569b8f78473390e16a28512b8731244bba8b1b938b0ca0243cbb114527270490

Sharing

Copy URL Twitter E-mail

General

Target

569b8f78473390e16a28512b8731244bba8b1b938b0ca0243cbb114527270490
Size

940KB
MD5

f35a5768b22de77b080cbb3d6b425424
SHA1

16b17a8a3fd67b4c9e6597eda3180361a7631896
SHA256

569b8f78473390e16a28512b8731244bba8b1b938b0ca0243cbb114527270490
SHA512

c20a55875ff568d1473f5a305b42e87ecb32c622a38c6e42f7e76b031cc28c9f04cd1e06748e06fb69a82ac6947b0adbe4e68a7168ae285bde69d2080ed224d8
SSDEEP

12288:KAOprD/KqZkanrr6TTTTTTTT/nv8pRmFE/zRfALSap+pImbTUl:KAOpDyqZkanrrUQSEqubBb

Score

N/A

Malware Config

Signatures

Files

569b8f78473390e16a28512b8731244bba8b1b938b0ca0243cbb114527270490
.exe windows x86

824835008645f64f5598d21ca39c5de7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord3298
ord3282
ord6330
ord1197
ord2809
ord1196
ord6279
ord2644
ord1662
ord2371
ord4294
ord2372
ord4847
ord3871
ord3312
ord5871
ord4470
ord5977
ord3494
ord2507
ord355
ord4370
ord2350
ord2362
ord942
ord940
ord4270
ord3568
ord2567
ord4390
ord3569
ord609
ord3792
ord4118
ord2070
ord3688
ord2559
ord4128
ord4292
ord5784
ord2072
ord860
ord537
ord755
ord2746
ord5869
ord6168
ord470
ord6238
ord3088
ord4875
ord2081
ord2854
ord6125
ord927
ord3701
ord5777
ord3915
ord6126
ord6124
ord2626
ord5764
ord613
ord5785
ord289
ord472
ord1941
ord818
ord5795
ord6437
ord1230
ord6451
ord1937
ord4268
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4335
ord4343
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4103
ord5236
ord1719
ord5256
ord4426
ord813
ord560
ord4717
ord4502
ord3492
ord4078
ord1920
ord4259
ord1560
ord1258
ord2225
ord268
ord3476
ord4035
ord2732
ord2793
ord3348
ord3574
ord290
ord2855
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord640
ord1633
ord323
ord2397
ord5783
ord6193
ord2745
ord6640
ord816
ord562
ord3133
ord1168
ord1229
ord5568
ord2910
ord1791
ord2606
ord3491
ord4124
ord4016
ord764
ord3023
ord824
ord826
ord6466
ord6375
ord6376
ord3737
ord6153
ord283
ord703
ord603
ord3917
ord273
ord403
ord2385
ord1252
ord6303
ord521
ord4162
ord834
ord2755
ord1565
ord3995
ord1130
ord404
ord957
ord1852
ord5445
ord6389
ord909
ord4200
ord3981
ord1769
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord941
ord536
ord922
ord699
ord3933
ord397
ord5589
ord3433
ord6867
ord912
ord4183
ord4272
ord6489
ord4273
ord4199
ord4197
ord1637
ord4158
ord2914
ord3998
ord4015
ord2719
ord2722
ord2721
ord1172
ord2144
ord6597
ord2444
ord2373
ord4265
ord1131
ord1594
ord3253
ord3000
ord2127
ord3727
ord556
ord809
ord2114
ord1932
ord3290
ord6150
ord2522
ord4360
ord4051
ord5467
ord4116
ord2381
ord1703
ord1708
ord5230
ord6365
ord5275
ord5058
ord5244
ord2436
ord3725
ord554
ord807
ord4263
ord4279
ord3084
ord5047
ord956
ord1821
ord5852
ord4042
ord1764
ord6362
ord2405
ord2016
ord4395
ord692
ord1839
ord4119
ord3798
ord2615
ord1137
ord2558
ord4214
ord2573
ord3634
ord5142
ord3232
ord3785
ord6004
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord4667
ord2099
ord6390
ord5446
ord823
ord6379
ord5436
ord2859
ord540
ord858
ord859
ord2810
ord535
ord800
ord6139
ord5257
ord2836
ord825
ord541
ord538
ord801
ord3658
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord1720
ord5059
ord2756
ord5706
ord6278
ord6195
ord4704
ord1165
ord1143
ord1634
ord4155
ord3087
ord6871
ord6211
ord2634
ord2088
ord2857
ord3566
ord4229
ord2294
ord2291
ord614
ord2406
ord3621
ord324
ord567
ord384
ord861
ord6868
ord641
ord616
ord656
ord810
ord686
ord3592
ord4419
ord5276
ord1767
ord6048
ord4992
ord5261
ord3614
ord3577
ord3397
ord5286
ord4392
ord2570
ord4213
ord2015
ord2403
ord3605
ord3728
ord3393
ord1202
ord2613
ord296
ord5208
ord2506
ord617
ord815
ord561
ord3733
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord2446
ord6051
ord1569

msvcrt

__CxxFrameHandler
_CxxThrowException
wcscpy
_wtoi
_wcsicmp
wcscmp
memmove
_ftol
_purecall
_CIpow
wcsstr
_wcslwr
free
malloc
swscanf
wcslen
strchr
wcsncpy
calloc
_wtol
iswxdigit
iswalnum
iswspace
iswdigit
iswprint
iswalpha
wcschr
qsort
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp

kernel32

LocalFree
InterlockedDecrement
lstrcpynW
GetTickCount
GetVersionExW
LoadLibraryA
EnumResourceLanguagesW
EnumResourceTypesW
MultiByteToWideChar
WideCharToMultiByte
EnumResourceNamesW
FreeLibrary
lstrcmpA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SizeofResource
FindResourceW
LoadResource
LockResource
InterlockedIncrement
GetModuleHandleA
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetCurrentThreadId
MulDiv
lstrlenW
GlobalAlloc
GlobalLock
lstrcpyW
GlobalUnlock
GlobalFree
EnumSystemCodePagesW
GetCPInfoExW
CreateMutexW
GetLastError
ReleaseMutex
GetStartupInfoW

user32

SetPropW
GetWindowRect
LoadBitmapW
GetDesktopWindow
GetWindow
IsWindow
GetPropW
IsIconic
ShowWindow
SetForegroundWindow
GetLastActivePopup
EnableWindow
GetParent
InvalidateRect
SetRect
DefWindowProcW
GetForegroundWindow
GetWindowLongW
IntersectRect
GetCapture
GetMessageW
ClientToScreen
DispatchMessageW
CopyRect
SetRectEmpty
PtInRect
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
SendMessageW
UpdateWindow
DrawIconEx
DrawStateW
FillRect
OffsetRect
DestroyCursor
GetSystemMetrics
IsRectEmpty
GetCursorPos
ScreenToClient
LoadIconW
GetClientRect
RegisterWindowMessageW
GetSysColor
LoadCursorW
SetCursor
SystemParametersInfoW
SetCapture
GetDC
InvertRect
ReleaseDC
InflateRect
mouse_event
GetClassLongW
GetFocus
DrawFrameControl
GetCaretPos
GetKeyState
DrawFocusRect
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
ReleaseCapture
PostMessageW
SetClassLongW
HideCaret
ShowCaret
MessageBeep
RedrawWindow
GetNextDlgTabItem
GetSysColorBrush
EqualRect
SetWindowPos
SetTimer
GetCursor
KillTimer
IsWindowVisible
WindowFromPoint
LookupIconIdFromDirectoryEx
LoadMenuW
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
CreateIconFromResourceEx
LoadImageW
RegisterClipboardFormatW
SetWindowRgn
SetWindowLongW
GrayStringW
DrawTextW
TabbedTextOutW
GetDlgCtrlID
SetActiveWindow

gdi32

SetPixel
Polygon
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateDIBSection
DeleteDC
StretchBlt
PatBlt
SetTextColor
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
CreatePolygonRgn
FillRgn
GetTextMetricsW
GetTextExtentPoint32W
CreateRectRgn
GetStockObject
SelectObject
GetObjectW
GetBkColor
GetTextColor
CreatePen
CreateBitmap
CreateFontIndirectW
CreateSolidBrush

shell32

DragFinish
DragQueryFileW

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_GetImageCount
ImageList_DrawIndirect
ImageList_AddMasked
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Add
ImageList_GetIcon

ole32

CoInitialize
OleRun
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
VariantClear
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen

smartpublic

??0CSPBlockMainInfo@@QAE@ABVCString@@0@Z
?GetFileName@CSPLinesData@@QAE?AVCString@@XZ
??1CSPBlockMainInfo@@UAE@XZ
?Serialize@CSPBlockTableInfo@@UAEXAAVCArchive@@@Z
??0CSPBlockTableInfo@@QAE@ABVCString@@0@Z
??1CSPBlockTableInfo@@UAE@XZ
?Serialize@CSPBlockMainInfo@@UAEXAAVCArchive@@@Z
?SaveCategoryData@CSPLinesData@@QAEHABVCString@@@Z
?GetBtiFileName@CSPLinesData@@SA?AVCString@@ABV2@@Z
?GetText2Array@CSPLinesData@@QAEHABH@Z
?CleanCategory@CSPLinesData@@QAEXXZ
?GetQualifier@CSPLinesData@@QAE?AVCString@@XZ
?GetText2Array@CSPLinesData@@SAHIVCString@@AAVCStringArray@@ABH@Z
?GetArrText@CSPLinesData@@QAE?AVCString@@ABH@Z
?RregEXLine@CSPLinesData@@SAHABVCString@@0@Z
?IsDataFileFixed@CSPLinesData@@QAEHABH@Z
??1CSPLinesData@@UAE@XZ
??0CSPLinesData@@QAE@XZ
??0SP_Fixed_Field_Info@@QAE@ABH00ABVCString@@@Z
?GetCategoryData@CSPLinesData@@QAEHAAVCStringArray@@AAV?$CArray@PAVCSPBlockData_Row@@PAV1@@@@Z
?GetDelimiter@CSPLinesData@@QAE?AVCString@@XZ
?SetPageCode@CSPLinesData@@QAEHABI@Z
?LoadCategory@CSPLinesData@@QAEHABVCString@@@Z
?SetFileName@CSPLinesData@@QAEHABVCString@@@Z

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 608KB - Virtual size: 606KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

824835008645f64f5598d21ca39c5de7

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

shell32

comctl32

ole32

oleaut32

smartpublic

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 608KB - Virtual size: 606KB

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 608KB - Virtual size: 606KB