a09b024c6b7ae59ebdf9b075fe333d878e2a6eefce7aefb63190ff1d53e55a46

Sharing

Copy URL Twitter E-mail

General

Target

a09b024c6b7ae59ebdf9b075fe333d878e2a6eefce7aefb63190ff1d53e55a46
Size

452KB
MD5

ef6dea9565b52e8a6e4761fac1d35dbf
SHA1

3a7ee33072125aae743d5a5fe6b58d9439f34a93
SHA256

a09b024c6b7ae59ebdf9b075fe333d878e2a6eefce7aefb63190ff1d53e55a46
SHA512

a7d9b5ae1afb940017fa42403bd637e15ec4d822ed5b720d3502be18648815df49f56f1d6fdcfbbc9240d402d5c08680b4eb78acf51d841a40ff57aa088073ee
SSDEEP

12288:LEKxnuGboLyAlHhD8LRgd0AY/X5Jyd2EylgN2LyOHvnH0WLnVCI40:oQ2oRgd0lX58P8RnVCw

Score

N/A

Malware Config

Signatures

Files

a09b024c6b7ae59ebdf9b075fe333d878e2a6eefce7aefb63190ff1d53e55a46
.exe windows x86

f6d94416e6ca81706cc12f1d44829699

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

__set_app_type
_XcptFilter
__wgetmainargs
_configthreadlocale
__p__commode
__p__fmode
__FrameUnwindFilter
_time64
sprintf
memmove
strncmp
wcsncmp
??2@YAPAXI@Z
??3@YAXPAX@Z
strchr
atoi
_strtoui64
??_U@YAPAXI@Z
_strupr
strrchr
_gmtime32_s
_wcsupr
wcstombs
??_V@YAXPAX@Z
strncpy
strstr
memmove_s
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??9type_info@@QBE_NABV0@@Z
??8type_info@@QBE_NABV0@@Z
?what@exception@std@@UBEPBDXZ
_purecall
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_amsg_exit
_cexit
__CxxUnregisterExceptionObject
__CxxQueryExceptionSize
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
_CxxThrowException
free
malloc
__CxxFrameHandler3
memcpy
_crt_debugger_hook
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
memset
_encode_pointer

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
GetLastError
lstrlenW
MultiByteToWideChar
Sleep
GetModuleHandleA
UnmapViewOfFile
CloseHandle
VirtualProtect
InterlockedIncrement
InterlockedDecrement
GetCurrentProcessId
CreateMutexA
WaitForSingleObject
ReleaseMutex
lstrlenA
VirtualQuery
GetProcAddress
VirtualAlloc
CreateEventA
ExitProcess
SetEvent
GetExitCodeThread
TerminateThread
CreateThread
VirtualFree
GetModuleFileNameA
GetSystemTime
SystemTimeToFileTime
GetCommandLineW
LocalFree
GlobalAlloc
CreateFileA
DeviceIoControl
CreateFileW
GlobalFree
LoadLibraryA
TlsAlloc
TlsSetValue
TlsGetValue
TlsFree
FreeLibrary
MapViewOfFile
CreateFileMappingA
GetSystemInfo
GetWindowsDirectoryA
GetVolumeInformationA
InterlockedExchange
WideCharToMultiByte

advapi32

CryptAcquireContextA
GetNumberOfEventLogRecords
CryptGenRandom
OpenEventLogA
CloseEventLog
ReadEventLogA

oleaut32

GetErrorInfo
SystemTimeToVariantTime
SysAllocString
SysFreeString
VariantInit
VariantClear
VariantChangeType
SetErrorInfo
CreateErrorInfo

msvcm80

?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
__setusermatherr_m
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z

mscoree

GetCORVersion
_CorExeMain

msvcp80

?set_new_handler@std@@YAP6AXXZP6AXXZ@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ

iphlpapi

GetAdaptersInfo

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemAlloc
CoSetProxyBlanket

shell32

CommandLineToArgvW

setupapi

SetupDiEnumDeviceInfo
SetupDiClassNameFromGuidA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces

rpcrt4

UuidCreate

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.7rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6d94416e6ca81706cc12f1d44829699

Headers

File Characteristics

Imports

msvcr80

kernel32

advapi32

oleaut32

msvcm80

mscoree

msvcp80

iphlpapi

ole32

shell32

setupapi

rpcrt4

Sections

.text Size: 232KB - Virtual size: 231KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 48KB - Virtual size: 44KB

.reloc Size: 8KB - Virtual size: 7KB

.7rdata Size: 68KB - Virtual size: 68KB

.text
Size: 232KB - Virtual size: 231KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 48KB - Virtual size: 44KB

.reloc
Size: 8KB - Virtual size: 7KB

.7rdata
Size: 68KB - Virtual size: 68KB