d188ed611b8317d47e9c06fad3259de15454e4152d7df2a47df61e76e859ceea

Sharing

Copy URL Twitter E-mail

General

Target

d188ed611b8317d47e9c06fad3259de15454e4152d7df2a47df61e76e859ceea
Size

84KB
MD5

b37559e7853658a20d904a4c4155cbca
SHA1

ab25adeca43e6ad1f41aea2f2010eb434804d92b
SHA256

d188ed611b8317d47e9c06fad3259de15454e4152d7df2a47df61e76e859ceea
SHA512

e663d6a547ec4f88443e808d56a2376ef8c2e54db3a75e22fdb622ffd203a461f57018c2ec3094469d7acf909754827b8210a5ef2f4a044f6cbc76cb7e3570fb
SSDEEP

1536:Ikr6Jum1kq9BDytVMu5u9Yh794i+leQwlHJpI5Up:Ikr6Aq9c5dXJp

Score

N/A

Malware Config

Signatures

Files

d188ed611b8317d47e9c06fad3259de15454e4152d7df2a47df61e76e859ceea
.dll windows x86

27334fd496250350ac07c6951dab2329

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3790
ord535
ord3811
ord2820
ord939
ord823
ord4171
ord5683
ord4277
ord924
ord941
ord356
ord6139
ord2770
ord2781
ord4058
ord3178
ord858
ord4129
ord3584
ord543
ord803
ord818
ord567
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord537
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord1182
ord1253
ord798
ord533
ord536
ord3319
ord3310
ord3337
ord668
ord860
ord540
ord2818
ord2915
ord825
ord610
ord287
ord800
ord1168

msvcrt

malloc
free
strncmp
atoi
atof
strncpy
strchr
_ftol
_adjust_fdiv
_initterm
_onexit
__dllonexit
strtok
strstr
_itoa
_mbscmp
fwrite
fopen
_stat
fseek
fread
fclose
_except_handler3
exit
__CxxFrameHandler
sprintf
realloc

kernel32

CreateProcessA
GetExitCodeThread
SuspendThread
CreateMutexA
GetLastError
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
FileTimeToSystemTime
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
lstrcatA
lstrcpyA
SetPriorityClass
GetCurrentThread
SetThreadPriority
ResumeThread
Process32First
Process32Next
GlobalMemoryStatus
GetWindowsDirectoryA
GetSystemInfo
GetTickCount
GetVersion
GetCurrentProcess
CreateDirectoryA
FindFirstFileA
FindClose
GetDriveTypeA
GetVersionExA
CreateToolhelp32Snapshot
Module32First
DeleteFileA
TerminateThread
CloseHandle
CreateThread
Sleep
WaitForSingleObject
GetSystemDirectoryA
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection

user32

keybd_event
GetProcessWindowStation
GetDC
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
ExitWindowsEx
SendMessageA
mouse_event
IsWindow
MoveWindow
SetWindowLongA
PostThreadMessageA
GetMessageA
EnableWindow
GetDesktopWindow
CloseWindowStation
MessageBoxA
CloseDesktop
SetThreadDesktop

gdi32

GetObjectA
GetDIBits
CreateDCA
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
CreateCompatibleDC

advapi32

RegQueryValueA
StartServiceA
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
EnumServicesStatusA
QueryServiceConfigA
RegOpenKeyA
RegQueryValueExA
GetUserNameA
CloseServiceHandle
RegDeleteKeyA
DeleteService
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegCloseKey
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

urlmon

URLDownloadToFileA

avicap32

capCreateCaptureWindowA

msvfw32

ICInfo
ICOpen
ICSendMessage
ICSeqCompressFrameStart
ICSeqCompressFrame

winmm

waveInStart
waveInOpen
waveInReset
waveInClose
waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
timeGetTime

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

ws2_32

recvfrom
sendto
closesocket
recv
select
WSACloseEvent
WSAGetLastError
WSASend
WSAGetOverlappedResult
WSAResetEvent
WSAWaitForMultipleEvents
WSACreateEvent
connect
socket
htons
inet_addr
WSAStartup
WSACleanup
gethostname
send
inet_ntoa
gethostbyname
accept
listen
bind
htonl
ntohs

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TKRC_SER
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27334fd496250350ac07c6951dab2329

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

urlmon

avicap32

msvfw32

winmm

msvcp60

ws2_32

Sections

.text Size: 48KB - Virtual size: 45KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 24KB

TKRC_SER Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 48KB - Virtual size: 45KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 24KB

TKRC_SER
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB