b7f31cbfecda7d70a7f2e4e7af01241f35e353159d627c033a618e3548aadc39

Sharing

Copy URL Twitter E-mail

General

Target

b7f31cbfecda7d70a7f2e4e7af01241f35e353159d627c033a618e3548aadc39
Size

296KB
MD5

8badf9a8f7bcf49ed97c30265c17b7ea
SHA1

b6f76c57726bb2e281c1eeef1c8114450f67b203
SHA256

b7f31cbfecda7d70a7f2e4e7af01241f35e353159d627c033a618e3548aadc39
SHA512

23702f4d9e2ffd430e41eaccff1f9dd0566a08a790e14209b202167cc96a2b941117e3cbf3277cecf4055f3b25ec670123521581a3a36226d0093dcff1d37543
SSDEEP

6144:yCJcyH1AC2kt2O1Wl0MO083qwC3B7yfsZOGsIQFgn9jrQh7W:yUcyVAC2knWl0MO083qF3B7DJQFWjrk

Score

N/A

Malware Config

Signatures

Files

b7f31cbfecda7d70a7f2e4e7af01241f35e353159d627c033a618e3548aadc39
.exe windows x86

ae770693bb453e476bfcfdda4570cae7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
lstrlenA
LockResource
GetModuleFileNameW
GetLastError
SizeofResource
FindResourceW
FindResourceExW
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
HeapFree
CreateMutexW
GetPrivateProfileIntW
DeleteFileA
WaitForSingleObject
DeleteFileW
SetLastError
GetPrivateProfileStringW
GetFullPathNameW
FindFirstFileW
CloseHandle
FindNextFileW
FindClose
InterlockedCompareExchange
GetProcAddress
Sleep
LoadLibraryExW
FreeLibrary
CreateEventA
WaitForMultipleObjects
SetEvent
ReleaseMutex
DuplicateHandle
LoadLibraryA
SleepEx
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetExitCodeThread
TerminateThread
ReadFile
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
FormatMessageA
CreateMutexA

ole32

CoInitialize
OleRun
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString

msvcp80

??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z

wininet

InternetQueryOptionW

msvcr80

memset
_CxxThrowException
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
_gmtime64
_errno
fputc
sprintf
fputs
fgets
strncmp
memchr
_strtoi64
isspace
isdigit
fseek
strncpy
atoi
tolower
sscanf
memmove
strstr
strtoul
fwrite
strchr
isxdigit
strtol
__iob_func
fopen
fread
fclose
strrchr
_stat64
_time64
memcpy
malloc
realloc
wcscpy_s
swprintf_s
_wcsicmp
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
_beginthreadex
_invalid_parameter_noinfo
wcslen
??_V@YAXPAX@Z
free
??2@YAPAXI@Z
calloc
wcscspn
wcsspn
wcsrchr
wcsstr
_recalloc
wcscpy
_wcsupr_s
wcscmp
memmove_s
memcpy_s
_wtoi
??3@YAXPAX@Z
_lseeki64
fflush
_fstat64
getenv
isalnum
isalpha
strerror
__sys_nerr
_strdup
_stricmp
_strnicmp
_close
_fileno
_open
_read
wcschr

ws2_32

gethostbyname
socket
connect
setsockopt
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
WSACleanup
WSASetLastError
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket
sendto
WSAStartup

wldap32

ord32
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord35

user32

UnregisterClassA

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ae770693bb453e476bfcfdda4570cae7

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

msvcp80

wininet

msvcr80

ws2_32

wldap32

user32

Sections

.text Size: 156KB - Virtual size: 154KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 96KB - Virtual size: 96KB

.text
Size: 156KB - Virtual size: 154KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 96KB - Virtual size: 96KB