cc52b0f4683f5ca69b9facbe535cbe9cd7d4e080d623dfd6c8f992405aee5fac

Sharing

Copy URL Twitter E-mail

General

Target

cc52b0f4683f5ca69b9facbe535cbe9cd7d4e080d623dfd6c8f992405aee5fac
Size

9.1MB
MD5

a1edee6278f6cc704b3e3ff853091b9a
SHA1

6765f28e7fd2c507a2fef9dd5b6f3bfc6cfe0acf
SHA256

cc52b0f4683f5ca69b9facbe535cbe9cd7d4e080d623dfd6c8f992405aee5fac
SHA512

6ae57e3d535168f47631099be39eb061efa98c27a94b073ea28b504a918272c167f238878dd09fb1c7d52ed813510b3edb9c8c4b6136a9d8e0bfee760dcd9ed7
SSDEEP

3072:j6F/qs1fF440DrTTvj+zKAEQ324zxOvdS4ss5WCDtqIcV9dAcfB0:j61f1d4rrTbYKAEQ32KSSBQD4IcV9RB

Score

N/A

Malware Config

Signatures

Files

cc52b0f4683f5ca69b9facbe535cbe9cd7d4e080d623dfd6c8f992405aee5fac
.exe windows x86

386923ba4c9757b95867fe9684093f3b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocalTime
MoveFileA
ExitProcess
CreateProcessA
SetFilePointer
ReadFile
GetModuleHandleA
WriteFile
RemoveDirectoryA
LocalAlloc
LocalFree
GetDriveTypeA
CreateDirectoryA
GetVersionExA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
Sleep
GetStartupInfoA
SetErrorMode
ReleaseMutex
GlobalUnlock
GlobalFree
GetProcAddress
CancelIo
SetEvent
lstrcpyA
ResetEvent
CreateEventA
VirtualAlloc
VirtualFree
CloseHandle
LoadLibraryA

user32

GetForegroundWindow
GetAsyncKeyState
GetKeyState
SetCapture
GetWindowTextA
CharNextA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetSystemMetrics
LoadCursorA
ReleaseDC
GetMessageA
SetCursorPos
TranslateMessage
DispatchMessageA
IsWindow
WindowFromPoint
SendMessageA
CloseWindow
CreateWindowExA
PostMessageA
OpenDesktopA
GetThreadDesktop
CloseDesktop
IsWindowVisible
GetWindowThreadProcessId
ExitWindowsEx
GetCursorPos
SetRect

gdi32

DeleteDC
CreateDIBSection
SelectObject
BitBlt
CreateCompatibleBitmap
GetDIBits
DeleteObject

advapi32

RegQueryValueA
RegCloseKey
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
LookupAccountSidA
GetTokenInformation

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

msvcrt

__getmainargs
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
strncat
_errno
atoi
strncmp
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
memmove
ceil
_ftol
strstr
strchr
malloc
free
_except_handler3
strrchr
rename
_CxxThrowException

winmm

waveInGetNumDevs

ws2_32

accept
listen
sendto
recvfrom
__WSAFDIsSet
gethostname
getsockname
inet_addr
inet_ntoa
getpeername
select
closesocket
recv
socket
gethostbyname
htons
connect
setsockopt
WSACleanup
WSAStartup
send
bind
ntohs

msvcp60

?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvfw32

ICSeqCompressFrameEnd
ICSendMessage

psapi

EnumProcessModules

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ujyhkuy
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

386923ba4c9757b95867fe9684093f3b

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcrt

winmm

ws2_32

msvcp60

msvfw32

psapi

wtsapi32

Sections

.text Size: 88KB - Virtual size: 87KB

.ujyhkuy Size: 12KB - Virtual size: 9KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 24KB - Virtual size: 22KB

.text
Size: 88KB - Virtual size: 87KB

.ujyhkuy
Size: 12KB - Virtual size: 9KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 24KB - Virtual size: 22KB