87bfb881c1df1fa75d5d9c27c1c1bf1f8b43bac3aafedf4e88cfedab3b5cfd38

Sharing

Copy URL Twitter E-mail

General

Target

87bfb881c1df1fa75d5d9c27c1c1bf1f8b43bac3aafedf4e88cfedab3b5cfd38
Size

768KB
MD5

052628959fd0399c84f5d2d764be6330
SHA1

23fada5a7984c1bff73cd10e9cc5189259de8586
SHA256

87bfb881c1df1fa75d5d9c27c1c1bf1f8b43bac3aafedf4e88cfedab3b5cfd38
SHA512

2249814c9cad6db23fb3f8f6576f56a259e99e5dcb988f4dc274b5e0e398cf79571dcf53fa2894e4751ecb0d0539802f8702a382f9ae8f49565f31aba899ddbb
SSDEEP

12288:YJYJ52YVzbwEPR5zmuoX3YDj/xuaUYWTj19AFRZNZttki:D2YVzbwiR5zmuoXoJu5DTj1yZNZTH

Score

N/A

Malware Config

Signatures

Files

87bfb881c1df1fa75d5d9c27c1c1bf1f8b43bac3aafedf4e88cfedab3b5cfd38
.exe windows x86

870310611540656d1fe91a0a3b02b758

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

exceptcatch

?SetExceptionCatcher@@YAXABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z

liveutlt

?gLoadString@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@J@Z
?GetExeFolder@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?NavigateURL@@YAHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?FormUrlEncode@@YAXAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?CreateObjectFromFile@@YAJABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAUIUnknown@@ABU_GUID@@2PAPAX@Z
?KillOtherQQLivePlayerApp@@YAHPB_W@Z
?RegistLocalInfo@@YAHXZ
?IsWinXPOrLater@@YAHXZ
?GetModuleFolder@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PAUHINSTANCE__@@@Z
?MinimizeMemory@@YAXXZ
?GetKeyValue@@YAHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0AAV12@@Z
?GetUserAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ

skin

?CreateSkinControl@@YAPAUHWND__@@PB_WPAU1@H@Z
?GetColorSchemeChangeMsg@CSkinBase@@SAIXZ
?LoadSkinFromFile@@YAHPB_W00@Z
?SetSkin@CSkinBase@@QAEJPB_W0@Z
?GetSkinColorScheme@@YAXAAH0@Z
?GetPicEx@@YAHPB_WAAPAUHBITMAP__@@AAUtagPOINT@@AAUtagSIZE@@H@Z
?SetSkinVar@@YAHPB_W0@Z
?GetLockSizeMsg@CSkinBase@@SAIXZ
?GetDrawMsg@CSkinBase@@SAIXZ
?GetSkinColor@@YAKPB_WH@Z
?GetOwnerRenderMsg@CSkinBase@@SAIXZ
?TransparentBlt2@@YAXPAUHDC__@@HHHH0HHHHI@Z
?GetSkinFont@@YAPAUHFONT__@@PB_W@Z
?SetSkinColorScheme@@YAXHH@Z
?HookColorSchemeChange@@YAHPAUHWND__@@H@Z
?SetWndSkin@@YAHPB_WPAUHWND__@@H@Z
?RenderRichText@@YAHPB_WPAUHDC__@@ABUtagRECT@@HPAUHWND__@@PAUHFONT__@@H@Z

xmlparser

?OutOfElem@CMarkup@@QAE_NXZ
?GetAttrib@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@Z
?SetDoc@CMarkup@@QAE_NPB_W@Z
?GetTagName@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetData@CMarkup@@QBE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
??1CMarkup@@UAE@XZ
??0CMarkup@@QAE@XZ
?FindElem@CMarkup@@QAE_NPB_W@Z
?IntoElem@CMarkup@@QAE_NXZ

mfc80u

ord3204
ord2534
ord1608
ord283
ord1156
ord2856
ord1611
ord2708
ord5911
ord4301
ord6721
ord2829
ord1536
ord2725
ord2531
ord5196
ord3331
ord1590
ord1646
ord4238
ord587
ord3198
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord2366
ord421
ord655
ord380
ord1472
ord5489
ord2697
ord2696
ord4574
ord3195
ord266
ord776
ord4256
ord3990
ord5199
ord1392
ord5908
ord2369
ord6720
ord3435
ord1542
ord1661
ord1662
ord2011
ord762
ord1908
ord5105
ord4884
ord5283
ord4729
ord1182
ord4206
ord1178
ord5178
ord1434
ord605
ord265
ord3635
ord1021
ord2651
ord5829
ord1883
ord3873
ord2364
ord5862
ord2121
ord5637
ord3483
ord5869
ord1079
ord6751
ord1271
ord3155
ord4109
ord1274
ord6140
ord6749
ord6700
ord282
ord1479
ord4026
ord3869
ord2361
ord4098
ord502
ord3281
ord2860
ord4232
ord5803
ord2155
ord2656
ord1785
ord4314
ord2648
ord5727
ord3157
ord354
ord5609
ord6063
ord3590
ord6279
ord5558
ord2261
ord6232
ord1866
ord1772
ord1784
ord5965
ord2260
ord2444
ord578
ord304
ord777
ord4100
ord3756
ord2362
ord3417
ord5867
ord1416
ord6219
ord6116
ord6278
ord2460
ord5398
ord314
ord1067
ord1220
ord5524
ord2788
ord620
ord3189
ord4882
ord3995
ord2081
ord347
ord602
ord1270
ord642
ord5633
ord3296
ord3208
ord4230
ord1549
ord1628
ord1058
ord3395
ord4117
ord334
ord2832
ord593
ord5562
ord5113
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord1123
ord5096
ord1007
ord3800
ord1139
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord5971
ord4535
ord3677
ord566
ord757
ord1121
ord1096
ord3327
ord3824
ord1925
ord1049
ord4475
ord384
ord629
ord5083
ord317
ord584
ord5320
ord416
ord651
ord741
ord4743
ord3176
ord2365
ord1386
ord386
ord631
ord2086
ord1582
ord2271
ord4234
ord2279
ord3925
ord3311
ord2749
ord3752
ord6277
ord4112
ord6276
ord3983
ord290
ord567
ord758
ord6033
ord2254
ord1561
ord1475
ord1924
ord2077
ord6262
ord1388
ord4093
ord2082
ord657
ord3223
ord4231
ord4101
ord3396
ord3224
ord2867
ord2876
ord326
ord5636
ord2083
ord2952
ord658
ord563
ord753
ord6251
ord3645
ord2225
ord1006
ord1921
ord1555
ord330
ord589
ord591
ord4228
ord1538
ord2080
ord4092
ord1474
ord1922
ord3424
ord3165
ord1959
ord3249
ord2340
ord6282
ord1086
ord1172
ord5316
ord3497
ord6293
ord1946
ord5327
ord4094
ord2085
ord3238
ord564
ord755
ord6003
ord1571
ord2070
ord370
ord618
ord1707
ord6284
ord2893
ord5319
ord287
ord1430
ord1535
ord1481
ord5360
ord4807
ord5660
ord4283
ord322
ord4242
ord586
ord3154
ord922
ord1427
ord5358
ord5645
ord4739
ord4160
ord1485
ord5361
ord5661
ord4799
ord4358
ord4704
ord4790
ord4957
ord4371
ord4370
ord4281
ord4788
ord4942
ord4194
ord4667
ord4510
ord4965
ord4474
ord4523
ord4964
ord4840
ord4495
ord4362
ord4433
ord5043
ord5147
ord4553
ord4267
ord4914
ord3338
ord4514
ord4438
ord4513
ord4292
ord4437
ord4908
ord6763
ord4784
ord5162
ord5910
ord4198
ord5202
ord4165
ord4775
ord1553
ord4172
ord4974
ord1610
ord4581
ord4380
ord4857
ord4395
ord4854
ord4123
ord4393
ord3734
ord2797
ord4375
ord4770
ord2711
ord4378
ord1351
ord3471
ord4373
ord410
ord3968
ord2411
ord2412
ord2415
ord2413
ord2414
ord3644
ord4126
ord1999
ord1293
ord4125
ord2560
ord4383
ord648
ord4668
ord4955
ord4501
ord4940
ord4643
ord4958
ord5047
ord577
ord4179
ord2638
ord5210
ord3943
ord4480
ord293
ord4255
ord745
ord2311
ord557
ord760
ord1176
ord572
ord3397
ord4716
ord3158
ord4276
ord1118
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord280
ord929
ord6271
ord5711
ord2255
ord927
ord931
ord2384
ord1894
ord6002
ord896
ord2404
ord5638
ord2388
ord774
ord1719
ord2394
ord899
ord2392
ord2390
ord2407
ord900
ord2402
ord2386
ord709
ord2409
ord501
ord4074
ord2397
ord2379
ord2381
ord4347
ord2399
ord2169
ord2163
ord6086
ord1513
ord3678
ord6273
ord3796
ord4119
ord6275
ord6061
ord764
ord909
ord581
ord1200
ord1162
ord1087
ord315
ord765
ord1198
ord3940
ord2640
ord1393
ord2527
ord4226
ord2985
ord5148
ord3712
ord1899
ord3713
ord5067
ord3400
ord3703
ord2239

msvcr80

_CxxThrowException
memset
_ultoa
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
memcpy
free
realloc
_resetstkoflw
memcpy_s
malloc
wcsncpy_s
_purecall
_recalloc
calloc
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
wcsncmp
memmove_s
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
_wtoi
wcstoul
towlower
swprintf_s
fwrite
fclose
_time64
_beginthreadex
fopen_s
wcscat_s
wcscpy_s
_vsnwprintf_s
_localtime64_s
__RTDynamicCast
wcstol
_wcsicmp
fopen
fread
ferror
ftell
fseek
__CxxFrameHandler3
_amsg_exit
__wgetmainargs
_cexit

kernel32

TerminateThread
ResetEvent
SetEvent
ResumeThread
GetExitCodeThread
Sleep
GlobalAddAtomW
GlobalAlloc
WritePrivateProfileStringW
LocalFree
LocalAlloc
WideCharToMultiByte
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary
GetVersion
LoadLibraryW
GetProcAddress
RaiseException
DeleteFileW
SetLastError
GetPrivateProfileIntW
EnterCriticalSection
LoadLibraryExW
MultiByteToWideChar
GetModuleFileNameW
lstrcmpiW
DeleteCriticalSection
GetFileAttributesW
InitializeCriticalSection
SizeofResource
GetModuleHandleW
InterlockedIncrement
LoadResource
GetLastError
lstrlenW
InterlockedDecrement
FindResourceW
lstrlenA
LeaveCriticalSection
HeapFree
GetProcessHeap
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedExchange
GetVersionExA
GetPrivateProfileStringW
GetTickCount
LockResource
CreateProcessW
SetFileAttributesW
CopyFileW
CreateEventW
CloseHandle
GlobalFree
WaitForSingleObject

user32

GetClientRect
CopyRect
SendMessageTimeoutW
ShowOwnedPopups
IsIconic
UnregisterClassA
FlashWindow
GetSysColor
SetParent
SetCapture
ReleaseCapture
IsWindowVisible
LoadCursorW
LoadIconW
DrawIcon
GetSystemMenu
IsZoomed
AppendMenuW
SetWindowRgn
GetKeyState
CheckMenuItem
ShowWindow
RemovePropW
UnregisterHotKey
EnableMenuItem
SetForegroundWindow
GetTopWindow
GetClassNameW
SystemParametersInfoW
RedrawWindow
ClipCursor
GetCapture
GetMenuItemInfoW
SetFocus
SetCursor
GetMessageW
TranslateMessage
DispatchMessageW
InvalidateRect
MessageBoxW
GetFocus
GetDC
RegisterHotKey
ReleaseDC
GetCursorPos
GetWindowRect
EnableWindow
PtInRect
KillTimer
GetWindow
MoveWindow
GetDesktopWindow
GetForegroundWindow
GetPropW
IsCharAlphaW
DrawIconEx
IsMenu
DestroyIcon
CreatePopupMenu
SendMessageW
LoadImageW
ScreenToClient
GetParent
RegisterWindowMessageW
SetRect
PostMessageW
SetPropW
OffsetRect
CharNextW
GetSystemMetrics
IsWindow
GetWindowLongW
InflateRect
SetWindowLongW
SetTimer

gdi32

GetDeviceCaps
StretchBlt
CreateRoundRectRgn
OffsetRgn
CombineRgn
CreateRectRgn
BitBlt
GetTextExtentPoint32W
CreateCompatibleBitmap
CreateFontW
CreateSolidBrush
DeleteObject
SelectObject
CreateCompatibleDC
Rectangle
Ellipse

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW

shell32

ShellExecuteW
Shell_NotifyIconW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_GetIconSize

ole32

CoRegisterClassObject
CoUninitialize
CoTaskMemRealloc
StringFromGUID2
CoRevokeClassObject
CoCreateInstance
CoInitialize
CoFreeLibrary
StringFromCLSID
CoTaskMemAlloc
CoLoadLibrary
CoTaskMemFree

oleaut32

RegisterTypeLi
SafeArrayLock
SafeArrayUnlock
SafeArrayCreate
SafeArrayRedim
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayCopy
SafeArrayGetVartype
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringByteLen
VariantChangeType
UnRegisterTypeLi
VariantCopy
VarBstrCmp
DispCallFunc
VariantInit
SysAllocStringLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocString
VariantClear
VarUI4FromStr
SysFreeString
GetErrorInfo

urlmon

URLDownloadToCacheFileW

gdiplus

GdipLoadImageFromFile
GdipDisposeImage
GdipFree
GdipAlloc
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectI
GdipCloneImage
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdiplusShutdown
GdiplusStartup
GdipGetImageWidth
GdipGetImageHeight

msvcp80

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z

log

?CheckFileExist@@YAHPB_W@Z
?DOLOG@@YAXPB_WZZ
?CreateAllDirectory@@YAHPB_W@Z
?StrToAddr@@YAHAAUsockaddr_in@@PB_WF@Z
?GetUserGuid@@YAXPADAAH@Z
?GetUserAppDataPath2@@YAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?CheckDirectoryExist@@YAHPB_W@Z
?ReportThirdPart@@YAXPB_W@Z

wininet

InternetCrackUrlW

ws2_32

WSAGetLastError
connect
ntohs
htonl
htons
closesocket
WSACleanup
socket
WSAStartup
setsockopt
sendto
send

proxy

??0CProxyTool@@QAE@XZ
?CreateProxyTCPSocket@CProxyTool@@QAEHAAIPB_WGAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
??1CProxyTool@@UAE@XZ
?GetUserProxySetting@CProxyTool@@QAEHAAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@AAG11@Z
?MakeUdpProxySendBuf@CProxyTool@@QAEHPAEH0AAHKG@Z
?CreateSocks5ProxyUDPSocket@CProxyTool@@QAEHAAI0AAUsockaddr_in@@PB_WG222GAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z

Sections

.text
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�B}
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

870310611540656d1fe91a0a3b02b758

Headers

File Characteristics

Imports

exceptcatch

liveutlt

skin

xmlparser

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

gdiplus

msvcp80

log

wininet

ws2_32

proxy

Sections

.text Size: 412KB - Virtual size: 408KB

.rdata Size: 152KB - Virtual size: 150KB

.data Size: 20KB - Virtual size: 23KB

.rsrc Size: 96KB - Virtual size: 95KB

�B} Size: 84KB - Virtual size: 84KB

.text
Size: 412KB - Virtual size: 408KB

.rdata
Size: 152KB - Virtual size: 150KB

.data
Size: 20KB - Virtual size: 23KB

.rsrc
Size: 96KB - Virtual size: 95KB

�B}
Size: 84KB - Virtual size: 84KB