a5c465f4687a4e827eef68e161a3ad0893cbfc387c52d9cbb786db058a741435

Sharing

Copy URL Twitter E-mail

General

Target

a5c465f4687a4e827eef68e161a3ad0893cbfc387c52d9cbb786db058a741435
Size

260KB
MD5

5470dae4424b7bcd2c666ba0c25a2e7d
SHA1

ad52733ac449bb14943825db09944afa4f51b3bd
SHA256

a5c465f4687a4e827eef68e161a3ad0893cbfc387c52d9cbb786db058a741435
SHA512

8174a353424d3af52cc2021ff414950a0c207d8eb5ac1179556a0c0dbb3cd3ced94ed792469bc0f655d169c86f477e27bf5ee50c22d46bcaa414bb7e40cfa19f
SSDEEP

3072:iQOPbEm8mPE3JgOB7oZC8HNR+1HE/MNRTOZrOn:uP2JJgOg+xzTOZr6

Score

N/A

Malware Config

Signatures

Files

a5c465f4687a4e827eef68e161a3ad0893cbfc387c52d9cbb786db058a741435
.dll windows x86

9b92c0fafa44cb01e549c9297e33d2b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

zwuinfo

ord14

miofms

ord1
ord4

zwgregen

ord530
ord469
ord397
ord466
ord789
ord191
ord378
ord80
ord655
ord677
ord676
ord636
ord590
ord598
ord790
ord528
ord222
ord335
ord358
ord357
ord337
ord360
ord325
ord334
ord324
ord347
ord330
ord192
ord374
ord444
ord484
ord410
ord541
ord198
ord144
ord202
ord176
ord181
ord193
ord186
ord443
ord412
ord413
ord543
ord175

zwsgutil

ord5

zwplotsetting

ord217
ord56
ord191
ord585
ord526
ord727
ord519
ord682
ord420
ord780
ord436
ord1204
ord1137
ord1369
ord1126
ord1319
ord1017
ord288
ord58
ord192
ord619
ord691
ord343
ord692
ord344
ord693
ord404
ord493
ord1244
ord1328
ord1329
ord1385
ord313
ord889
ord890
ord763
ord59
ord194
ord788
ord1100
ord498
ord858
ord857
ord854
ord856
ord855
ord850
ord811
ord810
ord852
ord851
ord846
ord869
ord847
ord842
ord841
ord840
ord839
ord838
ord836
ord837
ord835
ord831
ord833
ord827
ord1098
ord496
ord1056
ord1063
ord1245
ord461
ord468
ord620
ord621
ord61
ord844
ord824
ord834
ord832
ord826
ord843
ord823
ord830
ord829
ord828
ord825
ord822
ord820
ord862
ord865
ord863
ord864
ord819
ord818
ord817
ord816
ord868
ord867
ord812
ord853
ord791
ord790
ord815
ord814
ord813
ord287
ord804
ord803
ord802
ord801
ord796
ord798
ord797
ord800
ord799
ord870
ord880
ord792
ord809
ord821
ord793
ord1454
ord1016
ord1123
ord1366
ord1150
ord1362
ord1316
ord1134
ord1199
ord419
ord516
ord724
ord535
ord719
ord679
ord523
ord581
ord189
ord12
ord78
ord1096
ord7
ord1015
ord1419
ord881
ord879
ord861
ord860
ord794
ord795
ord859
ord866
ord876
ord873
ord872
ord875
ord874
ord871
ord878
ord877
ord807
ord808
ord806
ord805
ord849
ord845
ord848
ord1099

zwreghelper

ord37

mfc100

ord14058
ord14060
ord14061
ord14059
ord2417
ord7349
ord2878
ord2881
ord12535
ord5534
ord2742
ord3738
ord915
ord5821
ord8235
ord968
ord1900
ord381
ord5803
ord8305
ord11107
ord2416
ord12531
ord5532
ord2752
ord2973
ord2974
ord3620
ord9475
ord10360
ord10007
ord8137
ord11067
ord946
ord6678
ord6314
ord3354
ord3253
ord8554
ord10030
ord1210
ord788
ord1317
ord1480
ord1483
ord1313
ord12962
ord2611
ord7871
ord300
ord310
ord1292
ord3499
ord2194
ord11421
ord4398
ord4419
ord4377
ord4385
ord4389
ord4393
ord4373
ord11188
ord11190
ord14062
ord14045
ord13972
ord13973
ord8222
ord11025
ord3395
ord10883
ord13294
ord8070
ord11154
ord6217
ord9994
ord8351
ord2847
ord12644
ord1496
ord1503
ord1509
ord1507
ord1514
ord4410
ord4381
ord4415
ord4406
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord11060
ord3484
ord2945
ord2944
ord2846
ord11103
ord5123
ord5444
ord9286
ord5777
ord895
ord3390
ord316
ord322
ord7581
ord7322
ord1316
ord13518
ord1448
ord5242
ord305
ord2626
ord901
ord266
ord265
ord1201
ord761
ord6671
ord2003
ord3871
ord1987
ord918
ord6293
ord1929
ord1294
ord6634
ord6641
ord7141
ord1288
ord7584
ord7510
ord11726
ord13767
ord4724
ord2163
ord11420
ord13301
ord7073
ord13299
ord8486
ord3676
ord3618
ord11806
ord7091
ord1732
ord14075
ord10922
ord13181
ord11413
ord7144
ord13483
ord13480
ord13485
ord13482
ord13484
ord13481
ord3409
ord5238
ord11172
ord11180
ord7355
ord9449
ord11184
ord11153
ord11787
ord4622
ord4903
ord5095
ord8439
ord4881
ord5098
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9281
ord8304
ord6112
ord888
ord6835
ord1296
ord906
ord2090
ord2052
ord2050
ord2079
ord1979
ord2040
ord3406
ord408
ord1948
ord2089
ord2087
ord1940
ord1867
ord323
ord1297
ord342

msvcr100

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
strcpy_s
_mbsrchr
_splitpath
_makepath
_CIsqrt
memset
_mbslen
_mbsnextc
_mbsninc
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
ftell
fgetc
fseek
fwrite
calloc
asctime
getenv
fopen
feof
fread
fclose
strtok
atoi
atof
sprintf
malloc
free
isdigit
_purecall
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_mbsnbcpy
_time64
_localtime64
strstr
bsearch
memcpy
_stricmp
__CxxFrameHandler3

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
LocalAlloc
LocalFree
GetModuleHandleExA
GetCurrentProcess
FlushInstructionCache
VirtualProtectEx
UnmapViewOfFile
SetFilePointer
SetEndOfFile
GetFileSizeEx
CreateFileMappingA
MapViewOfFile
GetVersionExA
GetModuleHandleA
GetProcAddress
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
CreateFileA
GetLastError
CreateFileW
MultiByteToWideChar
GetVersion
GetModuleFileNameA
GetSystemInfo

user32

LoadIconW
EnableWindow
GetClientRect
IsIconic
SendMessageA
DrawIcon
FillRect
MessageBoxA
GetSystemMetrics

gdi32

SetPixel
Polygon
Polyline
CreateMetaFileA
SetStretchBltMode
StretchDIBits
CloseMetaFile
GetMetaFileBitsEx
DeleteMetaFile
CreateDIBSection
CreateCompatibleDC
SetMapMode
SetWindowExtEx
SetWindowOrgEx
SetViewportExtEx
SetViewportOrgEx
SetPolyFillMode
GetStockObject
SelectObject
DeleteObject
DeleteDC

advapi32

GetUserNameA

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b92c0fafa44cb01e549c9297e33d2b3

Headers

DLL Characteristics

File Characteristics

Imports

zwuinfo

miofms

zwgregen

zwsgutil

zwplotsetting

zwreghelper

mfc100

msvcr100

kernel32

user32

gdi32

advapi32

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 125KB - Virtual size: 127KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 125KB - Virtual size: 127KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB