eb44e0963a3e80ba6c17cfaa06c097b50e7ac58952251a862c3911dc76ae2e5d

Sharing

Copy URL Twitter E-mail

General

Target

eb44e0963a3e80ba6c17cfaa06c097b50e7ac58952251a862c3911dc76ae2e5d
Size

49KB
MD5

4c1356c0c3a894bffc1c5486f30a5170
SHA1

90d9d40384be73540eee3e63d54ebc7156c57f13
SHA256

eb44e0963a3e80ba6c17cfaa06c097b50e7ac58952251a862c3911dc76ae2e5d
SHA512

05ef6de3edf9d2fa2a9092af487c1b6a446a4e24c536ac837de80a50273032f28dda9fcacbca81b0993178acfec3cf582644617ce297e2b17533e642559ac41b
SSDEEP

768:RiqlZU5aZt4JFcZvmH22dVl5soksfKPRj3qXQ12z3fY7SJ7LWQbCm:TlZTZt0Fc1ud2okR12zgeJ7aECm

Score

N/A

Malware Config

Signatures

Files

eb44e0963a3e80ba6c17cfaa06c097b50e7ac58952251a862c3911dc76ae2e5d
.exe windows x86

bc5e2e1705c54234b539d27e843aa458

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetCurrentProcessId
GetLocalTime
GetTempPathA
Module32NextW
GetLongPathNameA
Module32FirstW
CreateToolhelp32Snapshot
GetLastError
lstrcatA
lstrcpyA
VirtualQuery
FindFirstFileA
GetCommandLineA
CreateEventW
GetCurrentProcess
CreateMutexW
OpenProcess
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrlenW
WaitForSingleObject
GetVersionExW
GetEnvironmentVariableW
CreateProcessW
LocalFree
LocalAlloc
GetTempPathW
GetModuleHandleW
GetStartupInfoW
CloseHandle
OutputDebugStringA
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentVariableA
GetPrivateProfileStringA
CreateProcessA
TerminateProcess
SetUnhandledExceptionFilter
FreeLibrary
LoadLibraryW
GetProcAddress
GetCommandLineW
GetCurrentThread
GetCurrentThreadId
CreateFileA
GetFileSize
CreateFileMappingW
MapViewOfFile
IsBadReadPtr
ReleaseMutex
lstrcmpiW

user32

GetDesktopWindow
wsprintfW
GetWindowThreadProcessId
GetShellWindow

advapi32

SetTokenInformation
ImpersonateSelf
LookupPrivilegeValueW
AdjustTokenPrivileges
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetLengthSid
ConvertStringSidToSidW
SetThreadToken

shell32

CommandLineToArgvW
SHGetFolderPathW
SHGetFolderPathA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoCreateGuid
StringFromCLSID

msvcp60

_Getcvt
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?_Id_cnt@id@locale@std@@0HA
??_7codecvt_base@std@@6B@
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0_Locinfo@std@@QAE@PBD@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?do_length@?$codecvt@GDH@std@@MBEHAAHPBG1I@Z
?do_out@?$codecvt@GDH@std@@MBEHAAHPBG1AAPBGPAD3AAPAD@Z
?do_in@?$codecvt@GDH@std@@MBEHAAHPBD1AAPBDPAG3AAPAG@Z
?do_encoding@?$codecvt@GDH@std@@MBEHXZ
?do_max_length@?$codecvt@GDH@std@@MBEHXZ
?do_always_noconv@?$codecvt@GDH@std@@MBE_NXZ
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??1locale@std@@QAE@XZ
??0locale@std@@QAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??0bad_cast@std@@QAE@PBD@Z
??0?$codecvt@GDH@std@@QAE@I@Z
?_Iscloc@locale@std@@QBE_NXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@GDH@std@@2V0locale@2@A
?_Global@_Locimp@locale@std@@0PAV123@A
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??_7facet@locale@std@@6B@
??_7?$codecvt@GDH@std@@6B@
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??_7bad_cast@std@@6B@
??1_Locinfo@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z

msvcrt

_wcsicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
wcslen
_snprintf
??2@YAPAXI@Z
fclose
fflush
sprintf
_except_handler3
vfprintf
??0exception@@QAE@ABV0@@Z
fopen
toupper
_CxxThrowException
strncpy
__p___wargv
__p___argc
??0exception@@QAE@ABQBD@Z
free
_wcsdup
_exit
wcscpy
wcschr
__dllonexit
_onexit
??1type_info@@UAE@XZ

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathRemoveFileSpecW
PathRemoveFileSpecA
PathAppendW
PathAppendA
PathFindFileNameA
PathStripPathW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc5e2e1705c54234b539d27e843aa458

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp60

msvcrt

version

shlwapi

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 12KB - Virtual size: 8KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 12KB - Virtual size: 8KB