aa4b99763a33a2f722b2c2c6a1a21702ddc2063c1752957472b2939d1cdc5b7c

Sharing

Copy URL Twitter E-mail

General

Target

aa4b99763a33a2f722b2c2c6a1a21702ddc2063c1752957472b2939d1cdc5b7c
Size

748KB
MD5

eb3fd2689270cb074f8a156773ba9292
SHA1

1514665f60d4787cd2a7d08f45f854c8ba0a810e
SHA256

aa4b99763a33a2f722b2c2c6a1a21702ddc2063c1752957472b2939d1cdc5b7c
SHA512

864af18283c41f0800671c4edc6cb1458550b660b9fb85a91e2f41c56c749a7d1a96d42a133f31c67fb7b444fe68df33a4afd564dbd2eb555c493545cbdbe5e6
SSDEEP

12288:Cc/Y1krOBFHihmvW/+CSK6uQhBrlrLxcpXdwW/xwTsVpuap0rQCBNo3w5x:h/Y1kqqhmfCSBusBBfxcddwW/xwTsVpQ

Score

N/A

Malware Config

Signatures

Files

aa4b99763a33a2f722b2c2c6a1a21702ddc2063c1752957472b2939d1cdc5b7c
.exe windows x86

67fbb0a75e3d1e3475a38f7bcf6537c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteValueA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCreateKeyExA
ChangeServiceConfig2A
CloseServiceHandle
CreateServiceA
OpenSCManagerA
OpenServiceA
StartServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
OpenThreadToken
RegQueryValueExA
EnumServicesStatusA
ControlService
DeleteService
RegEnumKeyExA
RegQueryInfoKeyA

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
CreateDCA
BitBlt
GetDIBits

msvcrt

_controlfp
__set_app_type
__p__fmode
_acmdln
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
signal
fputs
gmtime
getenv
_setmode
_isctype
__mb_cur_max
_pctype
tolower
_iob
abort
bsearch
realloc
qsort
time
isdigit
calloc
printf
perror
_errno
strerror
__p__commode
wcstombs
mbstowcs
wcscpy
memchr
toupper
_except_handler3
fgets
fprintf
strcat
sscanf
fputc
wcscat
strtok
sprintf
rand
srand
fwrite
fopen
fseek
ftell
fread
fclose
malloc
free
_ftol
exit
strncmp
atof
strchr
strncat
memcmp
system
atoi
strcmp
strcpy
memmove
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_adjust_fdiv
__setusermatherr
_initterm
fflush
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_stricmp
_memccpy
_strdup
__CxxFrameHandler
??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
strstr
memset
memcpy
strncpy
strlen
_vsnprintf
wcslen
isspace
_getch
_stat
_fileno
__getmainargs

msvcp60

?_Xlen@std@@YAXXZ
?_Xran@std@@YAXXZ

kernel32

WideCharToMultiByte
GetUserDefaultLCID
GetStringTypeA
LCMapStringA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetStartupInfoA
FlushConsoleInputBuffer
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
SetLastError
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
TransactNamedPipe
GetDiskFreeSpaceExA
GetLogicalDrives
GetDriveTypeA
FindFirstFileA
FindNextFileA
FindClose
GetCurrentThread
GetCurrentProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
VirtualFreeEx
CreateEventA
MoveFileA
CreateDirectoryA
RemoveDirectoryA
GetTempPathA
MultiByteToWideChar
GetLastError
CopyFileA
GetModuleFileNameA
OpenProcess
GetModuleHandleA
CreateThread
TerminateThread
FreeConsole
AllocConsole
GetStdHandle
CreateNamedPipeA
WaitNamedPipeA
TerminateProcess
GlobalMemoryStatus
GetVersionExA
GetComputerNameA
ExpandEnvironmentStringsA
CreateProcessA
GetSystemDirectoryA
DeleteFileA
ExitProcess
GlobalAlloc
WriteFile
GlobalFree
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
GetFileSize
CloseHandle
SetFilePointer
ReadFile
Sleep
GetTickCount

user32

ExitWindowsEx
ReleaseDC
wsprintfA
LoadStringA

shell32

ShellExecuteA
SHGetDiskFreeSpaceExA

ws2_32

WSASetLastError
shutdown
recvfrom
getsockopt
WSASocketA
setsockopt
htonl
sendto
gethostname
WSAIoctl
gethostbyaddr
inet_ntoa
ioctlsocket
getpeername
connect
WSAGetLastError
__WSAFDIsSet
WSACleanup
WSAStartup
socket
htons
bind
getsockname
listen
gethostbyname
ntohs
ntohl
select
closesocket
accept
send
recv
inet_addr

netapi32

NetRemoteTOD
NetUseAdd
NetApiBufferFree
NetShareEnum
NetUserEnum
NetScheduleJobAdd
NetUseDel

mpr

WNetCancelConnection2A
WNetAddConnection2A
WNetAddConnection2W
WNetCancelConnection2W

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA

dnsapi

DnsQuery_A

odbc32

ord9
ord11
ord41
ord24
ord31
ord75

Sections

.text
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rvelpmq
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

67fbb0a75e3d1e3475a38f7bcf6537c4

Headers

File Characteristics

Imports

advapi32

gdi32

msvcrt

msvcp60

kernel32

user32

shell32

ws2_32

netapi32

mpr

psapi

dnsapi

odbc32

Sections

.text Size: 528KB - Virtual size: 527KB

.rdata Size: 88KB - Virtual size: 87KB

.data Size: 100KB - Virtual size: 126KB

.rvelpmq Size: 16KB - Virtual size: 16KB

Size: 12KB - Virtual size: 9KB

.text
Size: 528KB - Virtual size: 527KB

.rdata
Size: 88KB - Virtual size: 87KB

.data
Size: 100KB - Virtual size: 126KB

.rvelpmq
Size: 16KB - Virtual size: 16KB