7456f1bbcced469e2611e68d44e15160b1d875c0571b8dd52bcd0ec9e1d3c595

Sharing

Copy URL

Twitter E-mail

General

Target

7456f1bbcced469e2611e68d44e15160b1d875c0571b8dd52bcd0ec9e1d3c595
Size

240KB
MD5

55078b40de5ca341de364a36a37bfffc
SHA1

2c19d8c5fe3979adafc76a329122c2ee0b252519
SHA256

7456f1bbcced469e2611e68d44e15160b1d875c0571b8dd52bcd0ec9e1d3c595
SHA512

fd79f0f859d3ccca548d2cc975c71abda046a5e5ee8951a8ad99a424905570a28699d34ea39955209152ac0b9f3bc39bfe908ed9e11abc4e5226da2870c2f49a
SSDEEP

3072:GHsK5kFqABCEC/NDoutemTUUL4Oivxvvz0fUcOh8LxL0YcdV4xiXGTKvxEHVM8yS:fHyvpL4OivVcUcXLxLf2VXQVMlY/

Score

1^/10

Malware Config

Signatures

Files

7456f1bbcced469e2611e68d44e15160b1d875c0571b8dd52bcd0ec9e1d3c595
.exe windows x86

8eb396ba1ef08202cac7034954680edb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameW
EnumProcessModules

ws2_32

htons
inet_ntoa
ntohs
closesocket

tscommon

?AllocSysString@?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QBEPA_WXZ
??1XTLock@@QAE@XZ
??1XTEvent@@QAE@XZ
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ
?GetElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?Name@TiXmlAttribute@@QBEPBDXZ
?Next@TiXmlAttribute@@QBEPBV1@XZ
?FirstAttribute@TiXmlElement@@QAEPAVTiXmlAttribute@@XZ
??0TiXmlDocument@@QAE@XZ
??1TiXmlDocument@@UAE@XZ
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
?DispartDrvTagName@_SourceTag@@YAXABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@AAV23@1PAE@Z
?Format@?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QAAXPB_WZZ
?GetBuffer@?$CSimpleStringT@_W$0A@@ATL@@QAEPA_WH@Z
?ReleaseBuffer@?$CSimpleStringT@_W$0A@@ATL@@QAEXH@Z
?Truncate@?$CSimpleStringT@_W$0A@@ATL@@QAEXH@Z
??0?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@QAE@PB_W@Z
??1?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@QAE@XZ
??0?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QAE@ABV01@@Z
??0?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QAE@PBD@Z
??4?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QAEAAV01@PBD@Z
?ReverseFind@?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QBEH_W@Z
?Trim@?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QAEAAV12@PB_W@Z
?InsertEndChild@TiXmlNode@@QAEPAV1@ABV1@@Z
??0TiXmlElement@@QAE@PBD@Z
?Append@?$CSimpleStringT@_W$0A@@ATL@@QAEXPB_W@Z
?Tokenize@?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QBE?AV12@PB_WAAH@Z
??0?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QAE@PB_W@Z
??1?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QAE@XZ
?GetLength@?$CSimpleStringT@_W$0A@@ATL@@QBEHXZ
??4?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QAEAAV01@PB_W@Z
?InternalCopy@XVariant@@IAEXPBUtagVARIANT@@@Z
?ToFloat@XVariant@@QBEMXZ
?SetTagValue@CTag@@QAE_NABVXVariant@@PBVCUser@@@Z
?Empty@?$CSimpleStringT@_W$0A@@ATL@@QAEXXZ
?IsEmpty@?$CSimpleStringT@_W$0A@@ATL@@QBE_NXZ
?Concatenate@?$CSimpleStringT@_W$0A@@ATL@@KAXAAV12@PB_WH1H@Z
??0?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QAE@XZ
??0?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QAE@PAUIAtlStringMgr@1@@Z
??4?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QAEAAV01@ABV01@@Z
?GetManager@?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QBEPAUIAtlStringMgr@2@XZ
?Compare@?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QBEHPB_W@Z
??1TiXmlElement@@UAE@XZ
?Attribute@TiXmlElement@@QBEHPBDH@Z
?SetAttribute@TiXmlElement@@QAEXPBDH@Z
?SaveFile@TiXmlDocument@@QBE_NPB_W@Z
?GetLocStr@@YAPB_WI@Z
??0CFullUser@@QAE@XZ
??1CFullUser@@QAE@XZ
?GetErrorMsg@_TsMisc@@YAXKAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z
??0XFile@@QAE@XZ
??1XFile@@QAE@XZ
?OpenW@XFile@@QAE_NPB_WH_N@Z
?Read@XFile@@QAEHPAXI@Z
?Write@XFile@@QAEHPBXI@Z
?Trim@?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@QAEAAV12@XZ
?Seek@XFile@@QAE_NHH@Z
??A?$CSimpleStringT@_W$0A@@ATL@@QBE_WH@Z

kernel32

LCMapStringW
GetACP
WriteFile
GetStdHandle
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
VirtualQuery
VirtualProtect
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
CloseHandle
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObject
CreateEventW
CreateThread
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
MultiByteToWideChar
SetLastError
InitializeCriticalSection
Sleep
GetLocalTime
GetTickCount
GetCurrentThreadId
OpenProcess
GetVersionExW
LoadLibraryW
DecodePointer
GetCommandLineW
GetModuleFileNameA
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
GetFileType
GetStringTypeW
IsValidCodePage
GetOEMCP
CreateFileW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FindNextFileW
FindFirstFileExW
FindClose
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCommandLineA
DeleteCriticalSection

user32

GetParent
GetWindowLongW
MapWindowPoints
GetWindowRect
GetClientRect
GetDlgItem
EndDialog
SetWindowPos
SendMessageW
CharNextW
GetWindow
MonitorFromWindow
GetMonitorInfoW
PostQuitMessage
UnregisterClassW
DestroyWindow
ShowWindow
IsWindowVisible
IsIconic
BringWindowToTop
DialogBoxParamW
GetActiveWindow
SetTimer
KillTimer
GetSystemMetrics
SetForegroundWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
SetWindowLongW
LoadIconW
DestroyIcon
LoadImageW
IsDialogMessageW
RegisterWindowMessageW
GetMessageW
TranslateMessage
DispatchMessageW
PostMessageW
PostThreadMessageW
DefWindowProcW
CreateDialogParamW
LoadMenuW
DestroyMenu
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
SetFocus
MonitorFromPoint
LoadStringW
GetCursorPos
PeekMessageW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SystemFunction036
OpenServiceW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyA
RegDeleteKeyA
RegSetValueA
RegSetValueExA
RegOpenKeyW
ChangeServiceConfigW
CloseServiceHandle
CreateServiceW
DeleteService
OpenSCManagerW

shell32

Shell_NotifyIconW

ole32

CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoCreateInstance
CoRevokeClassObject
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
ProgIDFromCLSID
CoResumeClassObjects
CoSuspendClassObjects
CoInitializeSecurity
StringFromGUID2
CoFileTimeNow

oleaut32

SysFreeString
SysStringLen
VariantInit
VariantClear
VariantCopy
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SystemTimeToVariantTime
RegisterTypeLi
UnRegisterTypeLi
SysAllocString

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_SetBkColor

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8eb396ba1ef08202cac7034954680edb

Headers

DLL Characteristics

File Characteristics

Imports

psapi

ws2_32

tscommon

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 157KB - Virtual size: 157KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 7KB - Virtual size: 10KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 157KB - Virtual size: 157KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 7KB - Virtual size: 10KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 11KB - Virtual size: 11KB