fc5e41b29379b3838fcdcc1d12d01aee3cbbb24f77c43c6a7982dd9b9f52f6d8

Sharing

Copy URL Twitter E-mail

General

Target

fc5e41b29379b3838fcdcc1d12d01aee3cbbb24f77c43c6a7982dd9b9f52f6d8
Size

152KB
MD5

6867a0d1a67be4a2d1667909854b8866
SHA1

a9c60cf39d94d750bd20ebfbfba8b7d90c232029
SHA256

fc5e41b29379b3838fcdcc1d12d01aee3cbbb24f77c43c6a7982dd9b9f52f6d8
SHA512

e4f752ad8edf4939fceda3ffe23fb62fb5ea434d11bdde52b51920ab9cf5b8f5d3e575c45deb97535f2ba258b2b25449ad7b6ff29a881abb8cccf1256dea7381
SSDEEP

3072:BEvPMx7ByoTU9sYj4RjepALlL1FpnPIa+JLtUZIqbdYZM5GnG:KMx7AoAaYURJ1TwH/UKqbdYZA

Score

N/A

Malware Config

Signatures

Files

fc5e41b29379b3838fcdcc1d12d01aee3cbbb24f77c43c6a7982dd9b9f52f6d8
.exe windows x86

e85ffe6b6b10ae6563a06347d819a2fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
GlobalUnlock
ReleaseMutex
OpenEventA
GetCurrentProcess
OutputDebugStringA
GetStartupInfoA
GetModuleHandleA
DeleteFileA
ExitProcess
GetLastError
GetModuleFileNameA
SetFilePointer
WriteFile
CreateFileA
RemoveDirectoryA
LocalAlloc
LocalFree
GetVolumeInformationA
MoveFileA
GetDiskFreeSpaceExA
GetDriveTypeA
CreateDirectoryA
GetVersionExA
GetPrivateProfileStringA
lstrcmpA
WideCharToMultiByte
MultiByteToWideChar
GetWindowsDirectoryA
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
GetProcessHeap
HeapAlloc
FreeLibrary
CreateThread
GetLocalTime
GetTickCount
Sleep
InterlockedExchange
SetEvent
CreateEventA
VirtualAlloc
VirtualFree
TerminateThread
CreateProcessA
DeviceIoControl
GetProcAddress
GetVersion
DeleteCriticalSection
CloseHandle
LoadLibraryA
SetErrorMode

user32

GetClipboardData
LoadCursorA
SystemParametersInfoA
SendMessageA
ReleaseDC
GetDC
GetDesktopWindow
SetRect
GetCursorPos
wsprintfA
SetProcessWindowStation
GetProcessWindowStation
GetForegroundWindow
GetAsyncKeyState
GetKeyState
keybd_event
CharNextA
MapVirtualKeyA
SetCapture
ExitWindowsEx
DispatchMessageA
GetWindowTextA
WindowFromPoint
SetCursorPos
SetClipboardData
CloseWindow
IsWindow
PostMessageA
OpenDesktopA
GetUserObjectInformationA
OpenInputDesktop
CloseDesktop
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
TranslateMessage
EmptyClipboard

gdi32

SelectObject
BitBlt
CreateCompatibleDC
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateDIBSection

advapi32

LsaClose
LookupAccountNameA
IsValidSid
LsaFreeMemory
RegQueryValueA
RegOpenKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseEventLog
ClearEventLogA
OpenEventLogA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
LookupAccountSidA
GetTokenInformation
LsaOpenPolicy

shell32

SHGetFileInfoA
ShellExecuteA

msvcrt

_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
atol
strncat
wcscpy
atoi
rename
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException
memmove
ceil
_ftol
strstr
rand
putchar
puts
sprintf
strncpy
strchr
malloc
free
_except_handler3
strrchr

winmm

waveInStop
waveOutWrite
waveInStart
waveInAddBuffer
waveInReset
waveInOpen
waveInGetNumDevs
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInUnprepareHeader
waveInClose
waveOutReset
waveInPrepareHeader
waveOutClose
waveOutUnprepareHeader

ws2_32

gethostbyname
htons
connect
setsockopt
WSACleanup
ntohs
gethostname
getsockname
htonl
closesocket
inet_addr
send
socket
select
sendto
recv

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

msvcp60

?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

netapi32

NetLocalGroupAddMembers
NetUserAdd

urlmon

URLDownloadToFileA

avicap32

capGetDriverDescriptionA

msvfw32

ICSendMessage
ICSeqCompressFrameEnd

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSFreeMemory

Sections

.data
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

%L69r0`Z
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

uOhO? /t
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

svrX@S 1
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 838B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e85ffe6b6b10ae6563a06347d819a2fe

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcrt

winmm

ws2_32

wininet

msvcp60

netapi32

urlmon

avicap32

msvfw32

psapi

wtsapi32

Sections

.data Size: 96KB - Virtual size: 95KB

%L69r0`Z Size: 16KB - Virtual size: 12KB

uOhO? /t Size: 12KB - Virtual size: 14KB

svrX@S 1 Size: 20KB - Virtual size: 20KB

.text Size: 4KB - Virtual size: 838B

.data
Size: 96KB - Virtual size: 95KB

%L69r0`Z
Size: 16KB - Virtual size: 12KB

uOhO? /t
Size: 12KB - Virtual size: 14KB

svrX@S 1
Size: 20KB - Virtual size: 20KB

.text
Size: 4KB - Virtual size: 838B