e4f2afd86d1d45b9c9913a1b78f90d3bd7715b5fd3d86dc2e14b3bdcfe3e6bab

Sharing

Copy URL

Twitter E-mail

General

Target

e4f2afd86d1d45b9c9913a1b78f90d3bd7715b5fd3d86dc2e14b3bdcfe3e6bab
Size

52KB
MD5

021ec0a8951775de58915004c7c97f00
SHA1

7fa936a7700aafc2fee4c8daf86d1a85a9e3cc8d
SHA256

e4f2afd86d1d45b9c9913a1b78f90d3bd7715b5fd3d86dc2e14b3bdcfe3e6bab
SHA512

b58988ba7cb2699f3da45ec88f22b4cec8ab17dcf0fe23c20af1a67f362131fc0d92d4696bb5767a9cf1de79b416446d0e2c9984c3a8789fa617ad573d7e270f
SSDEEP

768:kQ6r9LtMZKCGJEdCDhc1NDZo0Veodna6:kDatvdqhKto0VVa

Score

N/A

Malware Config

Signatures

Files

e4f2afd86d1d45b9c9913a1b78f90d3bd7715b5fd3d86dc2e14b3bdcfe3e6bab
.dll windows x86

b777c1ba534b255d7230cfa87ff0adc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcessModules
EnumProcesses
GetProcessImageFileNameA
GetModuleFileNameExA

mfc42

ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord561
ord665
ord1979
ord6385
ord5186
ord354
ord690
ord711
ord6302
ord939
ord538
ord4168
ord413
ord5356
ord6657
ord6881
ord1075
ord3147
ord3229
ord858
ord389
ord798
ord535
ord2915
ord1997
ord924
ord1243
ord5465
ord3318
ord5194
ord533
ord823
ord860
ord5448
ord5778
ord3790
ord5710
ord1168
ord1575
ord1176
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord1570
ord1197
ord2554
ord4486
ord6375
ord4274
ord540
ord3811
ord3337
ord800
ord537
ord825
ord1116
ord1577
ord1182
ord342
ord5204
ord4171

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_EH_prolog
fread
fseek
ftell
_chdir
_findfirst
_access
_findclose
fopen
fclose
_mbscmp
strncpy
free
strstr
malloc
__CxxFrameHandler
memchr
_itoa
_ltoa
_strlwr
isalnum
_findnext

kernel32

OpenProcess
GetShortPathNameA
CloseHandle
GetCurrentProcess
GetComputerNameA
DeleteFileA
Sleep
CopyFileA
GetLastError
CreateThread
MultiByteToWideChar
LocalFree
LocalAlloc

user32

GetWindowTextA
GetAsyncKeyState
GetKeyState
GetWindowTextLengthA
GetWindowThreadProcessId
FindWindowA
CharLowerA
GetForegroundWindow

advapi32

RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance

urlmon

URLDownloadToFileA

msvcp60

??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Xlen@std@@YAXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b777c1ba534b255d7230cfa87ff0adc9

Headers

File Characteristics

Imports

psapi

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

urlmon

msvcp60

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 108KB

.rsrc Size: 4KB - Virtual size: 968B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 108KB

.rsrc
Size: 4KB - Virtual size: 968B

.reloc
Size: 4KB - Virtual size: 3KB