b7dd80bb54415aa2e8ff7d585f54cf1bc95267422cc907d20325380e628a7e52

Sharing

Copy URL Twitter E-mail

General

Target

b7dd80bb54415aa2e8ff7d585f54cf1bc95267422cc907d20325380e628a7e52
Size

41KB
MD5

c23bdf2000d224a2709fee86ed097c8c
SHA1

4b953765b3808de1418bec87003efd95c7c65469
SHA256

b7dd80bb54415aa2e8ff7d585f54cf1bc95267422cc907d20325380e628a7e52
SHA512

64903dc5961e84c664006a93622a0dd43f1a337894ecdf45faef4d227c194eb40e11f65a24bc36130af764be166200c640986128f90c453ae751cc500e85f558
SSDEEP

768:pql7X5bebMDnFxIWcawwk9ZHIuenVZUlBo/FcGsADzQVAA:pqd5ybMD/luwkXouufU2F3sA37A

Score

N/A

Malware Config

Signatures

Files

b7dd80bb54415aa2e8ff7d585f54cf1bc95267422cc907d20325380e628a7e52
.exe windows x86

aacb517205c7844f6c9a680ca140de37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fprintf
_wstati64
_wpgmptr
_Strftime
exit
_findfirsti64
ctime
??0bad_typeid@@QAE@PBD@Z
_execvp
__crtGetStringTypeW
_ungetch
islower
_CxxThrowException
_wfopen
_wsystem
_wmktemp
??_Eexception@@UAEPAXI@Z
_adj_fdivr_m16i
_chsize
localeconv
_lsearch
wcstol
ldexp
__DestructExceptionObject
___unguarded_readlc_active_add_func
_putch
ungetwc
_wfindnext
_setmbcp
_ismbbpunct
__uncaught_exception
_hypot
fputs
labs
log10
iswascii
_EH_prolog
__getmainargs
ldiv
_fpreset
mktime
_safe_fprem
_unlock
_wgetcwd
___setlc_active_func
__set_app_type
_ungetwch
_write
_isatty
_mbsnextc
_mbsnicmp
__p__commode
_XcptFilter
_ismbstrail
_isctype
_vscprintf
swprintf
_snwprintf
__p__tzname
_cwait
??0exception@@QAE@XZ
_ltow
_fileno
_safe_fdivr
_mbsdec

kernel32

ExpungeConsoleCommandHistoryW
GetNumaNodeProcessorMask
EnumResourceTypesW
IsValidLanguageGroup
VirtualAlloc
ResetWriteWatch
VerifyConsoleIoHandle
OutputDebugStringW
GetWindowsDirectoryW
GetACP
HeapUnlock
SetCurrentDirectoryW
GetCurrentDirectoryW
EnumerateLocalComputerNamesA
IsProcessInJob
GetShortPathNameA
GetModuleHandleA
AddLocalAlternateComputerNameA
GetDateFormatW
LoadLibraryA
GetConsoleAliasA
ExitProcess
LZOpenFileA
CreateActCtxA
AllocConsole
RtlMoveMemory
GetConsoleAliasesLengthA
FindNextVolumeMountPointW
GetConsoleInputExeNameW
GetConsoleCommandHistoryW
CompareFileTime
GetNumberOfConsoleMouseButtons
RemoveDirectoryW
lstrcmpiA
CancelDeviceWakeupRequest

crtdll

_CIatan2
__isascii
_pgmptr_dll
_CIfmod
ldiv
_mbctype
__doserrno
iscntrl
_mbsinc
_findclose
_cwait
_ecvt
setbuf
_execlp
atof
_ismbbalpha
_isctype
iswspace
wscanf
atan2
strcat
_scalb
_beep
_mbsnbcmp
_winminor_dll
_locking
strchr
_flsbuf
calloc
strlen
_swab
_heapchk
_toupper
_finite

mapistub

FEqualNames@8
BMAPIFindNext
MAPIOpenFormMgr
UNKOBJ_ScSzFromIdsAlloc@20
MAPISaveMail
FPropExists@8
BMAPIGetAddress
MAPILogoff
ScUNCFromLocalPath@12
HrComposeEID@28
FBadPropTag@4
MAPIAllocateBuffer
WrapCompressedRTFStream
OpenIMsgOnIStg@44
MAPIDetails
MAPIUninitialize@0
GetTnefStreamCodepage@12
ScCopyProps@16
ScLocalPathFromUNC@12
PRProviderInit
ScDupPropset@16
FPropCompareProp@12
MAPIAdminProfiles
cmc_logoff
RTFSync@12
MAPIFindNext
WrapCompressedRTFStream@12
FtNegFt@8
MNLS_lstrcpyW@8
SzFindLastCh@8
DeregisterIdleRoutine@4
HrGetOneProp@12
UNKOBJ_FreeRows@8
HrAddColumns@16

hhsetup

?SetMasterCHM@CCollection@@QAEXPBGG@Z
?HandleLocation@CCollection@@AAEKPAVCParseXML@@PAD@Z
?ParseFile@CCollection@@AAEKPBD@Z
?SetVolume@CLocation@@QAEXPBD@Z
?AddChildFolder@CFolder@@QAEKPAV1@@Z
?DeleteFolder@CCollection@@QAEKPAVCFolder@@@Z
?GetCollectionFileNameW@CCollection@@QAEPBGXZ
?AddLocation@CCollection@@QAEPAVCLocation@@PBD000PAK@Z
?GetSampleLocation@CCollection@@QAEPADXZ
?AddTail@CFIFOString@@QAEKPAD@Z
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?GetParent@CFolder@@QAEPAV1@XZ
?AddLocationHistory@CTitle@@QAEKKPBD00PBVCLocation@@00H@Z
?AddCollection@CCollection@@QAEPAVCColList@@XZ
?GetFindMergedCHMS@CCollection@@QAEHXZ
?SetExTitlePtr@CFolder@@QAEXPAVCExTitle@@@Z
?IsDirty@CCollection@@QAEHXZ
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?FirstLocation@CCollection@@QAEPAVCLocation@@XZ
?SetNextLocation@CLocation@@QAEXPAV1@@Z
?FindLocation@CCollection@@QAEPAVCLocation@@PBDPAI@Z
?SetLanguage@CTitle@@QAEXG@Z
?NewLocation@CCollection@@AAEPAVCLocation@@XZ
?SetVersion@CCollection@@QAEXK@Z
?SetFirstChildFolder@CFolder@@QAEXPAV1@@Z
?MergeKeywords@CCollection@@QAEHPAD@Z
?ConfirmTitles@CCollection@@QAEXXZ

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aacb517205c7844f6c9a680ca140de37

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

crtdll

mapistub

hhsetup

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB