f2955a0350573f6852b017191a9d105512784e691783f40232714bd100db6ee8

Sharing

Copy URL

Twitter E-mail

General

Target

f2955a0350573f6852b017191a9d105512784e691783f40232714bd100db6ee8
Size

331KB
MD5

38c06d541c7de5ffc9c6c1db8c71ea86
SHA1

c8a05e1f3b5c1c9fb4b477e1e732d047353c4339
SHA256

f2955a0350573f6852b017191a9d105512784e691783f40232714bd100db6ee8
SHA512

6b845868e6c582a9a0327e1fda4392c7ca32a83091ccb76dd89be070994f1119e50242e59cacb3b74971c18b1aac068cb4a00e8b4db7fc7b0bf20a318a328896
SSDEEP

6144:3NGTiM+aNxYlUspSamoXPl9s9t9lSCb1iHO4fuJaIQYlqd4zGYZ:3N+N6U4Sam19tULma8lLLZ

Score

N/A

Malware Config

Signatures

Files

f2955a0350573f6852b017191a9d105512784e691783f40232714bd100db6ee8
.exe windows x86

b14a04d351d46c8f733ea8d8b5c18cc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTimeFormatW
GetCurrentProcess
OpenProcess
GetStartupInfoW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
lstrcpynW
lstrlenW
MoveFileW
CreateSemaphoreW
SetFileAttributesW
ReleaseSemaphore
CopyFileW
ConnectNamedPipe
GetModuleHandleW
CreateNamedPipeW
GetVersionExW
GetOverlappedResult
SetLastError
QueryPerformanceFrequency
DeviceIoControl
GetTickCount
QueryPerformanceCounter
GetExitCodeProcess
WaitForMultipleObjects
GetDateFormatW
GetComputerNameW
SetErrorMode
DeleteFileW
GetCurrentThreadId
GetPrivateProfileIntW
IsBadReadPtr
GetSystemTimeAsFileTime
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
QueryDosDeviceW
RemoveDirectoryW
EnterCriticalSection
GetTempPathW
WritePrivateProfileStringW
ReadFile
LeaveCriticalSection
InitializeCriticalSection
WriteFile
GetPrivateProfileStringW
SetEndOfFile
SetFilePointer
CreateMutexW
GetFileSize
GetCurrentProcessId
InterlockedExchangeAdd
GetLocalTime
InterlockedCompareExchange
OpenEventW
LocalAlloc
Sleep
GetProcAddress
GetModuleFileNameW
LoadLibraryW
FreeLibrary
FindNextFileW
ResetEvent
FindClose
CreateFileW
CreateDirectoryW
ExpandEnvironmentStringsA
lstrlenA
MultiByteToWideChar
GetExitCodeThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedExchange
LoadLibraryA
GetFileAttributesW
LoadLibraryExW
VerSetConditionMask
VerifyVersionInfoW
FindFirstFileW
LocalFree
FormatMessageW
CloseHandle
CreateEventW
GetLastError
SetEvent
WaitForSingleObject
GetWindowsDirectoryW
CreateProcessW

user32

CharUpperW
OemToCharBuffW
GetForegroundWindow
LoadStringW
wsprintfW

advapi32

RegSetValueExW
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
GetSecurityDescriptorDacl
AdjustTokenPrivileges
BuildExplicitAccessWithNameW
FreeSid
SetEntriesInAclW
SetSecurityInfo
AllocateAndInitializeSid
DuplicateTokenEx
GetSecurityInfo
LookupPrivilegeValueW
SetTokenInformation
CreateProcessAsUserW
EqualSid
GetTokenInformation
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
LookupAccountSidW
ReportEventW
RegisterServiceCtrlHandlerW
SetServiceStatus
DeregisterEventSource
StartServiceCtrlDispatcherW
RegisterEventSourceW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExA

msvcr90

strnlen
_vsnwprintf_s
_filelength
_read
_lseek
_wsopen
strtoul
realloc
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
strncpy_s
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
strtok_s
_wcsdup
atoi
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
memmove_s
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
__CxxFrameHandler3
_wsplitpath_s
wcscpy
iswalnum
iswspace
vswprintf_s
_wfopen_s
wcscat_s
swscanf_s
wcsncpy_s
wcsncat_s
wcscmp
wcslen
_errno
memcpy
_swprintf
memset
srand
rand
_endthread
_close
fclose
_time64
?_wsopen@@YAHPB_WHHH@Z
_wfopen
wcscpy_s
_configthreadlocale
toupper
_beginthread
swprintf_s
wcstok
towupper
wcstombs
wcsncmp
_wcsupr
_wcsnicmp
calloc
memmove
swscanf
mbstowcs
strncat
exit
strncpy
_vswprintf
strchr
strncmp
_waccess
_wsplitpath
_snwprintf
_wcsicmp
_vsnwprintf
wcsstr
wcsrchr
_beginthreadex
wcsncat
wcsncpy
malloc
free
_wtoi
wcschr
_strupr
_strnicmp
fgetwc
_purecall
abort

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??_7ios_base@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@_W@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_WH@Z
?seekpos@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE?AV?$fpos@H@2@JHH@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHPB_WH@Z
?_Xsgetn_s@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHPA_WIH@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHPA_WH@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?underflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?pbackfail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGG@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

libdb44

??0Db@@QAE@PAVDbEnv@@I@Z
??1Dbt@@QAE@XZ
??0Dbt@@QAE@XZ
??0Dbt@@QAE@PAXI@Z
??1Db@@UAE@XZ

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shell32

ShellExecuteW

ole32

OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysFreeString
GetErrorInfo
SysAllocString

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.drdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b14a04d351d46c8f733ea8d8b5c18cc9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcr90

msvcp90

libdb44

version

shell32

ole32

oleaut32

Sections

.text Size: 190KB - Virtual size: 189KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 16KB - Virtual size: 16KB

.drdata Size: 68KB - Virtual size: 68KB

.text
Size: 190KB - Virtual size: 189KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 16KB - Virtual size: 16KB

.drdata
Size: 68KB - Virtual size: 68KB