796b7223e85be08991400de819d1147e481b02300a9e9c5a3feea3a64f65fb2e

Sharing

Copy URL Twitter E-mail

General

Target

796b7223e85be08991400de819d1147e481b02300a9e9c5a3feea3a64f65fb2e
Size

462KB
MD5

663d05df635d9cb2ce55b0367662d583
SHA1

433706e329616e150e4e6c85c9d44b8a1817467c
SHA256

796b7223e85be08991400de819d1147e481b02300a9e9c5a3feea3a64f65fb2e
SHA512

264adcf3da3c95910dd4aa884479a28e83c26055e46d645d2f542008284bd737f2f9e2a3dbe555f1f39c2537a47c760344455d6d9969f715bce52637cbe4c8b2
SSDEEP

12288:N1p7k5UT0URoinOXXrSxLxPxdj97ls7BPa5L0IHOBrlYDwMwM1e3MCH80SmZs9EO:N1p7k5UT0URoinOexLxPxdj97ls7BPaX

Score

N/A

Malware Config

Signatures

Files

796b7223e85be08991400de819d1147e481b02300a9e9c5a3feea3a64f65fb2e
.exe windows x86

af6b122ad69746046210393a35b4361d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
UnmapViewOfFile
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
HeapAlloc
lstrlenA
lstrcpyA
GetModuleFileNameA
GetVersionExA
GetModuleHandleA
HeapReAlloc
MapViewOfFile
CreateFileMappingA
GetProcessHeap
HeapFree
GetTempFileNameA
GlobalMemoryStatus
ExitThread
DeleteFileA
ReadFile
SetLastError
CreateFileA
GetFileSize
SetFilePointer
GetCurrentProcess
DuplicateHandle
FlushFileBuffers
GetCurrentThread
SetThreadPriority
GetExitCodeThread
GetLastError
WaitForMultipleObjects
WriteFile
GetTempPathA
lstrcpynA
MultiByteToWideChar
CreateThread
CreateEventA
WaitForSingleObject
CloseHandle
ResetEvent
FreeLibrary
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
SetEvent

atl

ord30

mfc42

ord537
ord2825
ord3815
ord2737
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4078
ord4425
ord5280
ord4407
ord1775
ord6052
ord4998
ord5265
ord3597
ord2514
ord4853
ord4376
ord1199
ord4274
ord561
ord815
ord1205
ord520
ord986
ord296
ord617
ord5214
ord5301
ord6199
ord1219
ord2725
ord823
ord4424
ord3738
ord4622
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord2614
ord1669
ord2652
ord1168
ord5583
ord5981
ord2915
ord5572
ord3698
ord765
ord6055
ord1776
ord5290
ord3402
ord3567
ord567
ord602
ord2302
ord6394
ord5450
ord6383
ord5440
ord2841
ord2107
ord6307
ord939
ord521
ord3287
ord6283
ord941
ord6008
ord4129
ord413
ord1825
ord4238
ord2486
ord4003
ord3573
ord338
ord652
ord2623
ord1206
ord1223
ord4823
ord3754
ord3296
ord4297
ord4133
ord2753
ord4000
ord6129
ord3755
ord6329
ord940
ord3813
ord6648
ord4426
ord4623
ord6175
ord6080
ord3198
ord3454
ord4387
ord2399
ord4858
ord4953
ord4420
ord5653
ord3172
ord5577
ord1746
ord5740
ord5243
ord2542
ord2510
ord6336
ord3065
ord3058
ord4696
ord656
ord4275
ord2086
ord2379
ord289
ord613
ord2764
ord924
ord6778
ord6215
ord3610
ord2576
ord3577
ord692
ord1797
ord2859
ord4123
ord4060
ord1719
ord3803
ord2860
ord1907
ord489
ord768
ord3476
ord4976
ord4742
ord4854
ord4258
ord4125
ord6028
ord5890
ord1908
ord496
ord771
ord1008
ord4715
ord4259
ord4431
ord2054
ord4439
ord5288
ord2528
ord1690
ord4835
ord5287
ord4377
ord4948
ord4905
ord5160
ord5162
ord5161
ord3352
ord4397
ord4217
ord2024
ord2413
ord6366
ord1771
ord4644
ord1928
ord527
ord794
ord4264
ord3481
ord2259
ord5477
ord2975
ord5910
ord4440
ord4836
ord4541
ord4732
ord2250
ord2429
ord6226
ord6224
ord2418
ord2398
ord2883
ord5851
ord1731
ord978
ord2511
ord2543
ord2544
ord3912
ord3257
ord3225
ord6271
ord6268
ord2568
ord6148
ord6230
ord6232
ord1841
ord4241
ord364
ord2582
ord4402
ord3370
ord3640
ord693
ord784
ord5260
ord4720
ord384
ord2096
ord3996
ord3998
ord2862
ord4533
ord4432
ord5875
ord2091
ord1725
ord3748
ord5281
ord5240
ord6054
ord4108
ord4960
ord4963
ord4524
ord4529
ord4526
ord4543
ord4545
ord4531
ord4889
ord4347
ord4340
ord4892
ord4370
ord4899
ord4588
ord4589
ord2864
ord355
ord3499
ord3175
ord2817
ord1842
ord4242
ord366
ord674
ord529
ord796
ord554
ord807
ord327
ord642
ord6491
ord502
ord774
ord620
ord4457
ord5252
ord2252
ord4287
ord5805
ord2515
ord3177
ord3021
ord6625
ord4163
ord2087
ord6619
ord6565
ord2117
ord6000
ord6067
ord6069
ord6197
ord5681
ord2863
ord3294
ord2108
ord3615
ord3356
ord4834
ord4852
ord4375
ord5016
ord4750
ord4716
ord4607
ord4635
ord5067
ord4427
ord4436
ord1665
ord2649
ord5282
ord5237
ord4077
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord5012
ord3350
ord4303
ord5103
ord5100
ord3059
ord2390
ord2723
ord5951
ord3095
ord4224
ord5953
ord303
ord813
ord1942
ord4220
ord2584
ord3654
ord1644
ord2438
ord4272
ord3914
ord6270
ord4464
ord5148
ord1726
ord4961
ord4964
ord4890
ord4723
ord4349
ord4341
ord5076
ord4532
ord3734
ord3399
ord5259
ord298
ord4230
ord283
ord3619
ord1233
ord2152
ord3583
ord2444
ord5248
ord5279
ord6369
ord5234
ord1711
ord1709
ord2389
ord4121
ord5471
ord4056
ord4364
ord2530
ord6154
ord282
ord1920
ord517
ord4262
ord6131
ord4692
ord5799
ord5768
ord5146
ord1175
ord3303
ord4710
ord2645
ord6334
ord3092
ord4234
ord5834
ord2044
ord2448
ord1576
ord2370
ord2299
ord860
ord641
ord324
ord922
ord926
ord858
ord539
ord5788
ord3693
ord3626
ord3663
ord2414
ord472
ord5785
ord1640
ord640
ord323
ord1641
ord1146
ord3571
ord535
ord2818
ord4160
ord800
ord540
ord798
ord533
ord825
ord2937

msvcrt

_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__dllonexit
_onexit
__CxxFrameHandler
_purecall
wcslen
strncpy
_controlfp
_XcptFilter
_exit
_c_exit
strtok
_setmbcp
atoi
_access
strrchr
_stricmp
__RTDynamicCast
memmove
strtoul
_CxxThrowException

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

advapi32

RegCreateKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

gdi32

CreateFontIndirectA
CreateHatchBrush
DeleteObject
CreateSolidBrush
GetCharWidthA
CreatePen
GetViewportOrgEx
BitBlt
CreateCompatibleDC
DPtoLP
SetTextColor
SetBkColor
ExtTextOutW
SelectObject
CreateFontA
ExtCreatePen
GetObjectA

user32

ReleaseDC
GetDC
DrawTextA
InflateRect
ShowWindow
SetWindowPos
MessageBeep
CreateWindowExA
RegisterClassA
LoadCursorA
DefWindowProcA
DestroyWindow
GetWindowPlacement
PostMessageA
LoadBitmapA
SendMessageA
MessageBoxA
EnableWindow
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
FillRect
IsWindow
SetRectEmpty
GetClientRect
EqualRect
OffsetRect
InvalidateRect
GetKeyState
GetSysColor
DrawFocusRect
GetWindowRect
KillTimer
SetTimer
GetParent
SetDlgItemTextA
EndDialog
DialogBoxParamA
BringWindowToTop
SystemParametersInfoA
SetRect
GetSystemMetrics
UpdateWindow
SetMenuDefaultItem
GetMenu
LoadMenuA
GetSubMenu
GetWindowLongA
SetWindowLongA
GetUpdateRect
BeginPaint
DrawEdge
LoadStringA
EndPaint
SetMenuItemBitmaps
DeleteMenu
GetActiveWindow
GetCursorPos
PtInRect
GetScrollInfo
IsIconic

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize

comctl32

ImageList_AddMasked

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tc
Size: 198KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af6b122ad69746046210393a35b4361d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

atl

mfc42

msvcrt

msvcp60

advapi32

gdi32

user32

ole32

comctl32

Sections

.text Size: 189KB - Virtual size: 188KB

.data Size: 6KB - Virtual size: 8KB

.rsrc Size: 67KB - Virtual size: 66KB

.tc Size: 198KB - Virtual size: 200KB

.text
Size: 189KB - Virtual size: 188KB

.data
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 67KB - Virtual size: 66KB

.tc
Size: 198KB - Virtual size: 200KB