a27d0505237b0f73b46f40ed0cb141f03829f4ada7da84bf456362549ea3effe

Sharing

Copy URL

Twitter E-mail

General

Target

a27d0505237b0f73b46f40ed0cb141f03829f4ada7da84bf456362549ea3effe
Size

40KB
MD5

8e72f4d9a24c94ac690b271ab47b739a
SHA1

a9fe6d37e963d41cd4f74dfb158e8387da9e1299
SHA256

a27d0505237b0f73b46f40ed0cb141f03829f4ada7da84bf456362549ea3effe
SHA512

45e85d6e6a258f2f613ef2bec9517257abd7953dc6433e8c25a26055e5fcfc1b153d843e610c33dcd4e642264aa2fb63d3842b14a3cce47f63a69002a8f0f1f0
SSDEEP

768:+rHsQqHbQBgy3mWMLv9cZsjSVEVzdeQYHs8/LMquPPbkO:+r/fBgy2WMLlOswCdS3oqyPbT

Score

N/A

Malware Config

Signatures

Files

a27d0505237b0f73b46f40ed0cb141f03829f4ada7da84bf456362549ea3effe
.exe windows x86

243aaa5e57723768ad7d31e53af1dec1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlEnlargedUnsignedDivide
RtlDeleteNoSplay
ZwFlushVirtualMemory
LdrSetDllManifestProber
NtWaitHighEventPair
NtCloseObjectAuditAlarm
RtlAdjustPrivilege
RtlNormalizeProcessParams
iswlower
VerSetConditionMask
RtlSubtreePredecessor
ZwReleaseSemaphore
RtlCreateUnicodeString
RtlTraceDatabaseDestroy
RtlRegisterWait
RtlAddAce
NtResetWriteWatch
RtlExpandEnvironmentStrings_U
ZwPlugPlayControl
NtAlertThread
ZwSetHighWaitLowEventPair
RtlLargeIntegerToChar
_wcsupr
NtSetVolumeInformationFile
NtSetDefaultLocale
RtlEqualString
KiUserCallbackDispatcher
NtCompressKey
RtlInitializeCriticalSectionAndSpinCount
ZwCreateEvent
NtWaitForKeyedEvent
wcstombs
RtlSetCurrentEnvironment
RtlSetOwnerSecurityDescriptor
NtDisplayString
isupper
NtQueryInformationThread

msvcrt40

?get@istream@@QAEAAV1@AAD@Z
_filelengthi64
__lconv_init
?raw_name@type_info@@QBEPBDXZ
?write@ostream@@QAEAAV1@PBDH@Z
??_Eostrstream@@UAEPAXI@Z
?setb@streambuf@@IAEXPAD0H@Z
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
abort
_purecall
??1bad_cast@@UAE@XZ
??1ostream@@UAE@XZ
strncpy
_stati64
?snextc@streambuf@@QAEHXZ
_heapmin
?attach@ifstream@@QAEXH@Z
_CxxThrowException
iswascii
??_Glogic_error@@UAEPAXI@Z
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
??4ostream@@IAEAAV0@ABV0@@Z
_findnexti64
__fpecode
vswprintf
_yn
_cprintf
?close@filebuf@@QAEPAV1@XZ
__threadhandle
_fgetchar
_strrev
_memccpy
?x_maxbit@ios@@0JA
isspace
abs
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
islower
fopen
?getline@istream@@QAEAAV1@PADHD@Z
ftell

kernel32

TerminateJobObject
GetModuleHandleW
GlobalFlags
GetProcessPriorityBoost
GetTempFileNameW
GetEnvironmentStrings
GetTapeStatus
HeapSize
GetDiskFreeSpaceA
GetSystemDefaultUILanguage
CreateTimerQueueTimer
ReplaceFileA
LoadLibraryA
SetLocaleInfoA
FillConsoleOutputCharacterW
OpenJobObjectW
VirtualAlloc
PrivMoveFileIdentityW
GetStartupInfoW
HeapCreate
AddLocalAlternateComputerNameW
LoadLibraryExA
GetSystemPowerStatus
GetTickCount
ReadFile
QueryDosDeviceW
RegisterWaitForSingleObjectEx
PulseEvent
GetModuleHandleA
lstrlenW
ShowConsoleCursor
GetSystemTimeAdjustment
GetProcessHeaps
OpenConsoleW
GetVolumeInformationW
PrepareTape
FindActCtxSectionGuid

dbghelp

DbgHelpCreateUserDump
SymEnumTypes
SymUnloadModule64
SymEnumSourceFiles
FindExecutableImage
StackWalk64
EnumerateLoadedModules64
SymEnumerateSymbolsW64
ImageDirectoryEntryToDataEx
SymGetSymFromName
SymSetOptions
GetTimestampForLoadedLibrary
SymGetTypeInfo
ImageNtHeader
SymUnloadModule
SymGetLineFromAddr
SymGetTypeFromName
SearchTreeForFile
SymRegisterCallback
SymFunctionTableAccess64
SymUnDName64
SymEnumSym
SymGetLineNext64
SymGetLinePrev
SymGetFileLineOffsets64
SymGetSymNext
SymGetLineFromAddr64
SymGetLinePrev64
SymRegisterFunctionEntryCallback
DbgHelpCreateUserDumpW

olecli32

OleQueryCreateFromClip
DibCopy
MfClone
OleSetLinkUpdateOptions
OleQueryReleaseMethod
PbCreateInvisible
DibClone
MfChangeData
OleCreateFromTemplate
LeEnumFormat
MfEqual
DefCreate
LeActivate
OleObjectConvert
OleQueryReleaseStatus
DibGetData
LeEqual
OleRename
ErrExecute
OleLoadFromStream
OleDraw
LeObjectLong
DefCreateLinkFromClip
GenEqual
GenCopy
WEP
LeCopy
ErrUpdate

oleaut32

VarCyFromDisp
VarNumFromParseNum
VarI2FromDate
VariantChangeType
LoadTypeLib
VarBoolFromUI2
SysStringLen
VarCyFromUI8
VectorFromBstr
SetOaNoCache
VarI8FromI2
DosDateTimeToVariantTime
DispCallFunc
VarR8Pow
VarUI1FromR8
VarI4FromDate
VarCyFix
VarDecCmpR8
VarSub
VarI1FromBool
VarBstrFromUI2
VarI8FromDec
VarI2FromDisp
VarUI1FromI1
VarDecFix
VariantInit
VarDecSub
VarBstrFromR4
GetRecordInfoFromGuids
VarNot
VarOr

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

243aaa5e57723768ad7d31e53af1dec1

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt40

kernel32

dbghelp

olecli32

oleaut32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 2KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 2KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B