMode
GetTextMetricsW
DeleteObject
GetObjectW

ole32

CoUninitialize
IIDFromString
CoInitialize
CreateStreamOnHGlobal
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance
CoGetInterfaceAndReleaseStream

rpcrt4

CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
NdrDllGetClassObject
CStdStubBuffer_QueryInterface
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrCStdStubBuffer_Release
CStdStubBuffer_AddRef
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs

shlwapi

PathCombineW
wnsprintfW
PathRemoveBlanksW

shell32

ShellExecuteW
CommandLineToArgvW

ntdsapi

DsFreeSchemaGuidMapW
DsCrackNamesW
DsMapSchemaGuidsW
DsFreeNameResultW
DsBindW
DsUnBindW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

activeds

ord9
ord20
ord15

mpr

WNetGetUniversalNameW

Sections

.text
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 210KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e49d5d02ca49412a94ba5e7dda0e16b

Headers

File Characteristics

Imports

msvcrt

msvcp60

advapi32

kernel32

user32

gdi32

ole32

rpcrt4

shlwapi

shell32

ntdsapi

version

activeds

mpr

Sections

.text Size: 9KB - Virtual size: 12KB

.rdata Size: 210KB - Virtual size: 212KB

.data Size: 2KB - Virtual size: 304KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 9KB - Virtual size: 12KB

.rdata
Size: 210KB - Virtual size: 212KB

.data
Size: 2KB - Virtual size: 304KB

.rsrc
Size: 16KB - Virtual size: 16KB