6bf4d50332a0440e8e9913380a46aa6e82a651a36c534041c8eb3faf1ff44095

Sharing

Copy URL Twitter E-mail

General

Target

6bf4d50332a0440e8e9913380a46aa6e82a651a36c534041c8eb3faf1ff44095
Size

143KB
MD5

c1f08c58b327a4e5f0c0ed52ed685f37
SHA1

9452ee0fef260fd2c72028d556dd16f2d2dffea5
SHA256

6bf4d50332a0440e8e9913380a46aa6e82a651a36c534041c8eb3faf1ff44095
SHA512

064441c3da122be63550bbf8047bd1f4c03a6b5956ddc184ddae6ef11d9da90f4e2fde5c743b26554050cc9e93feba1ecc2cf881eca6bba7a874f7643f9fdc8e
SSDEEP

3072:mlcUm9HNoa0RxFXJCnaCab83a0mJDQbwCx8AA8FrkDLa:mmn9ronZCnaCbK0GMvhAs

Score

N/A

Malware Config

Signatures

Files

6bf4d50332a0440e8e9913380a46aa6e82a651a36c534041c8eb3faf1ff44095
.exe windows x86

292b89288f30bf07ca890c07246bcd5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetFileAttributesA
DeleteFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
InterlockedIncrement
CreateEventA
GetWindowsDirectoryA
CreateFileA
ReadFile
MoveFileExA
SetFileAttributesA
GetTickCount
lstrlenA
CreateProcessA
CloseHandle
GetTempPathA
GetCurrentProcess
GetProcAddress
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
GetModuleHandleA
SetUnhandledExceptionFilter
GetCommandLineA
InterlockedDecrement
EnterCriticalSection
GetStartupInfoA
VirtualProtect
SetLastError
CreateFileW
LoadLibraryW
DeviceIoControl
ExpandEnvironmentStringsA
GetFullPathNameA
GetLongPathNameW
lstrlenW
GetLongPathNameA
CopyFileA
OutputDebugStringA
DebugBreak
WaitForSingleObject
FlushInstructionCache
SetEvent
CreateDirectoryA
GetVolumeInformationA
Module32First
Module32Next
GetLogicalDrives
GetDriveTypeA
GetFileAttributesExA
GetCurrentThreadId
LeaveCriticalSection
TerminateProcess
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
OpenProcess
RemoveDirectoryA
WideCharToMultiByte
FindNextFileA
MoveFileA
GetShortPathNameA
GetTempFileNameA
FindFirstFileA
FindClose
GetEnvironmentVariableA
ReadProcessMemory
lstrcmpiA
GetSystemDirectoryA
SetFilePointer
GetFileSize
GetLastError
LocalFree
LocalAlloc
SearchPathW
Sleep
Process32Next
Process32First
CreateToolhelp32Snapshot
DuplicateHandle
GetCurrentProcessId
GetVersionExA
MultiByteToWideChar
LoadLibraryExW

user32

CreateDialogParamA
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
ShowWindow
PeekMessageA
CharNextA
wvsprintfA
EndDialog
GetWindowTextLengthA
DialogBoxParamA
PostMessageA
BeginPaint
ScreenToClient
DrawTextA
EndPaint
PostQuitMessage
GetWindowLongA
GetWindowThreadProcessId
FindWindowA
FindWindowExA
GetParent
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
LoadImageA
SendMessageA
SetWindowTextA
GetDlgItem
EnableWindow
SetDlgItemTextA
LoadStringA
IsDialogMessageA
SetWindowLongA
DefWindowProcA
DestroyWindow
GetActiveWindow

gdi32

SelectObject
SetBkMode
SetTextColor
GetStockObject

shell32

SHGetSpecialFolderPathA
SHGetFolderPathA
CommandLineToArgvW
ShellExecuteA

ole32

CoUninitialize
CoInitialize

comctl32

InitCommonControlsEx

msvcrt

_stricmp
_mbsnbcpy
malloc
memcpy
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
sscanf
_mbschr
_mbscmp
_CxxThrowException
_mbsicmp
_mbsnbicmp
_mbslwr
_mbstok
_mbsnbcmp
_strlwr
fputs
strrchr
_except_handler3
_vsnprintf
fopen
rewind
fgets
_strnicmp
fseek
fprintf
fclose
_osver
_snprintf
atoi
_ismbcdigit
wcslen
_beginthread
_purecall
_mbsrchr
sprintf
??2@YAPAXI@Z
memmove
realloc
_mbsstr
??3@YAXPAX@Z
free
__CxxFrameHandler
strstr

shlwapi

wnsprintfA
StrChrW
StrStrIW
SHSetValueA
StrCmpNIA
PathAppendA
PathIsDirectoryA
SHGetValueA
SHDeleteValueA
SHDeleteKeyA
StrStrIA
PathCombineA
PathFileExistsA

urlmon

URLDownloadToFileA

psapi

GetModuleInformation

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

advapi32

RegEnumKeyExA
GetUserNameA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
ControlService
ChangeServiceConfigA
OpenServiceA
OpenSCManagerA
RegEnumValueA
RegQueryValueExA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
RegDeleteValueA
GetExplicitEntriesFromAclA
RegCreateKeyExA
RegEnumKeyA
DeleteAce

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WYCao
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

292b89288f30bf07ca890c07246bcd5a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

comctl32

msvcrt

shlwapi

urlmon

psapi

version

advapi32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 16KB - Virtual size: 17KB

.WYCao Size: 32KB - Virtual size: 32KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 16KB - Virtual size: 17KB

.WYCao
Size: 32KB - Virtual size: 32KB