44bbe43f0dc775ccac541dd64e513fa1276988f9da5cd9fe944f40443d46db3b

Sharing

Copy URL Twitter E-mail

General

Target

44bbe43f0dc775ccac541dd64e513fa1276988f9da5cd9fe944f40443d46db3b
Size

2.1MB
MD5

557543beeb8a3df730a237cf6aaca680
SHA1

0ead44668d1fe809b393e5491ad13977b2d6d8eb
SHA256

44bbe43f0dc775ccac541dd64e513fa1276988f9da5cd9fe944f40443d46db3b
SHA512

c4195293ec7cd438b7d5ba6626033522fc2cf2f860bab8cb2c7b9d5e703ea4f92b6904fe7481aa862b92e0dd6291f3285433315cbb227d95ee0727820b3ac7fb
SSDEEP

6144:8piNd1C/Oizc5ifc6X8JPKPypVf4UhioysKLUi:0iNP3izVqZyii

Score

N/A

Malware Config

Signatures

Files

44bbe43f0dc775ccac541dd64e513fa1276988f9da5cd9fe944f40443d46db3b
.exe windows x86

daef2067c962acea341b65841914aa8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avicap32

capGetDriverDescriptionA

msvfw32

ICSendMessage

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

kernel32

lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemInfo
SetErrorMode
SetFileAttributesA
CopyFileA
GetModuleFileNameA
GetStartupInfoA
OpenProcess
CreateEventA
SetEvent
GetModuleHandleA
LeaveCriticalSection
GetProcAddress
LoadLibraryA
ResetEvent
lstrcpyA
InterlockedExchange
Process32Next
GetLocalTime
Sleep
CreateThread
GetCurrentProcessId
HeapAlloc
GetProcessHeap
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
GetWindowsDirectoryA
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
OutputDebugStringA
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
CloseHandle
MultiByteToWideChar
CreateProcessA
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetTickCount
GetFileSize

user32

GetUserObjectInformationA
OpenInputDesktop
wsprintfA
CharNextA
ExitWindowsEx
GetWindowTextA
LoadCursorA
DestroyCursor
BlockInput
SystemParametersInfoA
SendMessageA
keybd_event
MapVirtualKeyA
GetThreadDesktop
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
GetCursorPos
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenDesktopA
PostMessageA
CreateWindowExA
CloseWindow
IsWindow
SetCapture

gdi32

SelectObject
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
GetDIBits
CreateCompatibleBitmap
CreateDIBSection

advapi32

LookupAccountNameA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateServiceA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyA
RegEnumKeyExA
RegEnumValueA
OpenEventLogA
ClearEventLogA
CloseEventLog
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
RegOpenKeyExA
IsValidSid
RegCloseKey

shell32

SHGetSpecialFolderPathA

msvcrt

strrchr
memcpy
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
strlen
??0exception@@QAE@ABV0@@Z
_strcmpi
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
calloc
_beginthreadex
clock
printf
strncat
exit
puts
wcscpy
_errno
strncmp
??1type_info@@UAE@XZ
atoi
_except_handler3
free
malloc
strchr
strncpy
sprintf
rand
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
ceil
memmove
??3@YAXPAX@Z

ws2_32

inet_addr
sendto
htonl
inet_ntoa
getsockname
bind
getpeername
accept
listen
send
__WSAFDIsSet
gethostname
gethostbyname
htons
connect
setsockopt
WSACleanup
WSAStartup
select
closesocket
recv
ntohs
recvfrom
socket

netapi32

NetUserAdd
NetLocalGroupAddMembers

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daef2067c962acea341b65841914aa8a

Headers

File Characteristics

Imports

avicap32

msvfw32

wininet

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ws2_32

netapi32

psapi

wtsapi32

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB