c6d24607e229cce5b20ea98479b70cbec2384bf855e5944a87f8d73b4357e3d9

Sharing

Copy URL Twitter E-mail

General

Target

c6d24607e229cce5b20ea98479b70cbec2384bf855e5944a87f8d73b4357e3d9
Size

608KB
MD5

69be443683b4ab660e74159765067602
SHA1

2f1b21d1619448c07e84c7441b24d58f27f3bfb7
SHA256

c6d24607e229cce5b20ea98479b70cbec2384bf855e5944a87f8d73b4357e3d9
SHA512

a531b8797735a76809dca1beb0ca2a9fda1f716c7dbbc3ca6a56497952aeb3a8d2342fa81c9a3a46f770d31cef12ba28a4e449ab5259f2cf75b6407affd75023
SSDEEP

6144:7fko3dyPLqSRDdAZAN6tkhs0KtPw3Z7onQrtqMfzXJsiDZPO9TxOyVLBK3q6gyD:XgzqS3pawhKyGSqMrLZW8yVQPgy

Score

N/A

Malware Config

Signatures

Files

c6d24607e229cce5b20ea98479b70cbec2384bf855e5944a87f8d73b4357e3d9
.exe windows x86

71becbe6e87c0a466260f8f376b787f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohl
htons
htonl

shlwapi

PathParseIconLocationW
PathAppendW
PathIsRelativeW
PathRemoveFileSpecW
SHGetValueW
PathCombineW

msvcrt

__set_app_type
__p__fmode
_except_handler3
__dllonexit
??1type_info@@UAE@XZ
__setusermatherr
_initterm
__wgetmainargs
_onexit
_controlfp
_adjust_fdiv
__p__commode
__p___argc
sprintf
_wsplitpath
__CxxFrameHandler
??3@YAXPAX@Z
wcscmp
??2@YAPAXI@Z
swscanf
rand
srand
_vsnwprintf
_purecall
wcslen
__p___wargv
wcstok
_snwprintf
memmove
_exit
_XcptFilter
time
atof
_wcsicmp
free
realloc
wcstol
_wtoi
wcscpy
wcsncat
wcsncpy
malloc
wcsstr
wcscat
_wcmdln
exit

mfc42u

ord3076
ord2980
ord3825
ord3257
ord3131
ord2971
ord3074
ord3826
ord4621
ord4419
ord3592
ord641
ord3820
ord4075
ord1165
ord860
ord861
ord858
ord800
ord324
ord2294
ord2293
ord2362
ord4229
ord6330
ord1761
ord4704
ord2371
ord1143
ord540
ord4847
ord4370
ord6195
ord4155
ord6193
ord3087
ord2820
ord535
ord795
ord693
ord755
ord2574
ord4396
ord3365
ord3635
ord2567
ord4390
ord3569
ord3254
ord4459
ord5286
ord3397
ord4418
ord3716
ord567
ord3281
ord6879
ord6667
ord3991
ord2634
ord470
ord609
ord3993
ord3084
ord4470
ord2385
ord5714
ord3792
ord1560
ord5228
ord2139
ord2859
ord1177
ord268
ord1561
ord5264
ord6868
ord537
ord690
ord6279
ord6278
ord4124
ord5679
ord1768
ord940
ord5568
ord2910
ord4197
ord922
ord925
ord2810
ord942
ord665
ord5803
ord1971
ord6381
ord5180
ord354
ord4272
ord2756
ord5349
ord6051
ord6896
ord1075
ord5198
ord3224
ord1225
ord538
ord1105
ord927
ord3313
ord4273
ord6655
ord5706
ord3658
ord5438
ord5446
ord6390
ord6920
ord6918
ord353
ord6654
ord2755
ord6898
ord389
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord3733
ord561
ord815
ord2078
ord1226
ord6640
ord2613
ord6433
ord1131
ord3948
ord2717
ord1220
ord1203
ord1202
ord5436
ord6379
ord4016
ord4015
ord1258
ord2225
ord4270
ord3614
ord283
ord3621
ord2406
ord5273
ord2855
ord5674
ord3871
ord5785
ord5783
ord5871
ord5869
ord6168
ord5732
ord3568
ord809
ord556
ord1088
ord2114
ord2746
ord2854
ord6871
ord6597
ord1791
ord3348
ord290
ord614
ord3998
ord2721
ord6466
ord2719
ord2722
ord654
ord772
ord610
ord801
ord341
ord500
ord287
ord541
ord4221
ord5599
ord5602
ord5598
ord5604
ord5854
ord5856
ord5853
ord6874
ord3253
ord539
ord6136
ord6138
ord6135
ord6139
ord5427
ord3343
ord4345
ord2984
ord3574
ord2617
ord297
ord619
ord2025
ord1196
ord2606
ord5852
ord941
ord2983
ord668
ord3176
ord3180
ord4053
ord2773
ord2762
ord356
ord3785
ord2836
ord2099
ord640
ord2442
ord1633
ord323
ord3566
ord5781
ord6921
ord536
ord3173
ord3142
ord2977
ord5257
ord2116
ord2438
ord3744
ord1720
ord5059
ord2640
ord6372
ord2047
ord3793
ord4435
ord4831
ord6370
ord5276
ord4347
ord5237
ord5157
ord2377
ord4073
ord4401
ord1767
ord4992
ord6048
ord2506
ord4667
ord5261
ord4269
ord5352
ord5804
ord1634
ord1569
ord1594
ord397
ord699
ord4183
ord912

kernel32

LoadLibraryExW
InterlockedExchange
SizeofResource
CloseHandle
GetSystemTime
LoadLibraryW
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
VirtualQueryEx
CreateDirectoryW
GetDriveTypeW
GetShortPathNameW
CopyFileW
OpenFile
GetPrivateProfileSectionW
WritePrivateProfileSectionW
ExpandEnvironmentStringsW
lstrcpynW
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
GetProcAddress
DeleteCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentThreadId
HeapDestroy
OpenProcess
TerminateProcess
LoadLibraryA
GetModuleFileNameW
DeleteFileW
WaitForSingleObject
FindClose
GetVersionExW
FindFirstFileW
WideCharToMultiByte
WritePrivateProfileStringW
lstrlenW
MultiByteToWideChar
GetTempPathW
lstrlenA
FindResourceW
LoadResource
GetPrivateProfileStringW
GetWindowsDirectoryW
FreeLibrary
WinExec
LockResource

user32

ReleaseDC
SetCursor
PtInRect
CopyIcon
IsWindow
InflateRect
GetMessagePos
ScreenToClient
GetWindowRect
GetParent
GetDC
CreateIconFromResource
LoadImageW
LoadCursorW
SystemParametersInfoW
InvalidateRect
SetTimer
EnableWindow
SetWindowLongW
KillTimer
DestroyCursor
RegisterWindowMessageW
DestroyIcon
LookupIconIdFromDirectory
SetActiveWindow
MessageBeep
LoadIconW
RedrawWindow
FillRect
GetSysColor
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SetForegroundWindow
SendMessageW
GetDesktopWindow
PostQuitMessage
MessageBoxW
FindWindowW
GetWindowThreadProcessId
IsWindowEnabled
GetActiveWindow

gdi32

CreateFontIndirectW
GetStockObject
GetObjectW
SetPixel
GetPixel
GetTextExtentPoint32W
BitBlt
CreateBitmap
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW

shell32

ShellExecuteW
SHGetDesktopFolder
SHGetMalloc
ExtractIconW

ole32

CLSIDFromString
CoCreateInstance
CoTaskMemAlloc
StringFromCLSID
StgCreateDocfile
StgOpenStorage
CoLoadLibrary
CoTaskMemFree
CoRevokeClassObject

oleaut32

VariantClear
SysAllocStringLen
SysFreeString
SysStringByteLen
SysStringLen
SysAllocString

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

71becbe6e87c0a466260f8f376b787f5

Headers

File Characteristics

Imports

ws2_32

shlwapi

msvcrt

mfc42u

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

Sections

.text Size: 268KB - Virtual size: 265KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 16KB - Virtual size: 13KB

.rsrc Size: 60KB - Virtual size: 57KB

.tc Size: 196KB - Virtual size: 196KB

.text
Size: 268KB - Virtual size: 265KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 60KB - Virtual size: 57KB

.tc
Size: 196KB - Virtual size: 196KB