c5afb85d44cacf221548e66886a1a04abea1c180dd6814b18351017ef61f27fb

Sharing

Copy URL Twitter E-mail

General

Target

c5afb85d44cacf221548e66886a1a04abea1c180dd6814b18351017ef61f27fb
Size

1.4MB
MD5

632e8cb41015da352cff68ce3ad8e413
SHA1

e0024e96e926c1ff198a6f5e295b947a706f8ffd
SHA256

c5afb85d44cacf221548e66886a1a04abea1c180dd6814b18351017ef61f27fb
SHA512

1738b2503355a65f722b20f84517be69a045e0fcd5bd525352c24f1e7e8e805997bce9780f27dc193ed71e53a75580dfb758449371c12086494d3937c8b680fd
SSDEEP

12288:rB/FCqUssm9J+AEaMBFo8aEPXLwCZ0i5h8LImi0H17bnjImwYAOxjpI:rPissm3EPFFv8Mmi0VXjIFYC

Score

N/A

Malware Config

Signatures

Files

c5afb85d44cacf221548e66886a1a04abea1c180dd6814b18351017ef61f27fb
.exe windows x86

f324649054aef051fb2f99e8028097bc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

npscomnctrl

?DrawStrechPNG@NPSGdiPlusUtil@@YAHPAVCDC@@PAVBitmap@Gdiplus@@HHHHHHHH@Z
?NPSSkinApplyNewThreads@@YAXH@Z
?NPSSkinApplyWindow@@YAXPAUHWND__@@@Z
?Uninitialize@NPSGdiPlusUtil@@YAXXZ
?SetThreadLocaleEx@@YAHK@Z
?Initialize@NPSGdiPlusUtil@@YAXXZ
?Initialize@CWndShadow@@SA_NPAUHINSTANCE__@@@Z
?NPSMessageBox@@YAHPAUHWND__@@PB_W1I@Z
?InitNPSSkinManager@@YAXPB_W0@Z
?LoadBitmapFromResource@NPSGdiPlusUtil@@YAPAVBitmap@Gdiplus@@PAUHINSTANCE__@@PB_W1@Z

flashdll

FlashInit

mfc80u

ord2311
ord3943
ord1899
ord2638
ord5144
ord3703
ord4238
ord3713
ord1393
ord3712
ord3939
ord776
ord2527
ord1608
ord2640
ord1611
ord1271
ord2534
ord5911
ord2856
ord6721
ord3204
ord2708
ord1548
ord5631
ord4301
ord2829
ord3198
ord2725
ord2531
ord3103
ord5196
ord1590
ord1646
ord5917
ord1647
ord5715
ord1955
ord3296
ord1353
ord2418
ord3642
ord1894
ord4961
ord2419
ord4267
ord5170
ord1351
ord3338
ord4276
ord5210
ord5067
ord5147
ord3940
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord3561
ord4393
ord4395
ord4380
ord544
ord4770
ord732
ord4175
ord4166
ord4974
ord3666
ord4775
ord4198
ord4784
ord4437
ord4438
ord4585
ord3734
ord572
ord760
ord501
ord709
ord2255
ord3157
ord2066
ord4314
ord1248
ord3281
ord5558
ord860
ord280
ord3678
ord6086
ord2651
ord2155
ord4255
ord1086
ord6063
ord5171
ord5148
ord2424
ord3590
ord4026
ord5485
ord4100
ord6161
ord2261
ord2260
ord4078
ord3990
ord265
ord774
ord266
ord6015
ord777
ord6002
ord2460
ord1908
ord5398
ord3196
ord2742
ord2745
ord2749
ord2752
ord3144
ord2271
ord2885
ord2279
ord2886
ord2880
ord2881
ord2569
ord2570
ord894
ord4088
ord3925
ord5711
ord1451
ord2461
ord2282
ord899
ord386
ord631
ord557
ord745
ord2121
ord1476
ord896
ord1479
ord282
ord1472
ord4101
ord5524
ord6700
ord6061
ord1002
ord1003
ord558
ord746
ord5434
ord4475
ord2832
ord5562
ord5209
ord287
ord5226
ord4562
ord3942
ord5222
ord3395
ord3842
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord334
ord1007
ord593
ord3800
ord5579
ord5221
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord3824
ord4032
ord3176
ord1121
ord354
ord4256
ord1117
ord605
ord1049
ord5199
ord1392
ord4028
ord3635
ord5908
ord5971
ord6720
ord4025
ord1542
ord2011
ord1661
ord1662
ord547
ord4574
ord1058
ord4884
ord4729
ord956
ord4206
ord5178
ord1155
ord4461
ord4463
ord3677
ord2239
ord566
ord757
ord3327
ord2762
ord3034
ord4216
ord1913
ord4733
ord4846
ord4251
ord5491
ord2736
ord5408
ord1370
ord5588
ord5152
ord2042
ord2007
ord6234
ord2615
ord2608
ord4560
ord3444
ord3639
ord368
ord616
ord4699
ord4258
ord4476
ord6039
ord5930
ord587
ord1785
ord1547
ord4581
ord2414
ord5518
ord4112
ord2413
ord2310
ord2415
ord2412
ord3459
ord2411
ord3641
ord5200
ord5910
ord6763
ord4172
ord4165
ord393
ord4382
ord6764
ord2077
ord1536
ord4226
ord2985
ord3158
ord5609
ord310
ord6172
ord6166
ord6160
ord629
ord2897
ord383
ord2086
ord1582
ord4234
ord744
ord556
ord1545
ord3311
ord1443
ord6306
ord4480
ord1634
ord1572
ord2468
ord3286
ord4074
ord5091
ord5489
ord2697
ord2696
ord4347
ord3195
ord715
ord3189
ord620
ord380
ord5984
ord6087
ord2648
ord3155
ord5829
ord1571
ord5713
ord3508
ord3861
ord5444
ord3192
ord6747
ord564
ord755
ord5327
ord6003
ord6293
ord2348
ord3249
ord2340
ord6282
ord1172
ord5316
ord5484
ord5083
ord313
ord1189
ord6284
ord1430
ord384
ord421
ord655
ord1146
ord531
ord723
ord2265
ord1000
ord5441
ord1105
ord5433
ord2366
ord2713
ord4259
ord1416
ord6271
ord758
ord1118
ord577
ord4179
ord567
ord2365
ord2164
ord1925
ord1297
ord5630
ord1959
ord283
ord3397
ord4716
ord4271
ord3756
ord1591
ord5956
ord4109
ord5231
ord6033
ord5229
ord5727
ord920
ord5638
ord925
ord2254
ord929
ord4293
ord927
ord931
ord2384
ord2237
ord2404
ord1904
ord2388
ord2609
ord2394
ord5003
ord2392
ord5006
ord2390
ord293
ord4303
ord2407
ord4129
ord2402
ord4119
ord2933
ord2386
ord5161
ord2409
ord3079
ord762
ord2397
ord1148
ord2379
ord1079
ord2381
ord1135
ord2399
ord1119
ord2169
ord1450
ord2163
ord1513
ord6273
ord940
ord3796
ord5352
ord6275
ord2986
ord3339
ord1182
ord1176
ord578
ord1178
ord764
ord1198
ord5220
ord741

msvcr80

_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_vsnwprintf
_vswprintf
_purecall
wcsftime
_localtime64_s
_time64
_wtoi64
_wtol
swscanf_s
sprintf
_wcsicmp
_initterm_e
_wcsdup
calloc
_wcsnicmp
wcsncmp
free
_wcslwr_s
malloc
wcstol
iswdigit
??0exception@std@@QAE@XZ
memmove_s
towupper
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
wcsstr
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
?what@exception@std@@UBEPBDXZ
wcsncpy
wcschr
??0exception@std@@QAE@ABQBD@Z
rand
srand
_wtoi
_vsnwprintf_s
memcpy_s
strstr
memcpy
_crt_debugger_hook
wcstoul
__CxxFrameHandler3
_CxxThrowException
memset
?_type_info_dtor_internal_method@type_info@@QAEXXZ

kernel32

GetSystemDefaultLCID
GetVersionExW
SetCommTimeouts
SetupComm
EscapeCommFunction
CreateEventW
WriteFile
WaitForSingleObject
GetCurrentProcessId
InterlockedDecrement
GetTickCount
CreateDirectoryW
DeleteFileW
FormatMessageW
LocalFree
WritePrivateProfileStringW
GetStartupInfoW
GetModuleFileNameW
CreateMutexW
ReleaseMutex
OutputDebugStringW
lstrlenW
WideCharToMultiByte
HeapFree
GetProcessHeap
SetEvent
CreateThread
InitializeCriticalSection
DeleteCriticalSection
TerminateThread
EnterCriticalSection
LeaveCriticalSection
GetExitCodeThread
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFilePointer
GetFileSize
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
Sleep
ReadFile
MultiByteToWideChar
CloseHandle
CreateFileW
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetLastError
SetCommState

user32

SetTimer
KillTimer
GetWindowThreadProcessId
LoadBitmapW
GetClientRect
CopyRect
GetActiveWindow
ClientToScreen
ReleaseCapture
SetCapture
AdjustWindowRectEx
SetRect
GetSystemMenu
SetWindowRgn
DeleteMenu
SetLayeredWindowAttributes
GetWindowLongW
SetMenu
SetWindowLongW
GetWindowRect
OffsetRect
InvalidateRect
SendMessageW
PtInRect
LoadIconW
RedrawWindow
EnableWindow
wsprintfW
DestroyMenu
PostMessageW
RegisterWindowMessageW
IsWindow
UpdateWindow
ShowScrollBar
DefWindowProcW

gdi32

CreatePen
DeleteObject
CreateRectRgnIndirect
CreateRectRgn
CreateFontW
CreateSolidBrush
SelectObject

advapi32

RegCreateKeyExW
RegEnumValueA
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegSetValueExW

shell32

SHGetFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathIsDirectoryW
PathAddBackslashW
StrFormatByteSizeW
PathRemoveFileSpecW
PathAppendW

ole32

CoTaskMemFree
CoCreateGuid
OleRun
CoCreateInstance

oleaut32

GetErrorInfo
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayUnlock
SafeArrayLock
SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysAllocString
SafeArrayCopy
SafeArrayGetVartype
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
VariantInit
VariantClear
SafeArrayDestroy

urlmon

FindMimeFromData

toolkitpro1112vc80u

??0CXTPBufferDC@@QAE@AAVCPaintDC@@@Z
?LoadFrame@?$CXTPFrameWndBase@VCFrameWnd@@@@UAEHIKPAVCWnd@@PAUCCreateContext@@@Z
?OnSetPreviewMode@?$CXTPFrameWndBase@VCFrameWnd@@@@UAEXHPAUCPrintPreviewState@@@Z
??1CXTPFrameWnd@@UAE@XZ
?GetThisClass@CXTPFrameWnd@@SGPAUCRuntimeClass@@XZ
??0CXTPWindowRect@@QAE@PBVCWnd@@@Z
??0CXTPFrameWnd@@QAE@XZ
?PreTranslateMessage@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@MAEHPAUtagMSG@@@Z
??0CXTPOffice2007FrameHook@@QAE@XZ
?OnHookMessage@CXTPOffice2007FrameHook@@MAEHPAUHWND__@@IAAIAAJ2@Z
??1CXTPOffice2007FrameHook@@UAE@XZ
??0CXTPClientRect@@QAE@PBVCWnd@@@Z
?OnWndMsg@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@MAEHIIJPAJ@Z
??0CXTPBufferDC@@QAE@PAUHDC__@@ABVCRect@@@Z
??1CXTPBufferDC@@UAE@XZ

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipCreateFromHDC
GdipDrawImagePointRectI

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

wininet

HttpSendRequestExW
InternetSetOptionW
HttpOpenRequestA
HttpAddRequestHeadersA
InternetWriteFile
HttpEndRequestW
InternetReadFile
InternetQueryDataAvailable
InternetSetFilePointer
InternetCloseHandle
InternetOpenUrlW
InternetOpenW
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW

dump

?RegisterCrashHandler@@YAHPB_W0@Z

ws2_32

gethostname
inet_ntoa
WSACleanup
gethostbyname
WSAStartup

Sections

.text
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f324649054aef051fb2f99e8028097bc

Headers

File Characteristics

Imports

npscomnctrl

flashdll

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

toolkitpro1112vc80u

gdiplus

msvcp80

wininet

dump

ws2_32

Sections

.text Size: 188KB - Virtual size: 184KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 4KB - Virtual size: 22KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.text Size: 116KB - Virtual size: 116KB

.text
Size: 188KB - Virtual size: 184KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 4KB - Virtual size: 22KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.text
Size: 116KB - Virtual size: 116KB