c80543470a52693c97c70e8d619d9b76e7c920e25e13b6db345fe2d71e2d4e94

Sharing

Copy URL

Twitter E-mail

General

Target

c80543470a52693c97c70e8d619d9b76e7c920e25e13b6db345fe2d71e2d4e94
Size

456KB
MD5

c83400a4d05a9105200010ec0c1e1896
SHA1

6633958321d8f98e9e5f1f2958a0787a380cd692
SHA256

c80543470a52693c97c70e8d619d9b76e7c920e25e13b6db345fe2d71e2d4e94
SHA512

4f38d51f6cb4db21b8bf06cf68b09694379ce5a65b0adeab104a92639bf9810947d0a8d6d1afaef24f3c0c50332582a0417d1b2d1d6a9b182af8e59c8833b0ec
SSDEEP

6144:4WpdkD+0Dp6+gNm5C/JDfdc24FTRWioxzbukMGlH2hySuNsBnMt00QO4m4Ulw:jcD+2E+YfGFRlo9jMGx2hySuputma

Score

N/A

Malware Config

Signatures

Files

c80543470a52693c97c70e8d619d9b76e7c920e25e13b6db345fe2d71e2d4e94
.exe windows x86

dba3f9120dedab2898f677466477d0b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90u

ord333
ord5867
ord4324
ord6094
ord6095
ord4131
ord2592
ord3185
ord4527
ord3741
ord6065
ord4410
ord4541
ord2597
ord2901
ord6109
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2274
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord3140
ord4910
ord595
ord797
ord3953
ord2630
ord3286
ord3489
ord3622
ord1665
ord1272
ord801
ord4652
ord611
ord3768
ord1149
ord1354
ord2106
ord909
ord3543
ord3488
ord4741
ord6187
ord6013
ord814
ord4494
ord899
ord286
ord280
ord3220
ord285
ord1607
ord935
ord1599
ord811
ord813
ord938
ord5663
ord4211
ord1098
ord265
ord266
ord2447
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2074
ord2904
ord6636
ord2069
ord1262
ord4044
ord3355
ord6411
ord1754
ord1751
ord4345
ord1493
ord4664
ord5602
ord5512
ord6800
ord4603
ord5664
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord589
ord794
ord4043
ord3949
ord2372
ord296
ord2537
ord1183
ord600
ord1383
ord1137
ord2625
ord799
ord2623
ord2621
ord2638

msvcr90

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__set_app_type
_encode_pointer
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_wtol
towupper
swscanf
wcsncat
wcsrchr
ferror
_wsplitpath
_vsnwprintf
wcscmp
wcscat
memcpy
wcslen
wcscpy
_time64
__iob_func
printf
_wcsnicmp
_swprintf
_wfopen
fwrite
fflush
fclose
_wrename
wcschr
_waccess
_wcsicmp
_wchmod
_errno
?_wsopen@@YAHPB_WHHH@Z
memcmp
_close
malloc
wcsstr
wcsncpy
_wtoi
_wcsupr
_snwprintf
memset
free
_wcsdup
_itow
__CxxFrameHandler3
_localtime64
strchr
memmove
wcstombs
ungetc
__p__fmode
_vsnwprintf_s
fputc
fgetc
fputs
fgets
_wunlink
_wstat64i32
_fseeki64
_ftelli64
fread
clearerr
_unlock_file
_lock_file
mbstowcs
strlen
_wassert
calloc
strtoul
_wsopen
_filelength
_lseek
_read
_wsplitpath_s
wcsncmp
iswalnum
iswspace
vswprintf_s
_wfopen_s
srand
rand
realloc
swscanf_s
wcsncat_s
swprintf_s
wcscat_s
wcsncpy_s
wcscpy_s

kernel32

CreateMutexW
SetLastError
LoadLibraryA
LoadLibraryExW
OpenEventW
PulseEvent
MoveFileW
RaiseException
lstrcpynW
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
UnmapViewOfFile
ExpandEnvironmentStringsA
BackupRead
GlobalAlloc
GlobalFree
OpenProcess
CreateFileMappingW
OpenFileMappingW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
SystemTimeToFileTime
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTempPathW
ReleaseSemaphore
CreateSemaphoreW
GetSystemDirectoryW
GetWindowsDirectoryW
QueryPerformanceCounter
GetLocalTime
CreateProcessW
GetDateFormatW
FileTimeToSystemTime
FormatMessageW
LocalFree
SetFilePointer
FlushFileBuffers
ResumeThread
SuspendThread
GetDiskFreeSpaceExW
ExitThread
lstrcpyW
GetPriorityClass
ReadFile
GetSystemTime
LoadLibraryW
GetProcAddress
FreeLibrary
SetErrorMode
GetVolumeInformationW
QueryDosDeviceW
lstrlenW
GetVersionExW
Beep
MapViewOfFile
GetFileSize
WriteFile
MoveFileExW
GetLongPathNameW
GetDriveTypeW
GetProcessHeap
HeapAlloc
CreateFileW
DeviceIoControl
HeapFree
FindFirstFileW
FindNextFileW
FindClose
GetCurrentProcessId
CloseHandle
TerminateThread
WaitForSingleObject
Sleep
WaitForMultipleObjects
SetThreadPriority
CreateThread
SetEvent
ResetEvent
CreateEventW
GetProcessAffinityMask
GetCurrentProcess
GetComputerNameW
DeleteFileW
CopyFileW
GetModuleHandleW
GetExitCodeProcess
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
GetLastError
OpenSemaphoreW
SetPriorityClass
GetFileAttributesW

user32

SendMessageW
GetParent
ReleaseDC
GetDC
ScreenToClient
GetWindowRect
DrawStateW
InflateRect
CopyRect
LoadImageW
LoadIconW
DrawIconEx
FillRect
InvalidateRect
DestroyIcon
GetFocus
GetLastActivePopup
MessageBoxW
EnableWindow
wsprintfW
GetForegroundWindow
DispatchMessageW
TranslateMessage
PeekMessageW
GetActiveWindow
IsWindow
MessageBeep
ExitWindowsEx
LoadStringW
GetSystemMetrics

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegSetValueExW
DuplicateTokenEx
ImpersonateLoggedOnUser
SetThreadToken
GetSecurityInfo
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo
CreateProcessAsUserW
LookupAccountSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetUserNameW
RevertToSelf
RegQueryValueExW
ReportEventW
DeregisterEventSource
RegisterEventSourceW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
StartServiceW
CloseServiceHandle
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW

shell32

ShellExecuteW

comctl32

_TrackMouseEvent
ord17

ole32

CoInitialize
CoCreateInstance

winmm

sndPlaySoundW

gdi32

CreateSolidBrush
RoundRect
GetTextExtentPoint32W
GetPixel
SetPixel
CreatePen

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 353KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dba3f9120dedab2898f677466477d0b9

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

advapi32

shell32

comctl32

ole32

winmm

gdi32

version

Sections

.text Size: 353KB - Virtual size: 353KB

.rdata Size: 50KB - Virtual size: 49KB

.data Size: 7KB - Virtual size: 35KB

.rsrc Size: 44KB - Virtual size: 44KB

.text
Size: 353KB - Virtual size: 353KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 7KB - Virtual size: 35KB

.rsrc
Size: 44KB - Virtual size: 44KB