5b55207921873e9beb9237972a6aeb9a2566979795b7148add391ecbc06d8dd8

Sharing

Copy URL Twitter E-mail

General

Target

5b55207921873e9beb9237972a6aeb9a2566979795b7148add391ecbc06d8dd8
Size

136KB
MD5

b7c84b9916a2a621133870a5e8e8167e
SHA1

a20bbc437a17af1fa1c397a16500f734a553b8e9
SHA256

5b55207921873e9beb9237972a6aeb9a2566979795b7148add391ecbc06d8dd8
SHA512

7fba7fe5e89bde95a5d83a13128fb2618c86d04dacd7fd9294f5dc0e5e53d81ff2c18e219854bc5c0bb8f9ad7a83712b516e78ba1c77af7e3159329cbe43cda4
SSDEEP

3072:AqdkrfvaJ1cslDCJTf/7bXALqdRZh1sXHsollOyQAFjZ:FkDaJdgdHPwLqP1sXHsClO

Score

N/A

Malware Config

Signatures

Files

5b55207921873e9beb9237972a6aeb9a2566979795b7148add391ecbc06d8dd8
.dll windows x86

f4d3f087ee609e2f203b6a392233b86e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

guidtech

GetPrimaryInterface
GetHashInterface

kernel32

DisableThreadLibraryCalls
FlushInstructionCache
GetCurrentProcess
VirtualQuery
GetTickCount
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
FreeLibrary
GetProcAddress
VirtualProtect
CreateThread
Sleep
GetModuleHandleA
GetModuleFileNameA
GetSystemTimeAsFileTime
LoadLibraryA
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetAsyncKeyState
SetRect
MessageBoxA
GetWindowRect
FindWindowA
SetCursorPos
SetForegroundWindow
mouse_event
MessageBoxA

msvcr80

malloc
_CIcos
_CIsin
_CIsqrt
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
sprintf_s
??_U@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
_CIacos
atof
strerror
_snprintf
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
free
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
strncmp
abort
__CxxFrameHandler3
memset
sprintf
_vsnprintf
fopen
fprintf
fclose
_time64
_localtime64
rand
_errno

msvcp80

??0?$_String_val@DV?$allocator@D@std@@@std@@QAE@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ

d3dx9_39

D3DXMatrixLookAtLH
D3DXVec3Project
D3DXCreateFontA

ws2_32

WSACleanup
socket
closesocket
WSAStartup
send
WSAGetLastError
htons
connect
gethostbyname
inet_ntoa
recv

rpcrt4

UuidCreateSequential

Exports

Exports

�Ҝ�6��o+��N�Z�^.P�� }�u5�&\{S�fX�W��=�y� 0ȿ�Kih�� =yQx�N2��~��>��I^��M��i��#��ï��Ӯ �U��O<�~DT�}��[�.:f%�b9Uk}��1��m��♭HM�b�uU8c��bx��i�[�QnF )��B�k/�l<RPq�x��fYŋ� �sy`kMFI<�;n�fy�P��ES��Cw��uJ��K�iո��䣢X'�a{6z�� D;)&�;VVIp�m[$z��c�(�ILO�I�6��A95��0nw%!��*�sfJփ�t��!�>8RSZ�<S��d��`_?ĝX�\�=�N� x^��#9��eIx�b��r�A�6�� "��e9u��]�c L,�� ezYϱVȟw��)9�Ӡ&��1�CK}�(�6�Z��m�K��&�ZQ�³��T��j�s>�ą6ĉ�a�WdI��ć %e��u[$ez�:]n�3�_ �m��0��wJ�� c+6��3&��!�YHwz�+( ��v53^�O��@��Ai�O��5�2�6Z�R�FZ��h �g��"5|�7��7��Xx�'�on�v|��=�,H��.��ZURKL��3�Nm��R-��ď�9/�w�[�|�Ԩ�J�ez��t`?g�I�:� Ӛ�/u�=�o2G��B~ZD7�-��E:��*)|ښ�E�p;�i�c�p<N_�<N��S��--�%䡷�.8QAp(�(y��>qK�A�x��Pq��SdW�X��,�7�{�q��E.��0��~ͯ-"0-��1I�TN�#�'ĸaN͸�*��0HGo��x�+��~�#T+O("?�w�f��tK��3SQt ��/@��K!�e��so�A <_��eƆ�g��do��UJ]�+��(�g5�(�}2?0 "Y��z��'��/v�if]��$�K]x��u��(��|��c-z�m��]��՜�+�b�F��?P�s+9(��w̚�?\��w�"VZr2`t Ӎ��1 ��5��m��<�2��F<(E�5��Ά��t��ׯ^��VX�ԡ�P &W`�R�q��P@��>�f�g=�OE֡Bh��1�Y�+��iUU��+��.E��LZ��V�6l��M�!<�GU�T~n��r��f�� çQ�~��\�R}q��Ã�N!��4��k'{*��5#ҫ$�9��O��ctS��L��N��-��B��E�C�6�W�jP�:�u7��P�C?��$5��+3�-�H�c��\��J�W0Z�{�X{o��5�Bl��z�98��u�)��Y��V��R��9�'Du�Ϛ[�u�-we��+��+��l��0e[�ML-��7&��<~��_��Ll��u�K��_3��9��K��Wb��VXN��a�@%R ��8�Y��.��>ڦ�H�v�"`ho��Ð��S ��MK��ᢜ��|�/f뀈��Շ<��v�`��@��i�<.��*�.�4^�CMj�1e��#�9��=w��tY��p�WqVˀ�HF:��Y��c��{�G��C�Oj*P��f��xQ�5��H_��u�55�)�=�hP��y%��Bs��?U��n�O�4;�.�ٌZ��eh�O��O'ͷ^�Kz��w^c�7� /d�H@ML�m��z�Q�ׯ!;��դ\[.v}�j�u;��Y��CD^�� *��u�~ȭd�7�=�/��$̰�aW��E��ByQ��[��v��r�|4Œ�چ�$�� > /�Ԭ�V^m�/��lW6F�R�+�w�L�)M R�� CFE�e��S��1��ho/�X@u��h,q�&c8��ǎ,МwFN *�d@!nqH�B��%�~U�w��ϒ<��`6�>��43ATt�6��&%��̀��]�J��K玡��R��8��_�ܧ~^K&�� đң�Hh;f �l|g�|d ��3�Dcs��S?84(`�u�>xR��3�9.x~g/�G��Z��I�uG�0�ZK]�]�k-@%��H<Y��j�)��B��u/k�_��'��fv�4��j�n��=dx��=�jM�$��E�4h��O��9y/�-n�#�vo�� p^�� f!_0ē��Db��]lqe�gDE�a��Ϣď�&G�Zb�F��n5@��+�Q�)hL{FF��U��F�<��B��h'ӂ��nB��4��?a ��~!�$�Q6��z��H:D^1�PC�5��y��Lu��F�ξ��g��\8�Y&��H�>��4��+��G�� ^��]:��1B˒DJ��2�~��{򒶾�T�O�v��0r!o�"��Y�XM\�Ĥ�u7��\��1��=R�)�E5> 5��e�G��f�Hx�ĩ�,�� ;��JMPE�V��Ob��icN#ϲ=�qd��[��SA��؍rdIYb0:�3�{��@k2v��0�3/��9Z=�sOB�4/T ��ۛ�'��@'�]�ǎ� �1��)��9��KO��ջ~"w��h\�F��b��_��lgr}��\L fw�7�A��a)�"R�ݕy/F��x�Al<�@��'�1�]O��y��y��*��{�H >�䰨��$i��`�Pի~"��s�$xuI�_��tk"qm6�k�31}N�z&7��$ΘP͟<m��%�k��Z"�x:�F�Ǜ(9�6�<r7�/{5Kj8�Ӳ��{c��9jN�ERȍ�|(4��%d��O��I

Sections

.text
Size: - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jin0
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jin1
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jin2
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4d3f087ee609e2f203b6a392233b86e

Headers

File Characteristics

Imports

guidtech

kernel32

user32

msvcr80

msvcp80

d3dx9_39

ws2_32

rpcrt4

Exports

Exports

Sections

.text Size: - Virtual size: 91KB

.rdata Size: - Virtual size: 18KB

.data Size: - Virtual size: 111KB

.rsrc Size: 4KB - Virtual size: 428B

.vmp0 Size: - Virtual size: 12KB

.jin0 Size: - Virtual size: 9KB

.jin1 Size: - Virtual size: 13KB

.tls Size: 4KB - Virtual size: 24B

.jin2 Size: 120KB - Virtual size: 116KB

.reloc Size: 4KB - Virtual size: 200B

.text
Size: - Virtual size: 91KB

.rdata
Size: - Virtual size: 18KB

.data
Size: - Virtual size: 111KB

.rsrc
Size: 4KB - Virtual size: 428B

.vmp0
Size: - Virtual size: 12KB

.jin0
Size: - Virtual size: 9KB

.jin1
Size: - Virtual size: 13KB

.tls
Size: 4KB - Virtual size: 24B

.jin2
Size: 120KB - Virtual size: 116KB

.reloc
Size: 4KB - Virtual size: 200B