6e2142f95a7d06915cdc325e0a2d7a764eb8f88379b442617d2cc28d51673ebd

Sharing

Copy URL Twitter E-mail

General

Target

6e2142f95a7d06915cdc325e0a2d7a764eb8f88379b442617d2cc28d51673ebd
Size

256KB
MD5

612924f0a0f9941f73a9ed07c3ecadd5
SHA1

9afbe5488c38085e0010705d2ea5a472b885b710
SHA256

6e2142f95a7d06915cdc325e0a2d7a764eb8f88379b442617d2cc28d51673ebd
SHA512

7b144bb7b77cd545320855514ab00c16dbe74c850b47121655275b6c8a22bfc2ce703cfac43e92af5241513eed0784b1cac246af621c9018f2715398b83c9875
SSDEEP

3072:TQQk55eKZB7u+HNMFKRoVoiUqkKMxa6JdXWrTkn1GO5Re6lbv5LxZwBWFailDDek:Tw55noqiUKRGQk1GO5R3TZwBOak+a

Score

N/A

Malware Config

Signatures

Files

6e2142f95a7d06915cdc325e0a2d7a764eb8f88379b442617d2cc28d51673ebd
.exe windows x86

b054e24d3272da17829a29fc100f67ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

ws2_32

WSAStartup
htonl
closesocket
htons

kernel32

GetTempFileNameW
GetTempPathW
CreateDirectoryW
lstrlenW
GetModuleFileNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
DeleteFileW
CloseHandle
ReadFile
SetFilePointer
GetFileSize
CreateFileW
WriteFile
UnmapViewOfFile
GetLastError
CreateEventA
SetEvent
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateEventW
TerminateThread
WaitForSingleObject
ResetEvent
DeleteCriticalSection
Sleep
CreateProcessW
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
MultiByteToWideChar
FlushInstructionCache
GetCurrentProcess
SetLastError
OpenProcess
lstrlenA
lstrcmpiA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcessId
CreateThread
GetModuleHandleW
GetCurrentThreadId
GetCommandLineW
SetUnhandledExceptionFilter
RaiseException
GetThreadLocale
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetACP
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
GetStartupInfoW
UnhandledExceptionFilter
GetLocaleInfoA
InterlockedExchange
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
WaitForMultipleObjects

user32

UnregisterClassA
PostQuitMessage
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
PostMessageW
DestroyWindow
SetWindowLongW
SendMessageW
SetTimer
KillTimer
SendMessageTimeoutW
GetWindowThreadProcessId
DefWindowProcW
FindWindowW
RegisterClassExW
GetWindowLongW
CallWindowProcW
GetDesktopWindow
GetMessageW
PostThreadMessageW
CharNextW
CharUpperW
LoadCursorW
GetClassInfoExW
CreateWindowExW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantCopy

atl80

ord43
ord44
ord32
ord30
ord58
ord23
ord61
ord31
ord17
ord18
ord22
ord64
ord20

msvcp80

??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
??0?$allocator@_W@std@@QAE@XZ
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0ABV12@@Z
??0?$allocator@D@std@@QAE@XZ
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ

wininet

InternetCrackUrlA

msvcr80

malloc
_resetstkoflw
wcsrchr
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
__wgetmainargs
_wtoi
_cexit
_beginthreadex
_itoa
_purecall
_vsnwprintf_s
memcpy_s
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
srand
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_wcsicmp
calloc
??3@YAXPAX@Z
??_V@YAXPAX@Z
_CxxThrowException
memcpy
memset
__CxxFrameHandler3
swprintf_s
_recalloc
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_snwprintf
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
memmove_s
_snprintf
rand
free

qqmusiccommon

?Log@qqmusic@@YAXPB_W0ZZ

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b054e24d3272da17829a29fc100f67ea

Headers

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl80

msvcp80

wininet

msvcr80

qqmusiccommon

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 96KB - Virtual size: 96KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 96KB - Virtual size: 96KB