9904413714fd541b766380c4d7a8f4a194733187e989327871df238a69234f88

Sharing

Copy URL Twitter E-mail

General

Target

9904413714fd541b766380c4d7a8f4a194733187e989327871df238a69234f88
Size

688KB
MD5

4c73f133bd8fba535d91a780d5b216ad
SHA1

26c3cfb54e2c8378d8d0bbe074e63fda7e15a519
SHA256

9904413714fd541b766380c4d7a8f4a194733187e989327871df238a69234f88
SHA512

d958a5fdbde923b6a404a120236ddf052b49a253bed58441b390a28d1c67435dbbf1907e5b06757474ec09f4f6782db325477734e1fd0446702d9dbe8a928e0c
SSDEEP

12288:NiNP3izSZyQFfgifiBxFfgifiv1LZxDZtEZxhFZvwHtqmvw6y9H:WfizWoToZxwxxoK9H

Score

N/A

Malware Config

Signatures

Files

9904413714fd541b766380c4d7a8f4a194733187e989327871df238a69234f88
.exe windows x86

daef2067c962acea341b65841914aa8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avicap32

capGetDriverDescriptionA

msvfw32

ICSendMessage

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

kernel32

lstrcmpiA
Process32First
CreateToolhelp32Snapshot
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemInfo
SetErrorMode
SetFileAttributesA
CopyFileA
GetModuleFileNameA
GetStartupInfoA
OpenProcess
CreateEventA
SetEvent
GetModuleHandleA
LeaveCriticalSection
GetProcAddress
LoadLibraryA
ResetEvent
lstrcpyA
InterlockedExchange
Process32Next
GetLocalTime
Sleep
CreateThread
GetCurrentProcessId
HeapAlloc
GetProcessHeap
lstrlenA
GetPrivateProfileSectionNamesA
lstrcatA
GetWindowsDirectoryA
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
OutputDebugStringA
DeleteFileA
GetLastError
CreateDirectoryA
GetFileAttributesA
FindClose
LocalFree
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
CloseHandle
MultiByteToWideChar
CreateProcessA
MoveFileA
WriteFile
SetFilePointer
ReadFile
CreateFileA
GetTickCount
GetFileSize

user32

GetUserObjectInformationA
OpenInputDesktop
wsprintfA
CharNextA
ExitWindowsEx
GetWindowTextA
LoadCursorA
DestroyCursor
BlockInput
SystemParametersInfoA
SendMessageA
keybd_event
MapVirtualKeyA
GetThreadDesktop
WindowFromPoint
SetCursorPos
mouse_event
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetSystemMetrics
SetRect
GetDC
GetDesktopWindow
ReleaseDC
GetCursorInfo
GetCursorPos
GetWindowThreadProcessId
IsWindowVisible
EnumWindows
CloseDesktop
SetThreadDesktop
OpenDesktopA
PostMessageA
CreateWindowExA
CloseWindow
IsWindow
SetCapture

gdi32

SelectObject
CreateCompatibleDC
DeleteObject
DeleteDC
BitBlt
GetDIBits
CreateCompatibleBitmap
CreateDIBSection

advapi32

LookupAccountNameA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CreateServiceA
OpenServiceA
ControlService
DeleteService
CloseServiceHandle
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyA
RegEnumKeyExA
RegEnumValueA
OpenEventLogA
ClearEventLogA
CloseEventLog
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
LsaFreeMemory
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
RegOpenKeyExA
IsValidSid
RegCloseKey

shell32

SHGetSpecialFolderPathA

msvcrt

strrchr
memcpy
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
strlen
??0exception@@QAE@ABV0@@Z
_strcmpi
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
calloc
_beginthreadex
clock
printf
strncat
exit
puts
wcscpy
_errno
strncmp
??1type_info@@UAE@XZ
atoi
_except_handler3
free
malloc
strchr
strncpy
sprintf
rand
??2@YAPAXI@Z
__CxxFrameHandler
strstr
_ftol
ceil
memmove
??3@YAXPAX@Z

ws2_32

inet_addr
sendto
htonl
inet_ntoa
getsockname
bind
getpeername
accept
listen
send
__WSAFDIsSet
gethostname
gethostbyname
htons
connect
setsockopt
WSACleanup
WSAStartup
select
closesocket
recv
ntohs
recvfrom
socket

netapi32

NetUserAdd
NetLocalGroupAddMembers

psapi

EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 576KB - Virtual size: 575KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daef2067c962acea341b65841914aa8a

Headers

File Characteristics

Imports

avicap32

msvfw32

wininet

kernel32

user32

gdi32

advapi32

shell32

msvcrt

ws2_32

netapi32

psapi

wtsapi32

Sections

.text Size: 84KB - Virtual size: 83KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 12KB - Virtual size: 14KB

.rsrc Size: 576KB - Virtual size: 575KB

.text
Size: 84KB - Virtual size: 83KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 14KB

.rsrc
Size: 576KB - Virtual size: 575KB