b09172b2435afb467643e3619613aa0c79107d89f39bb444588cb502488c4d3b

Sharing

Copy URL Twitter E-mail

General

Target

b09172b2435afb467643e3619613aa0c79107d89f39bb444588cb502488c4d3b
Size

54KB
MD5

f2082e87a12586d16d293d2988aa7552
SHA1

595dd410a2fd18beb30c2fe1f885b4f134c77ce4
SHA256

b09172b2435afb467643e3619613aa0c79107d89f39bb444588cb502488c4d3b
SHA512

d9fa132f24035c6c768211d0c76d5f6f58ea379930146efc62daacf514b3fdab28a10a1b77cee66587fab48282edd27df5a06eae4e2244217f7190bce1a61d1b
SSDEEP

768:5vtPbZOGEdV8WcjcseMNKiz/qD/2zJ4yNB7vpeHwOX:59Z/6VdcjcUNKi+72zJBNB7MHwOX

Score

N/A

Malware Config

Signatures

Files

b09172b2435afb467643e3619613aa0c79107d89f39bb444588cb502488c4d3b
.exe windows x86

85860eaa393c8a1c6ee701471110d38a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rtl60.bpl

@System@initialization$qqrv
@System@Finalization$qqrv
@System@@LStrSetLength$qqrv
@System@@LStrCmp$qqrv
@System@@LStrCat3$qqrv
@System@@LStrCat$qqrv
@System@@LStrFromPChar$qqrr17System@AnsiStringpc
@System@@LStrAsg$qqrpvpxv
@System@@LStrClr$qqrpv
@System@@HandleFinally$qqrv
@System@TObject@$bdtr$qqrv
@System@TObject@$bctr$qqrv
@System@ParamStr$qqri
@Types@initialization$qqrv
@Types@Finalization$qqrv
@Sysconst@initialization$qqrv
@Sysconst@Finalization$qqrv
@Sysutils@initialization$qqrv
@Sysutils@Finalization$qqrv
@Sysutils@FileExists$qqrx17System@AnsiString
@Varutils@initialization$qqrv
@Varutils@Finalization$qqrv
@Variants@initialization$qqrv
@Variants@Finalization$qqrv
@Rtlconsts@initialization$qqrv
@Rtlconsts@Finalization$qqrv
@Typinfo@initialization$qqrv
@Typinfo@Finalization$qqrv
@Activex@initialization$qqrv
@Activex@Finalization$qqrv
@Classes@initialization$qqrv
@Classes@Finalization$qqrv
@Classes@TStringList@$bdtr$qqrv
@Classes@TStrings@$bdtr$qqrv
@Classes@TPersistent@$bdtr$qqrv
@Classes@TStringList@
@Inifiles@initialization$qqrv
@Inifiles@Finalization$qqrv
@Registry@initialization$qqrv
@Registry@Finalization$qqrv
@Registry@TRegistry@ValueExists$qqrx17System@AnsiString
@Registry@TRegistry@ReadString$qqrx17System@AnsiString
@Registry@TRegistry@WriteString$qqrx17System@AnsiStringt1
@Registry@TRegistry@DeleteValue$qqrx17System@AnsiString
@Registry@TRegistry@OpenKey$qqrx17System@AnsiStringo
@Registry@TRegistry@SetRootKey$qqrui
@Registry@TRegistry@CloseKey$qqrv
@Registry@TRegistry@$bdtr$qqrv
@Registry@TRegistry@$bctr$qqrui
@Registry@TRegistry@

advapi32

GetUserNameA

kernel32

CreateMutexA
GetComputerNameA
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
Sleep

wsock32

WSACleanup
WSAStartup
gethostbyname
gethostname

user32

GetAsyncKeyState
GetForegroundWindow
GetWindowTextA

cc3260mt

@$bdele$qpv
@_InitTermAndUnexPtrs$qv
___CRTL_MEM_UseBorMM
___CRTL_TLS_Alloc
___CRTL_TLS_ExitThread
___CRTL_TLS_Free
___CRTL_TLS_GetValue
___CRTL_TLS_InitThread
___CRTL_TLS_SetValue
____ExceptionHandler
__argc
__argv
__argv_default_expand
__exitargv
__handle_exitargv
__handle_setargv
__handle_wexitargv
__handle_wsetargv
__matherr
__matherrl
__setargv
__startup
__wargv_default_expand
_clock
_ctime
_exit
_fclose
_fopen
_fputs
_memcpy
_memset
_sprintf
_time
_vsnprintf

wininet

FtpPutFileA
FtpSetCurrentDirectoryA
InternetCloseHandle
InternetConnectA
InternetOpenA

Exports

Exports

__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85860eaa393c8a1c6ee701471110d38a

Headers

File Characteristics

Imports

rtl60.bpl

advapi32

kernel32

wsock32

user32

cc3260mt

wininet

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 28KB

.data Size: 14KB - Virtual size: 16KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 27KB - Virtual size: 28KB

.data
Size: 14KB - Virtual size: 16KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 4KB