f8ecaa2617f42881143c2800cd88d271901cdd3ccf5c9653d48cd74db2d385aa

Sharing

Copy URL Twitter E-mail

General

Target

f8ecaa2617f42881143c2800cd88d271901cdd3ccf5c9653d48cd74db2d385aa
Size

428KB
MD5

5a7f8a6eb8c25158f31f99d8f604bae9
SHA1

b8bb17ced5d6345e9715bcee657d511038842c56
SHA256

f8ecaa2617f42881143c2800cd88d271901cdd3ccf5c9653d48cd74db2d385aa
SHA512

5b9cb927f6d4fd3d7aa0c2000a4fd27394b7d6424f41dfbf7d27429695049b49ebd4086045608d1b71b7ef6d746d5f744aef982df75a79da66f6ab80bbc2deb2
SSDEEP

12288:NMVPS++leJXY2cql6llxlj8ps+7WjLYuDXfL10u5Z:6ZJlc7lj8ps+KjLYuDjuu5

Score

N/A

Malware Config

Signatures

Files

f8ecaa2617f42881143c2800cd88d271901cdd3ccf5c9653d48cd74db2d385aa
.exe windows x86

72cf42c5821680b51eca52afd330e484

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetTempPathW
CreateDirectoryW
GetVersion
GetModuleFileNameW
lstrlenA
CloseHandle
GetModuleHandleW
GetProcAddress
GetCurrentProcess
GetVersionExW
lstrcpyW
GetFileAttributesW
lstrcmpA
MultiByteToWideChar
lstrlenW
InterlockedIncrement
lstrcmpiW
InterlockedDecrement
GetStartupInfoA

user32

GetWindowRect
GetActiveWindow
PostMessageW
SetTimer
SetCapture
ScreenToClient
GetDC
ClientToScreen
GetClassNameW
EnumWindows
GetKeyState
SetWindowLongW
SetCursor
GetClientRect
GetParent
CharNextW
SetRectEmpty
SetWindowPos
SystemParametersInfoW
SetWindowTextW
GetWindowLongW
SetClassLongW
GetClassLongW
LoadIconW
DefWindowProcW
IsZoomed
SetWindowRgn
InflateRect
OffsetRect
GetMessagePos
SendMessageW
LoadCursorW
ReleaseCapture
MoveWindow
GetCursorPos

gdi32

CreateEllipticRgn
GetRgnBox
PtInRegion
DeleteObject
CreateRectRgn

comdlg32

GetOpenFileNameW

advapi32

OpenProcessToken
GetLengthSid
SetTokenInformation
CreateProcessAsUserW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

magcore

Mag0Inter
Mag0Release
Mag0Retain
Mag0CreateObj

magfileio

magIODestroyStdStream
magIOCreateStdStream
magIOOpenImage
magIOCloseImage
magIOLoadPlugs
magIOUnloadPlugs

magpcmac

Mag0TranPathRegister
Mag0FSValRegister

magpltfm

magHeapAlloc
magHeapLock
magMemZero
magHeapUnlock
magHeapFree
magStrCopy

maguiengine

Mag0GetGValue
Mag0SetGValue

heatdll

?GetAppFileName@@YAXPAG@Z
?Arc_PtInRect@@YAHPBUtagRECT@@UtagPOINT@@@Z
?GetFitInSize@@YAXABJ000AAJ1@Z
?PtInMagObj@@YAHPBXAAUtagPOINT@@@Z
?AbmCtrlAutoHideScrollTiemr@@YAXPAVMagAlbum@PubMagic@@@Z
?OpenImgFileThumb@@YAPAVMagPicture@PubImage@@PBGABUtagSIZE@@W4enuImport@@@Z
?GenObjFromAuiFile@@YAPAVMagPanel@PubMagic@@PAUHINSTANCE__@@PAUHWND__@@PBGW4SurWndType@@H@Z
?_atlArctmpDataNil@@3PAUCArcStringData@@A
?_atlArctmpPchNil@@3PBGB
?IsCurrentPrj@@YAHPBG@Z
?ShDeleteFile@@YAHPBG@Z
?ElePt2WndPt@@YA?AUtagPOINT@@PAVMagElement@PubMagic@@PAU1@@Z
?Arc_ClientToScreen@@YAXPAUHWND__@@PAUtagPOINT@@@Z
?SetProjects@CProjectMgr@@SAXABUtagProjectInfo@@HH@Z
?IsCursorInMagEle@@YAHPAVMagElement@PubMagic@@@Z
?GetModuleInfoByID@CModuleMgr@@SAHKAAUtagModuleInfo@@@Z
?GetPrjDateString@@YAPBGABUtagProjectInfo@@PAGJHH@Z
?SetMagEleText@@YAXPAVMagElement@PubMagic@@JPAVMagAUI@2@@Z
?RemoveAllCallBack@CBaseMagCallbackMap@@QAEXXZ
??1CBaseMagCallbackMap@@UAE@XZ
??0CBaseMagCallbackMap@@QAE@XZ
?GetModuleCount@CModuleMgr@@SAHXZ
?InitResAUI@@YAPAVMagAUI@PubMagic@@PBG0@Z
?GetProjects@CProjectMgr@@SAHABVtstring@@AAV?$vector@UtagProjectInfo@@V?$allocator@UtagProjectInfo@@@std@@@std@@HKH@Z
?CropLayer@@YAPBXPBXABUtagRECT@@J@Z
?Layer2Pic@@YAPAVMagPicture@PubImage@@PAVMagLayer@2@@Z
?SaveImageFile@@YAHPAVMagPicture@PubImage@@PBGJH@Z
?CreateDirTree@@YAHPBG@Z
?IsPathWritable@@YAHPBG@Z
?SetWindowFourCorners@@YAXPAUHWND__@@@Z
?DidCreate@CBaseMagMainWind@@MAEXXZ
?GetCatalog@CBaseMagWindow@@QBEPAVMagPanel@PubMagic@@XZ
??0CBaseMagMainWind@@QAE@XZ
??1CBaseMagMainWind@@UAE@XZ
?MagCloseProc@CBaseMagWindow@@UAEJPAVMagElement@PubMagic@@QBX@Z
?MagDragProc@CBaseMagWindow@@UAEJPAVMagElement@PubMagic@@JQBX@Z
?MagResizeProc@CBaseMagWindow@@UAEJPAVMagElement@PubMagic@@JQBX@Z
?MagMinimizeProc@CBaseMagWindow@@UAEJPAVMagElement@PubMagic@@QBX@Z
?MagMaximizeProc@CBaseMagWindow@@UAEJPAVMagElement@PubMagic@@QBX@Z
?SetDefaultCallBackName@CBaseMagWindow@@UAEXPBDW4MagDefaultCallBackKind@@@Z
?QuitAppAfterDestroyed@CBaseMagMainWind@@UAEHXZ
?PreCreateWind@CBaseMagWindow@@MAEXAAUtagCREATESTRUCTW@@@Z
?CreateWind@CBaseMagWindow@@MAEXPAUtagRECT@@PAUHWND__@@@Z
?PreCreate@CBaseMagWindow@@MAEHXZ
?WillClose@CBaseMagWindow@@MAEXXZ
?GetAppPrivateProfileString@@YAHPBG00PAGK@Z
?ExitMagicUI@CBaseMagApp@@MAEHXZ
?InitMagicUI@CBaseMagApp@@MAEHH@Z
?PathAddBackslashW@@YAXAAVtstring@@@Z
?PopupAUIPathFromFileManager@CBaseMagApp@@UAEXXZ
?PushAUIToFileManager@CBaseMagApp@@UAEHPBGPAG@Z
?AskClose@CBaseMagWindow@@MAEHXZ
?OnEnable@CBaseMagWindow@@MAEXIJ@Z
?Run@CBaseMagApp@@UAEHXZ
??0CBaseMagApp@@QAE@PAUMagAppEnvironment@@@Z
??1CBaseMagApp@@UAE@XZ
?ShowWindow@CBaseMagWindow@@QAEXH@Z
?UpdateContents@CProjectMgr@@SAHABVtstring@@@Z
?OnMtGesture@CBaseMagWindow@@MAEHABU_GESTUREINFO@@@Z
?GetStureConfig@CBaseMagWindow@@MAEHQAUtagGESTURENOTIFYSTRUCT@@AAU_GESTURECONFIG@@@Z
?GetGestureStatus@CBaseMagWindow@@MAEHUtagPOINT@@AAK@Z
?RegisterCallBacks@CBaseMagWindow@@MAEXXZ
?GetImageFileBuf@@YAHPBGAAU_IMGCBUFFER@@ABUtagSIZE@@W4enuImport@@@Z
?RegisterCallBacks@CBaseMagCallbackMap@@MAEXXZ
?Arc_IsRectEmpty@@YAHPBUtagRECT@@@Z
?DelDirTree@@YAXPBG@Z
??0CDlgInputText@@QAE@XZ
?SetTitle@CDlgInputText@@QAEXPBG@Z
?SetText@CDlgInputText@@QAEXPBGJ@Z
?Create@CBaseMagWindow@@UAEHPBGPAUtagRECT@@PAUHWND__@@@Z
?SetWindowTextW@CDlgInputText@@QAEXPBG@Z
?DoModal@CBaseMagDialog@@UAEHXZ
?GetText@CDlgInputText@@QAEXAAVtstring@@@Z
??1CDlgInputText@@UAE@XZ
?Arc_IntersectRect@@YAHPAUtagRECT@@PBU1@1@Z
?MyMsgBox@@YAHIPBGZZ
?GetMagRect@@YAXPBXAAUtagRECT@@@Z
?Arc_OffsetRect@@YAXPAUtagRECT@@HH@Z
?ResLoadString@@YAHIPAGHPAVMagAUI@PubMagic@@@Z
?LayoutPlcb@@YAHPAVMagPanel@PubMagic@@0PAVMagElement@2@UtagSIZE@@HNH@Z
??2CBaseMagWindow@@SGPAXI@Z
?GetResString@@YA?AVtstring@@IPBGPAVMagAUI@PubMagic@@@Z
?InitCallBack@CBaseMagCallbackMap@@MAEXPAVMagPanel@PubMagic@@@Z
?AddCallBack@CBaseMagCallbackMap@@QAEXPBDP6AJPAVMagElement@PubMagic@@JQBX2@Z@Z
?SetAppResource@@YAXPAVMagAUI@PubMagic@@@Z
?ExitInstance@CBaseMagApp@@MAEXXZ
?InitInstance@CBaseMagApp@@MAEHXZ
?RepositionWindow@CBaseMagWindow@@QAEXW4MagWindowRepositionKind@@@Z

shlwapi

PathRemoveBackslashW
PathAddBackslashW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcrt

wcscmp
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__CxxFrameHandler
_CIpow
_except_handler3
_initterm
_wcsupr
wcsstr
_wtoi
free
malloc
memmove
_wmakepath
wcslen
_itow
_wsplitpath
_wcsicmp
_ftol
wcscat
wcscpy
swprintf
_purecall
??2@YAPAXI@Z

gdiplus

GdiplusShutdown
GdipDeleteRegion
GdipDeleteGraphics
GdipDeletePath
GdipCreateRegionPath
GdipCreateFromHDC
GdiplusStartup
GdipCreatePath
GdipAddPathPolygonI
GdipGetRegionHRgn

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72cf42c5821680b51eca52afd330e484

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

magcore

magfileio

magpcmac

magpltfm

maguiengine

heatdll

shlwapi

msvcp60

msvcrt

gdiplus

Sections

.text Size: 208KB - Virtual size: 204KB

.rdata Size: 168KB - Virtual size: 166KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 40KB - Virtual size: 36KB

.text
Size: 208KB - Virtual size: 204KB

.rdata
Size: 168KB - Virtual size: 166KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 40KB - Virtual size: 36KB