99264029deb7698de2d390fc2cdc13b730f847722e1a7e0dff4890fad2f515b0

Sharing

Copy URL Twitter E-mail

General

Target

99264029deb7698de2d390fc2cdc13b730f847722e1a7e0dff4890fad2f515b0
Size

1.0MB
MD5

1095e485c4147bc9e9a0a797db3a2a54
SHA1

333f61d517d7a7ffc575858814150b9538686d38
SHA256

99264029deb7698de2d390fc2cdc13b730f847722e1a7e0dff4890fad2f515b0
SHA512

eb5c785a29bba3385a5f45cba1e9b138526cafd3e2875432eaf5226f8f83b368371bb04d23a9a405f0103dc2ca8f592509b18d65732c0f315ce4911665b4de96
SSDEEP

24576:xhwR/cck6Syja0Qfk8c0Xxn2xbyVT1ezzMa+wzO9EX:xhwWcFSa/8abyVTQzoa+wf

Score

N/A

Malware Config

Signatures

Files

99264029deb7698de2d390fc2cdc13b730f847722e1a7e0dff4890fad2f515b0
.exe windows x86

a4656db0fb1ac2cbb2021ce66a11175d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MoveFileExW
GetTickCount
MoveFileW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
GetCurrentProcessId
GetLocalTime
GetCurrentThreadId
CreateFileW
SetFilePointer
GetModuleFileNameW
WriteFile
LocalFree
WaitForSingleObjectEx
ResetEvent
SetEvent
DeviceIoControl
FormatMessageW
InterlockedExchangeAdd
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetLogicalDriveStringsW
GetProcessHeap
HeapAlloc
GetComputerNameExW
HeapFree
GetTempFileNameW
GetWindowsDirectoryW
GetCurrentDirectoryW
SetFileAttributesW
GetFileAttributesW
GetTempPathW
RemoveDirectoryW
lstrlenW
CreateDirectoryW
GetFileTime
CloseHandle
SetEndOfFile
SetFileTime
ReadFile
FindClose
FindNextFileW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetExitCodeProcess
CreateProcessW
WaitForMultipleObjects
OpenProcess
GetCurrentProcess
QueryDosDeviceW
MultiByteToWideChar
GetACP
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
ReleaseMutex
WaitForSingleObject
GetFileAttributesExW
GetLongPathNameW
FindFirstFileW
lstrcmpiW
GetModuleHandleW
FindResourceW
LoadResource
GetSystemInfo
LockResource
DeleteFileW
FileTimeToSystemTime
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
GetFullPathNameW
GetVersionExW
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GlobalMemoryStatusEx
InterlockedExchange
SetLastError
GetLastError
GetFileSize
CreateMutexW
ResumeThread
GetFileSizeEx
OutputDebugStringW
TerminateProcess

user32

wsprintfW

advapi32

CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx

msvcp140

?_Xlength_error@std@@YAXPBD@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Xout_of_range@std@@YAXPBD@Z
_Mtx_destroy_in_situ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xbad_alloc@std@@YAXXZ
_Mtx_init_in_situ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

vcruntime140

_purecall
__CxxFrameHandler3
wcsstr
__std_exception_destroy
memmove
memcpy
__std_exception_copy
memset
_CxxThrowException
__std_terminate
strstr
strchr
_except_handler4_common
wcschr
wcsrchr
memchr

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_errno
_set_app_type
_controlfp_s
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_seh_filter_exe
_register_onexit_function
_cexit
_beginthreadex
_crt_atexit

api-ms-win-crt-convert-l1-1-0

atoi
wcstoul
_wtoi

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode
__stdio_common_vsprintf
__stdio_common_vswscanf
__stdio_common_vsprintf_s
__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

_wcsnicmp
isalnum
_wcsicmp
toupper
_stricmp
towupper
towlower
tolower
wcsncpy

api-ms-win-crt-time-l1-1-0

_localtime64
_mktime64
_time64

api-ms-win-crt-utility-l1-1-0

srand
rand

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
malloc
calloc
free

api-ms-win-crt-math-l1-1-0

_except1
_dtest
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

crypt32

CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CryptMsgClose

shell32

SHGetFolderPathW

Sections

.text
Size: 713KB - Virtual size: 712KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4656db0fb1ac2cbb2021ce66a11175d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

crypt32

shell32

Sections

.text Size: 713KB - Virtual size: 712KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 126KB - Virtual size: 126KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 713KB - Virtual size: 712KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 126KB - Virtual size: 126KB

.reloc
Size: 36KB - Virtual size: 35KB