runningrat | hehe[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

hehe.7z
Size

813KB
MD5

52d1e3a34e9f764c9904c28ab1df147a
SHA1

66ae0c06c95d98fdf90f6a3ebaad2d664df815cc
SHA256

72395ec1a48758a005d052d72fde286c083be13110308fdc4216bd8e9c325de7
SHA512

b1619efdc38e10d3cf4f893805ef027a9e48e460a382acd31e04f4e78fc85873a8fcaa7c476c8b67c322f30c7a6e6ba10e7b990c18c70acf929b4e8e9b78aab8
SSDEEP

12288:FaLH23e/7Lw58CBd/PyOPDdAD7or/DTiEdx6qLeZqaSAJaWAkBJY08QD30zYr4:SbnPaPycDGg/D9bLqRSAJ+kTY0B30Mk

Score

10^/10

runningrat

Malware Config

Signatures

RunningRat payload 4 IoCs

resource	yara_rule
static1/unpack001/360setr.exe	family_runningrat
static1/unpack001/adnwr.exe	family_runningrat
static1/unpack001/harst.exe	family_runningrat
static1/unpack001/��ٳ�1.0.exe	family_runningrat

Runningrat family
runningrat

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/360setr.exe
unpack001/988.exe
unpack001/adnwr.exe
unpack001/harst.exe
unpack001/��ٳ�1.0.exe

Files

hehe.7z
.7z
360setr.exe
.exe windows:4 windows x86 arch:x86

24ffff844f7eed74e1f1064cc9840ba9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord800
ord537
ord2621
ord4129
ord5683
ord825
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord2982
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord693
ord641
ord324
ord2302
ord4234
ord3996
ord4710
ord755
ord470
ord6907
ord3499
ord2818
ord540
ord2515
ord355
ord1168
ord2379
ord1146
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord567
ord3998
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4441
ord4673
ord1576

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_except_handler3
memset
__p__pgmptr
sprintf
memcpy
_access
__CxxFrameHandler
strstr
_setmbcp
_mkdir

kernel32

CloseHandle
CreateFileA
FreeLibrary
GetTickCount
GetFileAttributesA
ExpandEnvironmentStringsA
GetLastError
GetProcAddress
LoadLibraryA
lstrcpyA
GetCommandLineA
Sleep
lstrcmpiA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
WriteFile

user32

SendMessageA
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
wsprintfA
DrawIcon

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
988.exe
.exe windows:5 windows x86 arch:x86

870083b6f2d5773ca76f6328d1e7e1a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
CompareStringW
LCMapStringW
CreateFileW
SetEnvironmentVariableA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapCreate
IsValidCodePage
GetStdHandle
SetHandleCount
IsProcessorFeaturePresent
GetTimeZoneInformation
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapQueryInformation
GetFileType
SetStdHandle
CreateThread
ExitThread
ExitProcess
VirtualQuery
GetSystemInfo
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetDateFormatA
GetTimeFormatA
HeapReAlloc
DecodePointer
EncodePointer
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
FreeLibrary
SearchPathA
Sleep
GetProfileIntA
InitializeCriticalSectionAndSpinCount
GetTickCount
GetTempPathA
GetTempFileNameA
GetConsoleCP
GetNumberFormatA
GetWindowsDirectoryA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
GetFileAttributesExA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
lstrcmpiA
DeleteFileA
GetCurrentDirectoryA
GetOEMCP
GetCPInfo
FindResourceExW
GetACP
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
lstrcpyA
lstrcpyW
InterlockedDecrement
GetModuleFileNameW
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
GetStringTypeW
SetErrorMode
GetPrivateProfileIntA
WaitForSingleObject
ResumeThread
SetThreadPriority
CloseHandle
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetModuleFileNameA
GetLocaleInfoA
InterlockedExchange
GetModuleHandleW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetVersionExA
CompareStringA
LoadLibraryW
lstrcmpW
lstrcmpA
GlobalReAlloc
FreeResource
FindResourceA
ActivateActCtx
DeactivateActCtx
GetModuleHandleA
FileTimeToSystemTime
GetLastError
GlobalFree
CopyFileA
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
lstrlenW
MultiByteToWideChar
MulDiv
WritePrivateProfileStringA
GetPrivateProfileStringA
HeapAlloc
GetThreadLocale
lstrlenA
GetProcessHeap
HeapFree
IsBadReadPtr
SetLastError
VirtualFree
VirtualProtect
VirtualAlloc
WideCharToMultiByte
FindResourceW
LoadResource
LockResource
SizeofResource
LoadLibraryA
GetProcAddress
WriteConsoleW

user32

DefFrameProcA
PostThreadMessageA
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExA
IsCharLowerA
LoadImageW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
TranslateAcceleratorA
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableA
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToAsciiEx
DrawFrameControl
DrawEdge
DrawStateA
LoadMenuW
SetClassLongA
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DrawIconEx
LoadImageA
CopyImage
GetIconInfo
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
CreatePopupMenu
GetMenuDefaultItem
RedrawWindow
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
OffsetRect
CharNextA
IntersectRect
CharUpperA
DestroyIcon
WaitMessage
ReleaseCapture
WindowFromPoint
SetCapture
LoadCursorW
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
KillTimer
DefMDIChildProcA
InvalidateRect
DeleteMenu
RealChildWindowFromPoint
LoadCursorA
GetSysColorBrush
MapVirtualKeyA
GetKeyNameTextA
SystemParametersInfoA
DestroyMenu
GetMenuItemInfoA
InflateRect
SetWindowContextHelpId
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetWindowThreadProcessId
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MonitorFromWindow
GetMonitorInfoA
MapWindowPoints
ScrollWindow
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
CopyIcon
CharUpperBuffA
GetDoubleClickTime
SubtractRect
DestroyCursor
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
GetWindowRgn
SetTimer
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
PtInRect
SetWindowPlacement
GetWindowPlacement
DefWindowProcA
CallWindowProcA
GetMenu
GetDesktopWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
SetPropA
GetCapture
GetActiveWindow
SetActiveWindow
MapDialogRect
GetPropA
RemovePropA
GetAsyncKeyState
GetWindowRect
PostMessageA
GetFocus
SetWindowPos
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
CheckDlgButton
IsWindow
GetWindowTextLengthA
GetWindowTextA
GetScrollPos
SetScrollPos
GetWindow
GetWindowLongA
SetFocus
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
GetParent
GetSystemMetrics
LoadIconW
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon
EnableWindow
UnregisterClassA

gdi32

StretchBlt
SetPixel
Rectangle
OffsetRgn
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
Polygon
GetTextFaceA
CreateDIBitmap
EnumFontFamiliesExA
GetTextMetricsA
SetDIBColorTable
PatBlt
Ellipse
Polyline
CreateEllipticRgn
CreatePolygonRgn
CreateRoundRectRgn
CreateDIBSection
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetRgnBox
GetTextColor
GetBkColor
DPtoLP
CreateCompatibleBitmap
GetMapMode
CombineRgn
SetRectRgn
GetTextCharsetInfo
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
DeleteObject
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
CreateSolidBrush
CreateFontIndirectA
GetObjectA
GetDeviceCaps
CopyMetaFileA
CreateDCA
SetTextColor
SetBkColor
CreateBitmap
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
EnumFontFamiliesA

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegCloseKey
RegEnumValueA
RegQueryValueA

shell32

SHGetFileInfoA
SHGetDesktopFolder
SHGetPathFromIDListA
SHAppBarMessage
SHBrowseForFolderA
SHGetSpecialFolderPathA
DragQueryFileA
DragFinish
ShellExecuteA
SHGetSpecialFolderLocation

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathRemoveFileSpecW

ole32

DoDragDrop
OleFlushClipboard
OleIsCurrentClipboard
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateStreamOnHGlobal
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoInitializeEx
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoRevokeClassObject
CoRegisterMessageFilter
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

VariantTimeToSystemTime
SysAllocString
OleCreateFontIndirect
VarBstrFromDate
SafeArrayDestroy
VariantCopy
SysStringLen
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysFreeString
SystemTimeToVariantTime

oledlg

ord8

odbc32

ord15
ord51
ord50
ord45
ord44
ord72
ord4
ord17
ord41
ord10
ord61
ord3
ord16
ord2
ord1
ord5
ord9
ord14
ord20
ord8
ord48
ord49
ord11
ord19
ord12
ord46
ord18
ord13
ord59
ord43
ord68

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 286KB - Virtual size: 285KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 305KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adnwr.exe
.exe windows:4 windows x86 arch:x86

24ffff844f7eed74e1f1064cc9840ba9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord800
ord537
ord2621
ord4129
ord5683
ord825
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord2982
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord693
ord641
ord324
ord2302
ord4234
ord3996
ord4710
ord755
ord470
ord6907
ord3499
ord2818
ord540
ord2515
ord355
ord1168
ord2379
ord1146
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord567
ord3998
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4441
ord4673
ord1576

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_except_handler3
memset
__p__pgmptr
sprintf
memcpy
_access
__CxxFrameHandler
strstr
_setmbcp
_mkdir

kernel32

CloseHandle
CreateFileA
FreeLibrary
GetTickCount
GetFileAttributesA
ExpandEnvironmentStringsA
GetLastError
GetProcAddress
LoadLibraryA
lstrcpyA
GetCommandLineA
Sleep
lstrcmpiA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
WriteFile

user32

SendMessageA
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
wsprintfA
DrawIcon

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
harst.exe
.exe windows:4 windows x86 arch:x86

0734ecb9331cfc9cd229b6ee8f676053

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4427
ord796
ord674
ord554
ord529
ord366
ord825
ord807
ord2494
ord2627
ord2626
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord800
ord2379
ord6069
ord2820
ord3811
ord5265
ord4376
ord4998
ord4710
ord2514
ord6052
ord4078
ord1775
ord5241
ord5280
ord4441
ord5261
ord4425
ord3597
ord641
ord860
ord540
ord324
ord2370
ord4234
ord4853
ord6334
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord537
ord4129
ord4436
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4613
ord1945
ord4273
ord4589
ord4899
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord5290
ord3748
ord1726
ord4432
ord3571
ord813
ord323
ord560
ord5260
ord5785
ord2535
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord1146
ord3626
ord2414
ord283
ord1641
ord1640
ord2859
ord4464
ord2513
ord293
ord3663
ord3573
ord5787
ord2864
ord3693
ord4133
ord4297
ord4317
ord5788
ord2011
ord2818
ord3072
ord1175
ord3619
ord1168
ord858
ord3019
ord2516
ord361
ord4837
ord3798
ord1665
ord2649
ord5282
ord4353
ord6374
ord5163
ord2385
ord5237
ord4407
ord1776
ord4077
ord6055
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord5012
ord3350
ord4303
ord4467
ord5103
ord5100
ord3059
ord2390
ord2723
ord4242
ord1842
ord5683
ord823
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_setmbcp
_mkdir
__CxxFrameHandler
strstr
_access
sprintf
__p__pgmptr
_except_handler3
__dllonexit
_onexit
_exit
_controlfp
_XcptFilter
exit
_acmdln

kernel32

lstrcmpiA
SetThreadPriority
GetCurrentThread
Sleep
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
CloseHandle
WriteFile
CreateFileA
FreeLibrary
GetTickCount
GetFileAttributesA
ExpandEnvironmentStringsA
GetLastError
GetProcAddress
LoadLibraryA
SetPriorityClass
GetCommandLineA
lstrcpyA

user32

LoadCursorA
SetCursor
ReleaseCapture
SetCapture
InvalidateRect
GetSystemMetrics
GetDC
FillRect
ReleaseDC
LoadMenuA
GetSubMenu
wsprintfA
EnableWindow
SetTimer
InflateRect

gdi32

CreatePen
RoundRect
Ellipse
Rectangle
CreateSolidBrush
GetPixel
ExtFloodFill
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateFontIndirectA

Sections

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
��ٳ�1.0.exe
.exe windows:4 windows x86 arch:x86

24ffff844f7eed74e1f1064cc9840ba9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord800
ord537
ord2621
ord4129
ord5683
ord825
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord2982
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord693
ord641
ord324
ord2302
ord4234
ord3996
ord4710
ord755
ord470
ord6907
ord3499
ord2818
ord540
ord2515
ord355
ord1168
ord2379
ord1146
ord2582
ord6055
ord1776
ord4402
ord5290
ord3370
ord3640
ord567
ord3998
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4441
ord4673
ord1576

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_except_handler3
memset
__p__pgmptr
sprintf
memcpy
_access
__CxxFrameHandler
strstr
_setmbcp
_mkdir

kernel32

CloseHandle
CreateFileA
FreeLibrary
GetTickCount
GetFileAttributesA
ExpandEnvironmentStringsA
GetLastError
GetProcAddress
LoadLibraryA
lstrcpyA
GetCommandLineA
Sleep
lstrcmpiA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
WriteFile

user32

SendMessageA
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
wsprintfA
DrawIcon

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24ffff844f7eed74e1f1064cc9840ba9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 8KB - Virtual size: 6KB

.data Size: 32KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 2KB

870083b6f2d5773ca76f6328d1e7e1a9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

oledlg

odbc32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 286KB - Virtual size: 285KB

.data Size: 305KB - Virtual size: 334KB

.rsrc Size: 77KB - Virtual size: 80KB

.reloc Size: 171KB - Virtual size: 170KB

24ffff844f7eed74e1f1064cc9840ba9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 8KB - Virtual size: 6KB

.data Size: 32KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 2KB

0734ecb9331cfc9cd229b6ee8f676053

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

Sections

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 48KB - Virtual size: 47KB

.rsrc Size: 16KB - Virtual size: 13KB

24ffff844f7eed74e1f1064cc9840ba9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text
Size: 8KB - Virtual size: 6KB

.data
Size: 32KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 286KB - Virtual size: 285KB

.data
Size: 305KB - Virtual size: 334KB

.rsrc
Size: 77KB - Virtual size: 80KB

.reloc
Size: 171KB - Virtual size: 170KB

.text
Size: 8KB - Virtual size: 6KB

.data
Size: 32KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 2KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 16KB - Virtual size: 13KB

.text
Size: 8KB - Virtual size: 6KB

.data
Size: 32KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 2KB