c28d7425e4af7b062bfeaa45571525f38562ab727993ab3ceadeba9ff374d9cd

Sharing

Copy URL Twitter E-mail

General

Target

c28d7425e4af7b062bfeaa45571525f38562ab727993ab3ceadeba9ff374d9cd
Size

152KB
MD5

ea495fe7e434ec0e0e2c2e3710703aa3
SHA1

cb8d0ad79ee89a2d97720c3d2d77462c76f0c043
SHA256

c28d7425e4af7b062bfeaa45571525f38562ab727993ab3ceadeba9ff374d9cd
SHA512

5eb20b5b2548703b7765d656653cd466356c6cb3e6aaa9858b9168b4328cf3a56131e837ec5770ba196bb9ac99356232157130a91a965f9807a5d3736ff325f6
SSDEEP

3072:qSd08+n2mSJ6+7tUu+S4LfhDkEOv33EYvKYu+DA62hzndwdINpRJAdfKv:qSdoqUu6Nm/zrJ+nCozJAd

Score

N/A

Malware Config

Signatures

Files

c28d7425e4af7b062bfeaa45571525f38562ab727993ab3ceadeba9ff374d9cd
.exe windows x86

ae985b2ad5ef4e64105baaf953d08774

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

??Xstd@@YAAAV?$complex@M@0@AAV10@ABV10@@Z
??9std@@YA_NABV?$complex@M@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
towctrans
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??4?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@ABV01@@Z
??_D?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAEXXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
?do_falsename@?$numpunct@D@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?length@?$char_traits@G@std@@SAIPBG@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
??_0?$_Complex_base@N@std@@QAEAAV01@ABN@Z
_Denorm
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??_F?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAEXXZ
?infinity@?$numeric_limits@O@std@@SAOXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAG@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?ldexp@?$_Ctr@M@std@@SAMMH@Z
?_Addcats@_Locinfo@std@@QAEAAV12@HPBD@Z
?_Isinf@?$_Ctr@M@std@@SA_NM@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ

gdi32

DdEntry3
FONTOBJ_pvTrueTypeFontFile
GdiEntry3
GetPixelFormat
StretchDIBits
EngCheckAbort
PATHOBJ_bEnum
EngDeletePalette
GetEUDCTimeStamp
RectInRegion
EnumMetaFile
GetBrushAttributes
SelectClipRgn
cGetTTFFromFOT
STROBJ_bGetAdvanceWidths
GetTextExtentPointI
SetPixelV
EngDeleteSurface
SetColorSpace
OffsetRgn
GetBkMode
ScaleWindowExtEx
GdiInitializeLanguagePack
XFORMOBJ_iGetXform
PolyTextOutA
CLIPOBJ_bEnum
CopyEnhMetaFileA
GdiGetDC

msacm32

acmFormatSuggest
acmFormatTagDetailsW
acmFilterChooseA
acmDriverOpen
acmFormatTagDetailsA
acmFormatTagEnumA
acmDriverMessage
acmFormatEnumA
acmFormatChooseW
acmFilterTagDetailsA
acmStreamConvert
acmFilterTagDetailsW
acmStreamMessage
acmFormatEnumW
acmFilterChooseW
acmFormatChooseA
acmDriverPriority
XRegThunkEntry
acmFilterTagEnumA
acmFilterEnumA
acmFilterDetailsA
acmDriverAddA
acmDriverDetailsW
acmMetrics
acmDriverClose
acmFormatDetailsA
acmStreamClose
acmStreamReset
acmDriverDetailsA
acmStreamSize
acmFormatDetailsW
acmFilterDetailsW
acmMessage32
acmStreamUnprepareHeader
acmGetVersion
acmStreamOpen
acmFilterTagEnumW
acmDriverID
acmFormatTagEnumW
acmStreamPrepareHeader
acmDriverEnum
acmFilterEnumW

kernel32

GetComputerNameA
GetProcessShutdownParameters
FindAtomA
SetCommConfig
SetWaitableTimer
VirtualAlloc
ReadConsoleOutputCharacterW
CreateRemoteThread
LeaveCriticalSection
GetStringTypeExW
QueryActCtxW
BackupSeek
GetProcAddress
GetProcessHeap
SetConsolePalette
GetCurrentProcessId
DeleteCriticalSection
GetDefaultCommConfigA
CopyFileExW
GetFileAttributesW
CancelDeviceWakeupRequest
GetDiskFreeSpaceExA
ReadConsoleA
WritePrivateProfileStringA
Module32NextW
OpenThread
EnterCriticalSection
DosDateTimeToFileTime
GlobalMemoryStatus
GlobalFindAtomW
CreateSocketHandle
UnlockFileEx
GetConsoleScreenBufferInfo
SearchPathW
GetConsoleAliasesLengthW
GetNumberOfConsoleMouseButtons
GetDefaultCommConfigW
BackupWrite
ReadFileScatter
LoadLibraryA

ntdll

ZwCreateSemaphore
RtlIsGenericTableEmptyAvl
RtlProtectHeap
NtMapUserPhysicalPagesScatter
ZwSaveMergedKeys
NtLoadDriver
RtlCaptureStackContext
NtCreateSection
RtlImageRvaToSection
RtlUpperChar
CsrCaptureMessageBuffer
ZwUnloadDriver
NtUnlockVirtualMemory
RtlCreateSecurityDescriptor
RtlTraceDatabaseValidate
ZwWaitLowEventPair
RtlInterlockedPushEntrySList
ZwCancelIoFile
NtSetHighWaitLowEventPair
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtFlushWriteBuffer
NtQuerySemaphore
RtlCreateUserProcess
PfxInsertPrefix
ZwSetBootEntryOrder
iswdigit
RtlComputeImportTableHash
ZwReadRequestData
ZwEnumerateValueKey
RtlInitCodePageTable
RtlpNtEnumerateSubKey
NtOpenProcess
NtSetInformationFile
ZwQueryValueKey
NtOpenKeyedEvent
RtlDeleteTimer
RtlGetSetBootStatusData
NtReplyWaitReplyPort
ZwStartProfile
NtTestAlert
RtlIdentifierAuthoritySid
RtlInitializeSListHead
NtCreateMailslotFile
ZwQuerySemaphore
NtCloseObjectAuditAlarm
strpbrk
RtlRaiseException
NtTerminateThread
NtQueryTimerResolution
RtlLargeIntegerShiftRight
RtlGetProcessHeaps
ZwCreatePort
NtOpenSymbolicLinkObject
ZwSuspendThread
_memicmp
RtlRemoteCall
ZwOpenMutant
RtlQueryHeapInformation
NtAccessCheckAndAuditAlarm
ZwSecureConnectPort
isspace
RtlCreateUserSecurityObject
RtlSetDaclSecurityDescriptor
NlsMbCodePageTag
ZwSetHighEventPair
LdrGetProcedureAddress
RtlEnumProcessHeaps
NtYieldExecution
RtlAreBitsClear
_allshl
NtOpenTimer
ZwSetSystemEnvironmentValue
ZwDeviceIoControlFile
RtlInterlockedPopEntrySList
NtQueryInformationProcess
RtlFindClearBits
ZwAllocateVirtualMemory
ZwOpenProcessTokenEx
RtlExtendedIntegerMultiply
RtlIsValidIndexHandle
RtlDeleteSecurityObject
RtlAllocateAndInitializeSid
RtlCreateProcessParameters
_itow
RtlDefaultNpAcl
_ui64tow
RtlQueryProcessBackTraceInformation
NtSecureConnectPort
NtDeleteObjectAuditAlarm
_snprintf
RtlLargeIntegerArithmeticShift
NtReleaseKeyedEvent
NtPlugPlayControl
NtQueryPerformanceCounter
ZwQueryObject
RtlCompareMemoryUlong
NtSuspendThread
NtOpenIoCompletion
RtlFindLastBackwardRunClear
NtReplyWaitReceivePortEx
RtlUshortByteSwap
NtCompactKeys
NtSetInformationJobObject
_alldvrm
ZwSetLowWaitHighEventPair
ZwAcceptConnectPort
LdrShutdownThread
ZwModifyBootEntry
RtlWalkFrameChain

msvcrt

exit

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae985b2ad5ef4e64105baaf953d08774

Headers

DLL Characteristics

File Characteristics

Imports

msvcp60

gdi32

msacm32

kernel32

ntdll

msvcrt

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 58KB - Virtual size: 234KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1020B

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 58KB - Virtual size: 234KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1020B