e9a4aa611c0f8b33eab9d8ee2a9f20978b9bcab0db77c03a934ab8e13bdccf4a

Sharing

Copy URL Twitter E-mail

General

Target

e9a4aa611c0f8b33eab9d8ee2a9f20978b9bcab0db77c03a934ab8e13bdccf4a
Size

169KB
MD5

35afa543b6962e7f7c7da557394d324b
SHA1

3eb50c80638949f031731182a375782296292e7d
SHA256

e9a4aa611c0f8b33eab9d8ee2a9f20978b9bcab0db77c03a934ab8e13bdccf4a
SHA512

ce6f22560e195abce731b55ed7b78866b60a879e890abf5b56decd368a69b9f5d7167e6241e5236351bd8f0d3834a3bc4a131d62d33a8ba0d3a884851fcace8c
SSDEEP

3072:XFGhy0wocgP2fFqyLUx/KBDV/KOpZ6hP+MKmnTY0H4+GFVjvGJqx/S:XYhy0b+f0yLi/aV/9pZ6hPc8YmMnjuJt

Score

N/A

Malware Config

Signatures

Files

e9a4aa611c0f8b33eab9d8ee2a9f20978b9bcab0db77c03a934ab8e13bdccf4a
.dll windows x86

d135a0205b0bebf8a3fc4679d3459360

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
MultiByteToWideChar
lstrlenA
GetCurrentProcessId
lstrcatA
MoveFileA
GetModuleFileNameA
WinExec
FreeLibrary
CreateThread
CloseHandle
GetLocalTime
GetTickCount
LoadLibraryA
GetProcAddress
OutputDebugStringA
Sleep

user32

IsWindow
ReleaseDC
GetDC
SetRect
SendMessageA
LoadCursorA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
_CxxThrowException
puts
putchar
memmove
ceil
_ftol
strstr
rand
sprintf
strncpy
strchr
malloc
free
_except_handler3
strrchr
atoi
_snprintf
strncmp
_errno
wcscpy
strncat
system
wcstombs
_access
srand
_beginthreadex
calloc
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_strnicmp
_stricmp
_strupr
_strcmpi

ws2_32

bind
getsockname
getpeername
inet_ntoa
accept
listen
gethostname
connect
WSACleanup
WSAStartup
__WSAFDIsSet
ioctlsocket
htonl
WSASocketA
sendto
inet_addr
setsockopt
send
select
recv
ntohs
closesocket
socket
gethostbyname
recvfrom
htons

msvcp60

?_Xran@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

netapi32

NetLocalGroupAddMembers
NetUserAdd

Exports

Exports

CanLang
CanLangWangLuo
ScxC
ServiceMain
hEcQYEV
orTuNtoPifZ

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d135a0205b0bebf8a3fc4679d3459360

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

ws2_32

msvcp60

netapi32

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 136KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 13KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 224B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 137KB - Virtual size: 136KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 13KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 224B

.reloc
Size: 8KB - Virtual size: 7KB