f06432f4a71b6597a829820e476fa2b753516c7b8e610323e98a96d966b27d56

Sharing

Copy URL Twitter E-mail

General

Target

f06432f4a71b6597a829820e476fa2b753516c7b8e610323e98a96d966b27d56
Size

92KB
MD5

502a0654a2e8ba9d3ec524df8fb992f5
SHA1

b94a962541c7be2c359cd40bc55aa0fa2765143d
SHA256

f06432f4a71b6597a829820e476fa2b753516c7b8e610323e98a96d966b27d56
SHA512

f0fe88c467e7db4ed29074a91c33ab5632325fed329b8e050f8cec2d5137fba348e10bac58bf496dcf292019aaa7a4bcc23df56c9b8708065c3b9b856346227a
SSDEEP

1536:ZbC1aXWnnmPLVmXN2vgjFAj632z+yG1Nh5hy0BF6ExCFysY:xC1UKIm2vgjFi63gJkhy0BFcFy

Score

N/A

Malware Config

Signatures

Files

f06432f4a71b6597a829820e476fa2b753516c7b8e610323e98a96d966b27d56
.exe windows x86

7f64baa2902b81402f15a62076517a27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

vssupport

?OnOpenDocument@ZSptOleServerDoc@@UAEHPBG@Z
?OnSaveDocument@ZSptOleServerDoc@@MAEHPBG@Z
?GetDocObjectServer@ZSptOleServerDoc@@UAEPAVCDocObjectServer@@PAUIOleDocumentSite@@@Z
?ActivateInsideOut@ZSptOleServerDoc@@UAEHXZ
?GetQualifiedName@ZSptOleServerDoc@@UAEHPBGAAV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@@Z
?GetLogicalName@ZSptOleServerDoc@@UAEXAAV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@@Z
?OnGetTitle@ZSptOleServerDoc@@UAEXAAV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@@Z
?PrintPageHeader@ZSptOleServerDoc@@UAEXPAVCDC@@PAUCPrintInfo@@II@Z
?OnDocumentTags@ZSptOleServerDoc@@MAEJPAUIUnknown@@0PAGPANPAF2PAPAG@Z
?SaveFileAs@ZSptOleServerDoc@@MAEHXZ
?SaveFile@ZSptOleServerDoc@@MAEHPBG@Z
?OnFileSave@ZSptOleServerDoc@@UAEXXZ
?OnFileSaveAs@ZSptOleServerDoc@@UAEXXZ
?GetName@ZSptOleServerDoc@@MAEPAGXZ
?GetFullName@ZSptOleServerDoc@@MAEPAGXZ
?GetTitle@ZSptOleServerDoc@@MAEPAGXZ
?OnInitializeEx@ZSptOleServerDoc@@MAEJPAUIUnknown@@00PBGF@Z
?OnInitialize@ZSptOleServerDoc@@MAEXAAV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@@Z
?OnSetNetworkType@ZSptOleServerDoc@@MAEHJ@Z
?OnSetWindowTitle@ZSptOleServerDoc@@MAEHPBG@Z
?OnSetProjectCallback@ZSptOleServerDoc@@MAEHJJ@Z
?OnDocumentData@ZSptOleServerDoc@@MAEJPAUIUnknown@@0PAGPANPAF2PAPAG@Z
?GetThisClass@ZSptOleServerDoc@@SGPAUCRuntimeClass@@XZ
?OnSetWindowStyle@ZSptOleServerDoc@@MAEXPAF000PAJ@Z
?GetConnectionMap@ZSptOleServerDoc@@MBEPBUAFX_CONNECTIONMAP@@XZ
??1ZSptOleServerDoc@@UAE@XZ
??0ZSptOleServerDoc@@QAE@H@Z
?GetThisMessageMap@ZSptOleServerDoc@@KGPBUAFX_MSGMAP@@XZ
?GetThisDispatchMap@ZSptOleServerDoc@@KGPBUAFX_DISPMAP@@XZ
?GetThisClass@ZOleIPFrameWnd@@SGPAUCRuntimeClass@@XZ
?GetDocWindow@ZOleIPFrameWnd@@UBEPAVCFrameWnd@@XZ
?GetFrameWindow@ZOleIPFrameWnd@@UBEPAVCFrameWnd@@XZ
?BuildSharedMenu@ZOleIPFrameWnd@@UAEHXZ
?OnSetMessageString@ZOleIPFrameWnd@@MAEJIJ@Z
??1ZOleIPFrameWnd@@UAE@XZ
??0ZOleIPFrameWnd@@QAE@XZ
?PreTranslateMessage@ZOleIPFrameWnd@@UAEHPAUtagMSG@@@Z
?GetThisMessageMap@ZOleIPFrameWnd@@KGPBUAFX_MSGMAP@@XZ
??1ZWinApp@@UAE@XZ
?ExitInstance@ZWinApp@@UAEHXZ
?PreTranslateMessage@ZWinApp@@UAEHPAUtagMSG@@@Z
?FreeResourceDLL@ZWinApp@@MAEXXZ
?LoadResourceDllLibrary@ZWinApp@@MAEPAUHINSTANCE__@@PBG0@Z
?PopHourGlass@ZWinApp@@UAEHXZ
?PushHourGlass@ZWinApp@@UAEHXZ
?ExecutorData@ZWinApp@@UAEAAKXZ
?SectionName@ZWinApp@@UAEAAV?$CStringT@GV?$StrTraitMFC_DLL@GV?$ChTraitsCRT@G@ATL@@@@@ATL@@XZ
?LoadResourceDLL@ZWinApp@@UAEHPBG@Z
?WinHelpW@ZWinApp@@UAEXKI@Z
?DoMessageBox@ZWinApp@@UAEHPBGII@Z
?Run@ZWinApp@@UAEHXZ
?GetRuntimeClass@ZWinApp@@UBEPAUCRuntimeClass@@XZ
??0ZWinApp@@QAE@KPBG@Z
?ZWASetRegistryKey@ZWinApp@@IAEXPBG@Z
?InitInstance@ZWinApp@@UAEHXZ
?OnHelp@ZWinApp@@QAEXXZ
?GetInterfaceMap@ZSptOleServerDoc@@MBEPBUAFX_INTERFACEMAP@@XZ
?ShutDownApp@ZSptOleServerDoc@@QAEXXZ

saproject

ord7

cmnshr

?GetBool@ZPref@@SAHPBGH@Z
?WriteBool@ZPref@@SAXPBGH@Z
?WriteWindowRect@ZPref@@SAXPBGUtagRECT@@@Z
?SectionName@ZPref@@SAXPBG@Z
?GetWindowRect@ZPref@@SA?AUtagRECT@@PBGABU2@@Z

mfc71u

ord6247
ord1142
ord5096
ord287
ord2700
ord1220
ord1616
ord956
ord3641
ord1182
ord1178
ord1189
ord1176
ord764
ord762
ord1079
ord4119
ord2366
ord1894
ord2077
ord5911
ord1611
ord1608
ord3940
ord1393
ord4226
ord5148
ord1899
ord5067
ord6271
ord4179
ord5210
ord3397
ord4716
ord4276
ord1591
ord5956
ord920
ord925
ord929
ord927
ord931
ord2404
ord2388
ord2407
ord2402
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord2985
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4255
ord3158
ord572
ord587
ord3459
ord5170
ord732
ord620
ord3734
ord4438
ord4437
ord4784
ord4198
ord4775
ord4974
ord4165
ord4172
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord5910
ord4238
ord5147
ord5200
ord3338
ord1351
ord4267
ord2413
ord2414
ord2412
ord2411
ord2651
ord1785
ord4581
ord4656
ord3523
ord3901
ord313
ord3946
ord5829
ord3079
ord393
ord3753
ord1117
ord266
ord265
ord3678
ord1545
ord3189
ord5406
ord3451
ord1287
ord462
ord4702
ord5454
ord4247
ord4851
ord4737
ord4703
ord4841
ord1945
ord1663
ord4496
ord4803
ord4888
ord4910
ord4363
ord4329
ord4326
ord4911
ord4455
ord4989
ord5600
ord4021
ord2541
ord2998
ord4916
ord3096
ord6241
ord5461
ord973
ord3029
ord3380
ord2819
ord4561
ord2610
ord2616
ord6234
ord2007
ord5153
ord5590
ord1371
ord5408
ord4254
ord1917
ord4216
ord3034
ord2762
ord2831
ord4476
ord4264
ord677
ord1139
ord5439
ord998
ord1123
ord2132
ord444
ord4286
ord4543
ord4533
ord4548
ord4538
ord4835
ord2823
ord1949
ord5494
ord4305
ord2237
ord1904
ord2609
ord5003
ord5006
ord4303
ord4129
ord2933
ord4898
ord940
ord5355
ord2419
ord2418
ord4016
ord3939
ord5144
ord2164
ord1297
ord4271
ord5161
ord4259
ord751
ord468
ord562
ord694
ord5373
ord4296
ord3642
ord2365
ord3460
ord5352
ord4013
ord5201
ord395
ord635
ord1946
ord4293
ord3635
ord3677
ord5119
ord3249
ord334
ord593
ord701
ord5529
ord5209
ord5178
ord4206
ord4729
ord4884
ord4574
ord2011
ord1662
ord1661
ord5908
ord1392
ord5199
ord4256
ord3176
ord354
ord605
ord4032
ord4008
ord6272
ord3795
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord2832
ord4475
ord490
ord5379
ord4025
ord5113
ord1488
ord1198
ord5995
ord547
ord1121
ord4467
ord4463
ord4461
ord3204
ord1925
ord3198
ord1271
ord6058
ord3534
ord4852
ord2990
ord4875
ord4817
ord4822
ord4827
ord4579
ord4551
ord4732
ord4906
ord5011
ord4798
ord4504
ord4865
ord4878
ord4387
ord4973
ord3906
ord2854
ord2936
ord4479
ord488
ord706
ord4512
ord5637
ord5636
ord502
ord326
ord4369
ord1086
ord5489
ord3264
ord380
ord5217
ord2159
ord1536
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord1547
ord2415
ord6063
ord870
ord577
ord280
ord1479
ord2895
ord282
ord2926
ord6111
ord3756
ord777
ord2468
ord293
ord283
ord3755
ord1118
ord2310
ord900
ord899
ord776
ord774
ord2751
ord4886
ord5380
ord4481
ord4519
ord2042
ord2736
ord5492
ord5931
ord6039
ord2986
ord1548
ord5118
ord1542
ord4320
ord1007

msvcr71

_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_putws
wcschr
wcsncpy
free
wcscpy
wcslen
wcstombs
strcpy
_vsnprintf
mbstowcs
wcsrchr
wcscat
_vsnwprintf
_except_handler3
memset
_wcsicmp
_wsplitpath
__CxxFrameHandler
memcpy

kernel32

ExitProcess
GetStartupInfoW
GetModuleHandleA
LoadLibraryA
GetProcAddress
QueryPerformanceCounter
GetCurrentThreadId
OutputDebugStringW
GetLongPathNameW
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameW
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetSystemTimeAsFileTime
GetVersionExA
GetCurrentProcessId

user32

GetWindowRect
GetClientRect
RedrawWindow
GetParent
HideCaret
ShowCaret
EnableWindow
SendMessageW
RegisterWindowMessageW
CopyRect
EqualRect
GetKeyState
GetMenu
SetMenu
EndDialog
SetForegroundWindow
PostMessageW

gdi32

Rectangle
CreateFontIndirectW

advapi32

ReportEventW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegisterEventSourceW
RegCloseKey
DeregisterEventSource
RegOpenKeyExW

ole32

CoInitializeSecurity

oleaut32

SysAllocString
SysAllocStringLen
SysStringLen
SysFreeString

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tmpnwia
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7f64baa2902b81402f15a62076517a27

Headers

File Characteristics

Imports

vssupport

saproject

cmnshr

mfc71u

msvcr71

kernel32

user32

gdi32

advapi32

ole32

oleaut32

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 40KB - Virtual size: 40KB

tmpnwia Size: - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 40KB - Virtual size: 40KB

tmpnwia
Size: - Virtual size: 4KB