c4339fda35fc367220584c2d94312d66d41751c07996d485d468004e48a9e825

Sharing

Copy URL Twitter E-mail

General

Target

c4339fda35fc367220584c2d94312d66d41751c07996d485d468004e48a9e825
Size

107KB
MD5

1d1a2b065a61ac2f94c49dd5cd0ccaa7
SHA1

355c26ef41012690cafc8b7abf21b0177dad2595
SHA256

c4339fda35fc367220584c2d94312d66d41751c07996d485d468004e48a9e825
SHA512

7fb609a9257372a7076662cc047d794e798bcba2c942eb8836d8b6131310ed2c40caae635354cd5de381445b0567d5bf0638835cb9065dd4cfc740b9e7baa128
SSDEEP

3072:rCoRPmnmQhC7avAA3ztomQGmsoNl/3GeZ95Os:rhCmQhC+vAA3z2mQGmXRWO9

Score

N/A

Malware Config

Signatures

Files

c4339fda35fc367220584c2d94312d66d41751c07996d485d468004e48a9e825
.exe windows x86

6d8dfbaa34d7f3dd9efefedf5eb44ea8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140

ord559
ord2064
ord10790
ord12405
ord12481
ord5622
ord5621
ord11749
ord14640
ord8279
ord14458
ord11598
ord6988
ord11083
ord11596
ord11597
ord6989
ord5429
ord12124
ord1785
ord11379
ord12050
ord13940
ord1187
ord7478
ord1791
ord13939
ord2172
ord8188
ord4865
ord7853
ord9166
ord10202
ord5937
ord14404
ord8099
ord7300
ord828
ord5519
ord13422
ord12493
ord2888
ord4137
ord10246
ord3055
ord1778
ord9031
ord11224
ord9428
ord9360
ord9361
ord11439
ord10248
ord2688
ord8857
ord8875
ord9358
ord10313
ord9045
ord10471
ord11364
ord11150
ord11751
ord1357
ord13091
ord12726
ord4864
ord5175
ord4767
ord2767
ord9341
ord5823
ord12356
ord14574
ord2942
ord5753
ord7323
ord7148
ord1661
ord316
ord1044
ord4807
ord8426
ord6540
ord3874
ord6463
ord5742
ord3933
ord12067
ord5911
ord13628
ord14149
ord3830
ord12032
ord8173
ord3159
ord3396
ord3395
ord4084
ord10421
ord11343
ord10963
ord8997
ord1109
ord9167
ord2758
ord13677
ord6193
ord12074
ord12162
ord12194
ord8180
ord12182
ord5894
ord3844
ord366
ord1070
ord8421
ord13830
ord13189
ord6323
ord14582
ord6324
ord14583
ord6322
ord14581
ord7964
ord12474
ord14380
ord1860
ord11927
ord11928
ord2027
ord11972
ord12189
ord7905
ord12888
ord4082
ord4143
ord9353
ord14507
ord7886
ord14509
ord12484
ord12485
ord2484
ord10096
ord10099
ord5336
ord8285
ord4450
ord7961
ord12806
ord12869
ord10383
ord12190
ord8347
ord7618
ord8429
ord13333
ord13872
ord816
ord2298
ord2297
ord12475
ord1380
ord877
ord3014
ord14448
ord2301
ord2316
ord2200
ord1111
ord6507
ord462
ord12116
ord9192
ord7461
ord1909
ord6832
ord994
ord1469
ord4581
ord7910
ord7963
ord7988
ord5250
ord7641
ord8420
ord2799
ord12948
ord11838
ord14131
ord8931
ord9165
ord8438
ord14223
ord12526
ord7275
ord13996
ord13984
ord2855
ord5588
ord6174
ord9038
ord5556
ord12518
ord11199
ord8355
ord7620
ord2840
ord13293
ord2556
ord12361
ord12601
ord4693
ord9438
ord4080
ord14425
ord10203
ord11086
ord11087
ord9318
ord11689
ord9933
ord5728
ord6922
ord6166
ord1896
ord12629
ord14441
ord6316
ord13757
ord12037
ord4130
ord10382
ord8381
ord10671
ord9179
ord11780
ord11779
ord11730
ord9968
ord9955
ord11769
ord10208
ord10975
ord5238
ord12728
ord12477
ord11473
ord12953
ord5018
ord9144
ord11354
ord10087
ord5423
ord5741
ord11436
ord9359
ord9362
ord11360
ord11140
ord10229
ord3398
ord3922
ord11218
ord9157
ord3853
ord6125
ord10288
ord2717
ord12907
ord5357
ord5349
ord5571
ord10929
ord10976
ord11219
ord5766
ord874
ord7324
ord7145
ord10928
ord11193
ord11434
ord9444
ord1385
ord7582
ord2383
ord6237
ord321
ord2560
ord4490
ord13475
ord9213
ord11339
ord12163
ord3825
ord8266
ord11223
ord11226
ord9463
ord9478
ord9468
ord9940
ord9944
ord9480
ord11066
ord10458
ord8880
ord8870
ord11692
ord11070
ord8968
ord11094
ord10000
ord10001
ord2679
ord6847
ord9183
ord12031
ord9421
ord10101
ord376
ord9481
ord1076
ord908
ord1401
ord7135
ord6564
ord4217
ord9090
ord12048
ord7476
ord5961
ord3842
ord3814
ord13581
ord5734
ord4066
ord855
ord4092
ord3402
ord6874
ord1374
ord1783
ord4374
ord4011
ord5931
ord9307
ord11746
ord4372
ord982
ord8435
ord1456
ord13702
ord9312
ord12735
ord11371
ord2597
ord3928
ord5732
ord11179
ord9294
ord866
ord1383
ord853
ord12469
ord1372
ord1848
ord7315
ord857
ord11454
ord2068
ord10794
ord12423
ord8365
ord12156
ord14506
ord11382
ord9180
ord9208
ord12061
ord7885
ord1376
ord9164
ord7578
ord7394
ord6823
ord12065
ord7613
ord6098
ord2381
ord2376
ord6724
ord12291
ord14518
ord12348
ord14571
ord3230
ord4841
ord14054
ord3271
ord11750
ord3837
ord5019
ord13635
ord13633
ord3827
ord779
ord1317
ord8333
ord13378
ord758
ord14020
ord13224
ord4365
ord1304
ord754
ord3210
ord13555
ord1300
ord634
ord1238
ord13408
ord4427
ord7990
ord7700
ord562
ord4019
ord2065
ord4377
ord4342
ord10791
ord12406
ord11440
ord4469
ord14150
ord3052
ord14252
ord11363
ord12126
ord8362
ord14504
ord9174
ord9309
ord9197
ord12052
ord7773
ord7883
ord11457
ord9162
ord9674
ord11745
ord11380
ord11451
ord8791
ord2055
ord8387
ord12902
ord3318
ord3429
ord1189
ord5727
ord9262
ord11632
ord7481
ord789
ord4462
ord7278
ord13913
ord2125
ord8649
ord8488
ord8513
ord14044
ord6157
ord4157
ord7325
ord875
ord11691
ord9627
ord11317
ord10267
ord9452
ord11285
ord10247
ord11127
ord11753
ord11425
ord10971
ord10352
ord10449
ord11170
ord11165
ord11160
ord11311
ord10206
ord1386

kernel32

GetCurrentThreadId
GetProcAddress
LoadLibraryA
GetLastError
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
CloseHandle
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

SetRectEmpty
GetMessageA
PostThreadMessageA
SetRect
EnableWindow
UpdateWindow
ClientToScreen
GetInputState
GetDC
SendMessageA

comctl32

InitCommonControlsEx

vcruntime140

_CxxThrowException
memcpy
memset
_purecall
__current_exception
__current_exception_context
_except_handler4_common
__CxxFrameHandler3

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
terminate
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_initialize_onexit_table
_exit
exit
_initterm_e
_initterm
_get_narrow_winmain_command_line
_register_thread_local_exe_atexit_callback
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
_setmbcp

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d8dfbaa34d7f3dd9efefedf5eb44ea8

Headers

DLL Characteristics

File Characteristics

Imports

mfc140

kernel32

user32

comctl32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 43KB - Virtual size: 44KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 43KB - Virtual size: 44KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 6KB - Virtual size: 5KB