c969ad042984c7a770243634f910cf89d7636f53564e2de07fa4326e4a4c4b8f

Sharing

Copy URL Twitter E-mail

General

Target

c969ad042984c7a770243634f910cf89d7636f53564e2de07fa4326e4a4c4b8f
Size

2.7MB
MD5

cdfd6cdd064622435b5b82bf6e8a11f3
SHA1

f6d389f2b7503e1da2aedfe8487d71df58303ea5
SHA256

c969ad042984c7a770243634f910cf89d7636f53564e2de07fa4326e4a4c4b8f
SHA512

ecddfcb3fdc1275177f9baa04fb387e1eee4a6348bc899bb71b0c46b2118c70a6acc80f26810144cf1bc54971f7e303b412835f08edf777c913c18ff0999de50
SSDEEP

49152:Vj8sI65cKwSnBO9P1X1ZG+Rddnf3zo0C6qLTjV:VpF1nBO9P1Fhd5qLV

Score

N/A

Malware Config

Signatures

Files

c969ad042984c7a770243634f910cf89d7636f53564e2de07fa4326e4a4c4b8f
.exe windows x86

ed1dbbfb18457d597c93fe52c1061381

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
select
recv
WSACleanup
WSAStartup
__WSAFDIsSet
setsockopt
send
shutdown
getpeername
inet_ntoa
getsockname
connect
socket
WSAAsyncSelect
bind
listen
WSAAsyncGetHostByName
gethostbyname
WSAGetLastError
inet_addr
htons
closesocket

winmm

timeGetTime
timeGetDevCaps
timeEndPeriod
timeBeginPeriod

imm32

ImmIsIME
ImmGetDescriptionA
ImmGetCandidateListA
ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

dsound

ord1

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
FreeResource
SizeofResource
ReleaseMutex
CreateMutexA
GetPrivateProfileStringA
GetVersion
CreateDirectoryA
GetFileAttributesA
GetACP
GetCommandLineW
GetExitCodeThread
WaitForSingleObject
ExitThread
lstrcpyA
lstrcatA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetPrivateProfileIntA
GlobalUnlock
MultiByteToWideChar
FindClose
FindFirstFileA
CreateEventA
GetModuleHandleA
lstrcmpA
GlobalAlloc
GlobalFree
GetLocaleInfoW
SetEnvironmentVariableA
SetEndOfFile
SetConsoleCtrlHandler
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetOEMCP
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
IsBadWritePtr
HeapCreate
HeapDestroy
GetCurrentProcess
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
FatalAppExitA
ExitProcess
GetCommandLineA
GetStartupInfoA
GetTimeZoneInformation
HeapReAlloc
HeapSize
RaiseException
RtlUnwind
HeapFree
HeapAlloc
WideCharToMultiByte
InterlockedExchange
DeviceIoControl
GetSystemInfo
VirtualQuery
FlushFileBuffers
VirtualAlloc
VirtualFree
GetFullPathNameA
UnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
IsDBCSLeadByte
GetVersionExA
LoadLibraryA
OutputDebugStringA
GetProcAddress
FreeLibrary
WriteFile
GetFileSize
SetFilePointer
ReadFile
lstrlenA
DeleteFileA
CreateFileA
CloseHandle
GetCurrentDirectoryA
CreateProcessA
SetUnhandledExceptionFilter
EnterCriticalSection
TerminateThread
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
DuplicateHandle
FindNextFileA
SetFileAttributesA
lstrcpynA
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualProtectEx
VirtualAllocEx
CreateRemoteThread
InitializeCriticalSection
GetLocalTime
CreateThread
FindResourceA
LoadResource
LockResource
GetSystemTime
GlobalLock
Sleep
LocalAlloc
LocalFree
VirtualFreeEx
GetSystemDirectoryA
ReadProcessMemory
IsBadReadPtr
SuspendThread
WriteProcessMemory
FlushInstructionCache
ResumeThread
TerminateProcess
Module32First
Module32Next
CreateFileMappingA
GetLastError
GetEnvironmentVariableA

user32

EndDialog
GetDlgItem
SetWindowLongA
GetWindowLongA
SetRect
OffsetRect
SetWindowTextA
MessageBeep
DialogBoxParamA
CreateIconFromResource
PtInRect
MessageBoxA
ChangeDisplaySettingsA
IntersectRect
UnionRect
LoadCursorFromFileA
GetKeyboardLayout
FindWindowExA
SetTimer
GetWindowTextA
wsprintfA
KillTimer
UnhookWindowsHookEx
DestroyCursor
RegisterClassA
FindWindowA
GetWindowRect
ShowCursor
SetFocus
CallNextHookEx
GetClientRect
ClientToScreen
GetUpdateRect
PostMessageA
IsIconic
GetKeyboardLayoutNameA
LoadIconA
LoadCursorA
RegisterClassExA
GetSystemMetrics
CreateWindowExA
ShowWindow
UpdateWindow
GetActiveWindow
EnumDisplaySettingsA
FillRect
PostQuitMessage
DestroyWindow
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
WaitMessage
DefWindowProcA
BeginPaint
EndPaint
InvalidateRect
SetWindowPos
GetDC
ReleaseDC
GetAsyncKeyState
SendMessageA
OpenClipboard
GetClipboardData
CloseClipboard
SetCursor
LoadImageA
wvsprintfA

gdi32

EnumFontFamiliesExA
Rectangle
CreatePen
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
DeleteDC
CreateSolidBrush
GetStockObject
AddFontResourceA
GetGlyphOutlineA
ExtTextOutA
CreateFontA
MoveToEx
LineTo
DeleteObject
CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
GetPixel
SetPixel
SelectObject
SetBkColor
SetBkMode
SetTextColor
SetTextAlign
TextOutA

shell32

ShellExecuteA
CommandLineToArgvW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

jpeg

jpeg_read_header
jpeg_finish_decompress
jpeg_read_scanlines
jpeg_stdio_src
jpeg_CreateDecompress
jpeg_std_error
jpeg_close_src
jpeg_open_src
jpeg_start_decompress
jpeg_destroy_decompress

mydivx

??0OGGAudio@@QAE@XZ
?SoundOGGSetPosition@OGGAudio@@QAEJMMM@Z
InitOGGSoundSystem
?PlayOGGAudio@OGGAudio@@QAEHPADNHNHMMM@Z
?StopOGGAudio@OGGAudio@@QAEHXZ
gOGGDSoundInfo
?SoundOGGVolume@OGGAudio@@QAEJJJ@Z
??1OGGAudio@@QAE@XZ
?Init@OGGAudio@@QAEJXZ
QuitOGGSoundSystem
?SoundOGGSetVolume@OGGAudio@@QAEJJ@Z

wininet

HttpOpenRequestA
InternetOpenA
HttpSendRequestExA
InternetConnectA

imagehlp

CheckSumMappedFile

advapi32

ControlService
DeleteService
OpenServiceA
StartServiceA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegFlushKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ed1dbbfb18457d597c93fe52c1061381

Headers

File Characteristics

Imports

ws2_32

winmm

imm32

ddraw

dsound

kernel32

user32

gdi32

shell32

ole32

jpeg

mydivx

wininet

imagehlp

advapi32

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 260KB - Virtual size: 6.9MB

.tls Size: 4KB - Virtual size: 196B

.data1 Size: 8KB - Virtual size: 6KB

.rsrc Size: 36KB - Virtual size: 32KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 260KB - Virtual size: 6.9MB

.tls
Size: 4KB - Virtual size: 196B

.data1
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 36KB - Virtual size: 32KB