de118fd8d264abcab4ef4dfc90566d24aba6d0e95d8200b782ae5196e3e59519

Sharing

Copy URL Twitter E-mail

General

Target

de118fd8d264abcab4ef4dfc90566d24aba6d0e95d8200b782ae5196e3e59519
Size

596KB
MD5

33039f0467255f1f06f05338d654095c
SHA1

a88a09ab714e054f0ce11b238d762af81e6f166a
SHA256

de118fd8d264abcab4ef4dfc90566d24aba6d0e95d8200b782ae5196e3e59519
SHA512

09c1b6593e4675cb332fe2314ee727d664ac7f18733ea7f4859e3a73ddcd457db7a6da2314e4eea31321c962acba6ab57a437b775ed61b764ba405c54b30b566
SSDEEP

6144:VIkKC1fTWkadMZFlz6ObPbbEdonw/QCMMs:DKK1J6OzPEdonKQCMMs

Score

N/A

Malware Config

Signatures

Files

de118fd8d264abcab4ef4dfc90566d24aba6d0e95d8200b782ae5196e3e59519
.exe windows x86

18f5fc32a3dd44a7d3af54c06a3a9c79

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5300
ord5302
ord4079
ord4698
ord5714
ord4622
ord3738
ord561
ord815
ord2086
ord2621
ord1134
ord1247
ord2725
ord5307
ord5289
ord2587
ord4406
ord3394
ord3729
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord804
ord692
ord1146
ord1168
ord537
ord6241
ord6785
ord4160
ord2863
ord6453
ord4299
ord3097
ord3301
ord6907
ord6007
ord3998
ord5572
ord2915
ord858
ord3302
ord3873
ord3499
ord2515
ord355
ord6662
ord4129
ord5710
ord2764
ord4202
ord4204
ord3803
ord2818
ord5683
ord4277
ord2763
ord4220
ord2584
ord3654
ord2438
ord3663
ord1644
ord4278
ord3286
ord6283
ord6282
ord6334
ord6663
ord3874
ord623
ord629
ord1973
ord1975
ord4295
ord3166
ord1572
ord4061
ord5176
ord310
ord5174
ord304
ord924
ord941
ord922
ord1175
ord535
ord5450
ord6394
ord5440
ord6383
ord2841
ord2107
ord1842
ord2723
ord2390
ord3059
ord5100
ord3346
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord366
ord674
ord4242
ord5252
ord2614
ord538
ord926
ord939
ord5308
ord4779
ord5811
ord5482
ord2032
ord4411
ord4447
ord4863
ord4975
ord967
ord3717
ord4919
ord4335
ord6743
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord6515
ord616
ord5981
ord6669
ord5953
ord2301
ord2362
ord6876
ord3177
ord6880
ord2299
ord2363
ord2289
ord3790
ord940
ord665
ord1979
ord2393
ord5442
ord3318
ord5186
ord354
ord541
ord801
ord2820
ord3811
ord4243
ord6696
ord1949
ord818
ord2152
ord1233
ord3810
ord4275
ord920
ord1737
ord1929
ord3721
ord3619
ord795
ord3626
ord2414
ord3797
ord5875
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord2864
ord2642
ord523
ord2077
ord2029
ord5797
ord5479
ord1995
ord791
ord2370
ord860
ord6380
ord6197
ord656
ord540
ord800
ord3610
ord2379
ord3092
ord6199
ord6215
ord765
ord609
ord3574
ord3402
ord4396
ord2575
ord3698
ord4710
ord3996
ord4234
ord2302
ord693
ord324
ord567
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord3640
ord4424
ord3370
ord5290
ord4402
ord1776
ord6055
ord2582
ord823
ord825
ord5103
ord1200
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
__dllonexit
malloc
free
_ftol
strncmp
strstr
setlocale
isspace
_splitpath
_makepath
_setmbcp
_itoa
_strdup
_strupr
_strnicmp
_stricmp
memset
memcpy
strlen
__CxxFrameHandler
sprintf
strcpy
_mbscmp
fclose
fprintf
fopen
strcmp
fscanf
_except_handler3
strcat
strrchr
_mbsnbicmp
memmove
_mbsicmp
sscanf
atoi
fgetc
strncpy
strtol
fread
ftell
fseek
fwrite
_mbsnbcpy
_mbclen
_mbschr
_mbsnbcmp
wctomb
mbtowc
_mbsstr
strerror
_errno
strncat
_controlfp

kernel32

OpenProcess
TerminateProcess
GetFileAttributesExA
ResumeThread
CompareFileTime
GetProcAddress
SetLastError
GetTickCount
SuspendThread
GetTimeZoneInformation
lstrcmpA
GetVersion
GetCurrentDirectoryA
GetStartupInfoA
FreeLibrary
LoadLibraryA
GetLocalTime
GetComputerNameA
GetLastError
CreateMutexA
CloseHandle
lstrlenA
SystemTimeToFileTime
GetSystemTime
Sleep
GetModuleFileNameA
GetFileAttributesA
CreateDirectoryA
SetFileAttributesA
GetSystemDirectoryA
GetCurrentProcessId
DeviceIoControl
GetModuleHandleA
CreateFileA
CreateThread
GetWindowsDirectoryA
SetLocalTime
GetCurrentProcess
SetFilePointer
ReadFile
DeleteFileA
Process32Next
Process32First
CreateToolhelp32Snapshot

user32

DdeConnect
DdeGetLastError
DdeFreeStringHandle
DdeDisconnect
LoadMenuA
GetSubMenu
IsWindowVisible
SetMenuDefaultItem
EnableMenuItem
GetCursorPos
SetForegroundWindow
DdeCreateStringHandleA
GetWindowTextA
PostMessageA
ExitWindowsEx
GetMenuItemID
PtInRect
GetClientRect
PostQuitMessage
GetSystemMenu
AppendMenuA
LoadIconA
PeekMessageA
DdeUninitialize
DdeClientTransaction
TrackPopupMenu
InvalidateRect
EnableWindow
SetTimer
SendMessageA
SetCapture
KillTimer
GetParent
GetWindowRect
EnumWindows
SetWindowLongA
ReleaseCapture
LoadCursorA
SetCursor
IsWindow

gdi32

GetStockObject

advapi32

RegQueryValueExA
CreateServiceA
StartServiceA
OpenSCManagerA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
InitializeSecurityDescriptor
InitializeAcl
LookupAccountNameA
SetSecurityDescriptorDacl
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

Shell_NotifyIconA
DragQueryPoint
DragQueryFileA
DragFinish
ShellExecuteA

oleaut32

VariantClear

wsock32

WSAAsyncSelect
bind
socket
recvfrom
closesocket
sendto
WSASetLastError
listen
send
inet_addr
accept
connect
__WSAFDIsSet
select
WSAGetLastError
ntohl
htonl
recv
ioctlsocket
gethostbyname
htons

snmpapi

SnmpUtilOidNCmp
SnmpUtilOidFree
SnmpUtilOidCpy

iphlpapi

_PfDeleteInterface@4
GetAdaptersInfo

psapi

GetModuleFileNameExA

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 328KB - Virtual size: 326KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18f5fc32a3dd44a7d3af54c06a3a9c79

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

oleaut32

wsock32

snmpapi

iphlpapi

psapi

rpcrt4

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 279KB

.rsrc Size: 328KB - Virtual size: 326KB

.vmp0 Size: 80KB - Virtual size: 78KB

.reloc Size: 4KB - Virtual size: 536B

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 279KB

.rsrc
Size: 328KB - Virtual size: 326KB

.vmp0
Size: 80KB - Virtual size: 78KB

.reloc
Size: 4KB - Virtual size: 536B