195a4f974192e251e56788f396199e02305875ca86a5dba9f4800f32dc6ec233

Sharing

Copy URL

Twitter E-mail

General

Target

195a4f974192e251e56788f396199e02305875ca86a5dba9f4800f32dc6ec233
Size

142KB
MD5

71544bb372f1a3d829df9ffd1195a93c
SHA1

94173b2b2fcf6b5f5f0c254ba087d88814ebd953
SHA256

195a4f974192e251e56788f396199e02305875ca86a5dba9f4800f32dc6ec233
SHA512

208113dcb9c2ad777d6010c812b8c8a3189ca4b8ed3393bd6f70780c3b64552dadbd672e6c7f0ce94b440a7d554bd98698f159a42f1e691491f7a3d0f8e7bf81
SSDEEP

3072:QuG3Lq8CqS77dP4+6D63oj+dZp8Ik7C76KHp/x:NG3LqLl77dPUD63gEZp5kmxHp/x

Score

N/A

Malware Config

Signatures

Files

195a4f974192e251e56788f396199e02305875ca86a5dba9f4800f32dc6ec233
.exe windows x86

57efa6943758973574bb90ad35ddb579

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2722
ord2721
ord1127
ord6238
ord1897
ord4215
ord2576
ord3649
ord2430
ord2858
ord1637
ord2854
ord2371
ord2857
ord6466
ord6896
ord6688
ord3991
ord6898
ord2520
ord3281
ord609
ord692
ord6882
ord3516
ord2810
ord6398
ord1144
ord6266
ord1635
ord2445
ord5706
ord5679
ord1651
ord4369
ord4846
ord3379
ord482
ord2397
ord2519
ord3296
ord384
ord686
ord1863
ord548
ord2385
ord1934
ord4267
ord5255
ord3995
ord6004
ord3394
ord3729
ord3298
ord3909
ord1834
ord4237
ord620
ord2715
ord2382
ord3054
ord5094
ord5097
ord4298
ord3345
ord5006
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord674
ord794
ord796
ord807
ord3476
ord795
ord2970
ord3865
ord4407
ord6191
ord5906
ord975
ord6456
ord3133
ord4158
ord6487
ord554
ord529
ord527
ord366
ord5867
ord6063
ord5996
ord6616
ord6561
ord6611
ord6617
ord4451
ord5296
ord5248
ord5848
ord2606
ord2225
ord942
ord693
ord3289
ord2719
ord6865
ord4394
ord3625
ord682
ord2455
ord4270
ord3621
ord2406
ord3688
ord3568
ord3701
ord1634
ord2572
ord3397
ord567
ord640
ord2442
ord4616
ord4128
ord4292
ord5784
ord472
ord283
ord5782
ord5732
ord1633
ord323
ord535
ord1197
ord1196
ord4155
ord1263
ord1226
ord6330
ord3716
ord2293
ord2294
ord6193
ord3087
ord1264
ord6665
ord4078
ord6770
ord2567
ord4390
ord3569
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord2637
ord6195
ord1900
ord4709
ord1683
ord5284
ord4433
ord2046
ord4425
ord496
ord771
ord4254
ord1008
ord4282
ord5155
ord5156
ord5154
ord4899
ord4736
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord4970
ord491
ord2638
ord656
ord3870
ord3605
ord1899
ord489
ord768
ord4253
ord2574
ord4396
ord3365
ord3635
ord3993
ord547
ord3297
ord5264
ord1561
ord1173
ord5228
ord3998
ord538
ord303
ord3636
ord3366
ord4717
ord4279
ord4426
ord1719
ord3743
ord5286
ord5236
ord4397
ord1768
ord6051
ord4103
ord4955
ord4958
ord4518
ord4523
ord4520
ord4537
ord4539
ord4525
ord4884
ord4343
ord4335
ord5070
ord4886
ord4364
ord4893
ord4582
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord800
ord296
ord617
ord3658
ord5214
ord2644
ord1662
ord4583
ord2575
ord813
ord4526
ord5249
ord4239
ord1841
ord338
ord652
ord4420
ord4617
ord6171
ord6076
ord3193
ord3449
ord4381
ord2391
ord4852
ord4947
ord5649
ord3167
ord5573
ord1739
ord5736
ord5239
ord2534
ord2502
ord6332
ord3060
ord3053
ord4690
ord4817
ord858
ord4414
ord4233
ord1817
ord5208
ord861
ord940
ord1229
ord2613
ord6113
ord520
ord986
ord6211
ord2362
ord956
ord5977
ord2621
ord2634
ord561
ord2717
ord815
ord3733
ord897
ord4418
ord1143
ord2859
ord1172
ord1165
ord823
ord825
ord4229
ord324
ord540
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord1569
ord5710
ord5285
ord5059
ord3744
ord6372
ord5303
ord4692
ord4074
ord5674
ord5298
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord4269
ord4604
ord2244
ord4606

msvcrt

_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_c_exit
_wcsicmp
swscanf
wcsstr
wcscat
rand
_CxxThrowException
_wcsnset
_snwprintf
wcsrchr
wcscpy
swprintf
wcsncpy
_ftol
_purecall
wcslen
wcsncmp
wcschr
wcscmp
time
srand
free
_wcsdup
__CxxFrameHandler
_exit
iswalpha

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
ConvertSidToStringSidW
OpenThreadToken
OpenProcessToken
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
CopySid
GetLengthSid
IsValidSid
GetTokenInformation

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
CopyFileW
FindFirstFileW
FindNextFileW
FindClose
WaitForSingleObject
MoveFileW
GetFileAttributesW
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
GetNumberFormatW
GetLocaleInfoW
GetTempPathW
GetCurrentProcessId
CreateFileW
GetTickCount
FormatMessageW
LocalFree
GetVersionExW
lstrlenW
lstrcpyW
GetModuleFileNameW
DeleteFileW
GetModuleHandleA
CreateThread
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateEventW
LeaveCriticalSection
EnterCriticalSection
SetEvent
GetProfileIntW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
LoadLibraryA
GetVersion
GetSystemTime
GetUserDefaultUILanguage
GetStringTypeExW
IsValidLanguageGroup
GetTimeFormatW
HeapAlloc
GetProcessHeap
HeapFree
ExpandEnvironmentStringsW
GetDateFormatW
GetComputerNameW
CreateDirectoryW
ReadFile
GetCurrentThread
GetStartupInfoW

gdi32

CreateRectRgnIndirect
GetTextExtentPoint32W
DeleteObject

user32

DrawTextW
LoadStringW
WinHelpW
DispatchMessageW
TranslateMessage
GetMessageW
MsgWaitForMultipleObjects
GetParent
MessageBeep
GetWindowContextHelpId
GetDlgItem
EndDialog
DialogBoxParamW
SetDlgItemTextW
PostMessageW
FindWindowW
IsIconic
UpdateWindow
FillRect
CopyRect
GetCursorPos
GetWindowRect
GetMenuItemCount
SendDlgItemMessageW
DeleteMenu
SetActiveWindow
SetCapture
GetLastActivePopup
SetForegroundWindow
EnableWindow
PtInRect
IsWindow
LoadImageW
GetWindowLongW
SetWindowLongW
GetSysColor
GetMessagePos
SetCursor
InvalidateRect
GetDC
ScreenToClient
ClientToScreen
LoadMenuW
GetSubMenu
SendMessageW
SetProcessDefaultLayout
DefWindowProcW
ReleaseCapture
SetWindowPos
SetFocus
UnregisterClassW
LoadIconW
LoadCursorW

fxsapi

FaxGetArchiveConfigurationW
FaxRefreshArchive
FaxGetSenderInformation
FaxFreeSenderInformation
FaxSetSenderInformation
FaxGetRecipientInfoW
FaxGetSenderInfoW
FaxGetMessageTiffW
FaxSetJobW
FaxFreeBuffer
FaxRemoveMessage
FaxEndMessagesEnum
FaxEnumMessagesW
FaxStartMessagesEnum
FaxGetMessageW
FaxEnumJobsExW
FaxGetJobExW
FaxConnectFaxServerW
FaxClose
FaxUnregisterForServerEvents
FaxRegisterForServerEvents
FaxGetQueueStates
FaxAccessCheckEx

fxstiff

GetW2kMsTiffTags
TiffAddMsTags
TiffPrintDC
FreeMsTagInfo

comdlg32

GetSaveFileNameW
GetOpenFileNameW

ole32

CoInitialize
OleUninitialize
OleInitialize
CoCreateInstance

shell32

ord259
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
SHFileOperationW
ShellExecuteExW
ord258
ShellAboutW

winspool.drv

EnumPrintersW

comctl32

ImageList_Destroy
ImageList_LoadImageW

fxsclntr

GetResourceHandle

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

XOR
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

57efa6943758973574bb90ad35ddb579

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

msvcp60

advapi32

kernel32

gdi32

user32

fxsapi

fxstiff

comdlg32

ole32

shell32

winspool.drv

comctl32

fxsclntr

Sections

.text Size: 123KB - Virtual size: 122KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 12KB

XOR Size: 2KB - Virtual size: 2KB

.text
Size: 123KB - Virtual size: 122KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 12KB

XOR
Size: 2KB - Virtual size: 2KB