6377cef389655f79ac33ce07db272e16fef53782bb6f696173e9729b4845ef8b

Sharing

Copy URL Twitter E-mail

General

Target

6377cef389655f79ac33ce07db272e16fef53782bb6f696173e9729b4845ef8b
Size

1024KB
MD5

9fffa9935e3ddbf0e54507b17a594f84
SHA1

0d4c11f0898fb778ca75e28c24845ba0a0f29a06
SHA256

6377cef389655f79ac33ce07db272e16fef53782bb6f696173e9729b4845ef8b
SHA512

a32c882f90b64868f9dc532e882f6f3d65d19cc29eee973bd1a7888ec5f4a421710706699d2df992cd228baee75bf18668c1f77a6b40f73dbdb2312e2c53754e
SSDEEP

24576:FvSgKGAdZUWbHxdMqz8CD+9PeJUhkYIXUFdG66E1066rqZ1NJXuNkZbi2:FxKd0YDr5kE2

Score

N/A

Malware Config

Signatures

Files

6377cef389655f79ac33ce07db272e16fef53782bb6f696173e9729b4845ef8b
.exe windows x86

d2a9ba8dadeb1556aff2e0bedca868c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord539
ord922
ord2781
ord4058
ord4215
ord3181
ord3178
ord4129
ord939
ord924
ord2863
ord2289
ord4853
ord2725
ord1134
ord2621
ord2086
ord815
ord561
ord3738
ord4622
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord4376
ord4287
ord2642
ord3698
ord6334
ord2370
ord860
ord765
ord2818
ord5572
ord537
ord6928
ord6930
ord2915
ord1146
ord567
ord3721
ord4424
ord3402
ord5290
ord1776
ord6055
ord2379
ord1168
ord5277
ord6215
ord1768
ord4710
ord4234
ord2302
ord324
ord641
ord795
ord3597
ord825
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord5265
ord540
ord4160
ord800
ord356
ord2770
ord668
ord823
ord1576

msvcrt

_beginthreadex
strlen
sprintf
_vsnprintf
strchr
__CxxFrameHandler
??1type_info@@UAE@XZ
_setmbcp
_CxxThrowException
_stricmp
_callnewh
atoi
strcmp
memset
wcsncat
wcsncpy
wcsstr
wcschr
_wtoi
_mbsnbicmp
_mbsnbcmp
_strnicmp
_wcsnicmp
wcsncmp
strncmp
isspace
isalnum
__dllonexit
sscanf
fputc
fseek
ftell
fread
fclose
fprintf
atof
_purecall
fopen
memmove
wcsrchr
wcscmp
wcslen
swprintf
__p___argc
__p___argv
strrchr
_mbsicmp
_mbscmp
_mbsnbcpy
_local_unwind2
strstr
strcat
_snwprintf
_vsnwprintf
isupper
tolower
isxdigit
malloc
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
isalpha
_snprintf
strncpy
_mbschr
memcpy
strcpy
strncat
_except_handler3
strtok
free
memcmp
_mbstok

kernel32

GetTickCount
lstrlenA
GetFileAttributesA
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleA
GetProcAddress
GetVersion
ExpandEnvironmentStringsA
CreateFileA
DeleteFileA
GetModuleFileNameA
FindFirstFileA
FindClose
CopyFileA
Sleep
WaitForSingleObject
TerminateThread
GetLastError
WaitForMultipleObjects
ReleaseMutex
CloseHandle
InitializeCriticalSection
UnmapViewOfFile
EnterCriticalSection
LeaveCriticalSection
FindNextFileA
MoveFileA
SetFileAttributesA
RemoveDirectoryA
ReadFile
ConnectNamedPipe
CreateNamedPipeA
LoadLibraryExA
VerifyVersionInfoA
ExpandEnvironmentStringsW
GetStartupInfoA
MapViewOfFile
OpenFileMappingA
CreateMutexA
lstrcatA
SizeofResource
LockResource
LoadResource
FindResourceA
FreeLibrary
LoadLibraryA
GetExitCodeProcess
TerminateProcess
CreateProcessA
SetLastError
GetVersionExA
VerifyVersionInfoW
VerSetConditionMask
lstrcpyA
GetCurrentProcess
GetCurrentThread
OpenEventA
HeapFree
HeapAlloc
GetProcessHeap
OpenMutexA
OutputDebugStringA
OutputDebugStringW
LocalFree
GlobalFree
lstrcpynA
GlobalAlloc
VirtualAlloc
SuspendThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualProtect
InterlockedCompareExchange
VirtualQuery
lstrlenW
Thread32Next
OpenThread
Thread32First
GetCurrentThreadId
GetCurrentProcessId
CreateToolhelp32Snapshot
GetSystemDefaultLangID
WriteFile
SetThreadLocale
CompareFileTime
SystemTimeToFileTime
GetSystemTime
ResumeThread
CreateEventA
Process32Next
OpenProcess
lstrcmpiA
Process32First
GetModuleHandleW
SetEvent
LocalAlloc
lstrcpyW
DeleteCriticalSection
lstrcmpA

user32

FindWindowA
GetSystemMenu
EnableMenuItem
MessageBoxA
DestroyWindow
GetWindowRect
IsWindow
wsprintfA
EnableWindow
KillTimer
SetTimer
PostMessageA
GetWindowLongA
SetWindowLongA
SendMessageA
LoadIconA
SetWindowPos

advapi32

RegCreateKeyA
RegEnumValueA
RegEnumKeyExA
RegQueryInfoKeyA
ControlService
QueryServiceStatus
StartServiceA
CreateServiceA
SetSecurityDescriptorSacl
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
FreeSid
EqualSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
ConvertSidToStringSidA
RegCreateKeyExA
GetNamedSecurityInfoA
GetExplicitEntriesFromAclA
SetEntriesInAclA
SetNamedSecurityInfoA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
GetUserNameA
LookupAccountNameA
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
AllocateAndInitializeSid
RegCloseKey

shell32

SHChangeNotify
SHGetSpecialFolderPathA
ShellExecuteA
SHFileOperationA

ole32

CoInitialize
CLSIDFromProgID
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VariantInit
CreateErrorInfo
VariantClear
SysAllocString
GetErrorInfo
SetErrorInfo
VariantChangeType

wininet

InternetReadFile
HttpSendRequestA
InternetSetOptionA
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
InternetQueryOptionA
InternetSetCookieA

crypt32

CryptDecodeObject
CryptQueryObject
CryptMsgGetParam
CryptMsgClose
CertGetNameStringA
CertNameToStrA
CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertOpenSystemStoreW

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?nothrow@std@@3Unothrow_t@1@B
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0Init@ios_base@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z

shlwapi

StrStrIA
PathFileExistsA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupIterateCabinetA

dbghelp

ImageDirectoryEntryToDataEx

ws2_32

WSAStartup
WSACleanup
setsockopt
htons
connect
send
WSAGetLastError
select
recv
socket
inet_addr
closesocket
sendto
ntohs
htonl

psapi

GetProcessImageFileNameW
GetModuleFileNameExW

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2a9ba8dadeb1556aff2e0bedca868c8

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

wininet

crypt32

msvcp60

shlwapi

version

setupapi

dbghelp

ws2_32

psapi

Sections

.text Size: 204KB - Virtual size: 201KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 180KB - Virtual size: 208KB

.rsrc Size: 708KB - Virtual size: 706KB

.text
Size: 204KB - Virtual size: 201KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 180KB - Virtual size: 208KB

.rsrc
Size: 708KB - Virtual size: 706KB