d63de32bfef724e0b981035042f221f0acaf8b42c1d2e9e6119bc3e67c19e7f2

Sharing

Copy URL Twitter E-mail

General

Target

d63de32bfef724e0b981035042f221f0acaf8b42c1d2e9e6119bc3e67c19e7f2
Size

401KB
MD5

39211800b1b3f3ade43a1ceff1a45f9d
SHA1

af8416585e4a81f0cc7c386988d429257a24866a
SHA256

d63de32bfef724e0b981035042f221f0acaf8b42c1d2e9e6119bc3e67c19e7f2
SHA512

8d97d574cba88568240c3630492899e74929b1d1e19a4d9d20e9f7fbcb9a6ed55d4d77f7c6fc220a44bf74d85e18917349f0cc273303bd350cd5c0499c29d27c
SSDEEP

6144:k5nhlM6MH+iBwtwpjXnXuZHSBO/EcWfru5IPjov4csT6WcPVc:k5hluH+htwNnqHSfuOovtW6rc

Score

N/A

Malware Config

Signatures

Files

d63de32bfef724e0b981035042f221f0acaf8b42c1d2e9e6119bc3e67c19e7f2
.exe windows x86

857c7fa65d340f7454a0fbd8c593fca2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shfolder

SHGetFolderPathW

eraser

_eraserGetDataType@8
_eraserProgGetCurrentDataString@12
_eraserProgGetMessage@12
_eraserDispFlags@8
_eraserProgGetPercent@8
_eraserProgGetTotalPercent@8
_eraserProgGetCurrentPass@8
_eraserProgGetPasses@8
_eraserProgGetTimeLeft@8
_eraserRemoveFolder@12
_eraserTerminated@8
_eraserFailedCount@8
_eraserErrorStringCount@8
_eraserShowReport@8
?Close@CFileLockResolver@@QAEXXZ
_eraserDestroyContext@4
_eraserShowOptions@8
_eraserGetFreeDiskSpace@12
??0CFileLockResolver@@QAE@H@Z
??1CFileLockResolver@@QAE@XZ
_eraserIsRunning@8
_eraserStatGetWiped@8
_eraserStatGetArea@8
_eraserStatGetTime@8
?IsProtected@CSecurityManager@@SA_NXZ
?ClearProtection@@YA_NXZ
?SetProtection@@YA_NXZ
_eraserStart@4
?GetLibSettings@COptionsForFiles@@QAEPAULibrarySettings@@XZ
?saveLibrarySettings@@YA_NPAULibrarySettings@@@Z
_eraserCompleted@8
_eraserErrorString@16
_eraserFailedString@16
_eraserCreateContextEx@16
?create@COptionsForFiles@@SAPAV1@XZ
?loadLibrarySettings@@YA_NPAULibrarySettings@@@Z
?IsProcessElevated@@YA_NPAX@Z
?no_registry@@3_NA
?CheckAccess@@YA_NK@Z
_eraserInit@0
_eraserEnd@0
_eraserStop@4
_eraserIsValidContext@4
_eraserCreateContext@4
?SetHandle@CFileLockResolver@@QAEXK@Z
_eraserSetWindow@8
_eraserAddItem@12
_eraserSetDataType@8
_eraserClearItems@4
_eraserSetWindowMessage@8
_eraserSetFinishAction@8

mfc90u

ord2458
ord2090
ord6513
ord6169
ord3360
ord3399
ord664
ord405
ord2209
ord6755
ord579
ord781
ord5543
ord3194
ord6084
ord5793
ord2702
ord5776
ord6359
ord6820
ord6835
ord1565
ord2224
ord3729
ord1182
ord2955
ord3534
ord400
ord3009
ord5945
ord324
ord608
ord1383
ord2372
ord1542
ord5861
ord4677
ord5893
ord2577
ord4684
ord4906
ord6553
ord6439
ord3035
ord3340
ord4641
ord5285
ord1462
ord6044
ord5606
ord2239
ord2204
ord6762
ord2867
ord2859
ord4994
ord3220
ord285
ord1607
ord1603
ord939
ord938
ord935
ord3061
ord5020
ord1533
ord3741
ord6666
ord2130
ord2069
ord587
ord792
ord6172
ord3145
ord390
ord652
ord6167
ord1365
ord4306
ord2830
ord4693
ord1441
ord3681
ord5601
ord4659
ord4378
ord5294
ord5297
ord4800
ord4805
ord4802
ord4820
ord4823
ord4807
ord5210
ord4599
ord4590
ord5214
ord4622
ord5224
ord4865
ord4866
ord2281
ord899
ord905
ord3323
ord3794
ord2280
ord4658
ord3252
ord3563
ord693
ord447
ord699
ord3165
ord869
ord862
ord1276
ord6811
ord1219
ord5767
ord291
ord287
ord3528
ord654
ord6579
ord6311
ord266
ord6687
ord4494
ord2478
ord809
ord2695
ord3486
ord2106
ord3543
ord1354
ord4971
ord4965
ord4710
ord576
ord779
ord555
ord619
ord6182
ord988
ord6338
ord6577
ord6807
ord4175
ord1726
ord6225
ord3380
ord6595
ord5388
ord2762
ord3282
ord3665
ord791
ord4040
ord4771
ord3907
ord539
ord753
ord5168
ord1937
ord4026
ord1783
ord1716
ord3651
ord775
ord2048
ord1925
ord5152
ord5661
ord4632
ord4608
ord5277
ord5301
ord5047
ord5231
ord5508
ord5511
ord5509
ord5510
ord3908
ord547
ord756
ord1018
ord4027
ord4692
ord1640
ord4700
ord5662
ord1709
ord5011
ord1405
ord398
ord662
ord6355
ord4773
ord936
ord812
ord491
ord729
ord374
ord481
ord724
ord1419
ord2197
ord5825
ord6353
ord4512
ord2282
ord3577
ord1357
ord2596
ord3146
ord4400
ord1222
ord5342
ord4527
ord6822
ord5778
ord3589
ord2274
ord1665
ord4652
ord3489
ord611
ord1934
ord343
ord3537
ord3995
ord4717
ord2470
ord524
ord744
ord1432
ord6040
ord6096
ord6187
ord6547
ord5974
ord5374
ord2243
ord339
ord337
ord613
ord5387
ord3499
ord2137
ord5611
ord5652
ord6794
ord5595
ord1423
ord2227
ord2265
ord2269
ord2288
ord2297
ord2289
ord2078
ord4396
ord5802
ord4320
ord4614
ord6524
ord2331
ord6204
ord6469
ord2283
ord1719
ord4660
ord3654
ord778
ord586
ord790
ord4131
ord2593
ord1047
ord6780
ord6065
ord1243
ord2103
ord1601
ord4510
ord2277
ord1667
ord4654
ord3496
ord615
ord6013
ord1145
ord3812
ord3994
ord5635
ord1262
ord1149
ord5592
ord5151
ord3122
ord5166
ord4630
ord5344
ord4888
ord4000
ord5012
ord4887
ord4918
ord5409
ord3843
ord4808
ord5418
ord5617
ord3253
ord3564
ord621
ord349
ord4011
ord2356
ord2901
ord4992
ord5497
ord2763
ord3155
ord1678
ord4167
ord6636
ord367
ord636
ord1353
ord2758
ord6091
ord6574
ord1255
ord2263
ord6183
ord6095
ord3826
ord2278
ord1770
ord1682
ord4656
ord3547
ord677
ord525
ord3622
ord4541
ord4410
ord333
ord3488
ord6094
ord1063
ord3370
ord6416
ord3513
ord6174
ord6418
ord5850
ord5863
ord6101
ord6372
ord6569
ord4579
ord6566
ord6060
ord6572
ord6063
ord3674
ord1688
ord2141
ord3231
ord4034
ord575
ord777
ord2971
ord3932
ord1224
ord3715
ord2264
ord3109
ord5190
ord3653
ord4701
ord5153
ord1718
ord1880
ord1888
ord1876
ord2121
ord6618
ord6616
ord2110
ord2089
ord2655
ord6159
ord1447
ord984
ord2205
ord2240
ord2241
ord4169
ord3064
ord6668
ord6664
ord6519
ord6622
ord6624
ord2431
ord1180
ord1264
ord4250
ord4543
ord3637
ord6088
ord585
ord788
ord4037
ord1787
ord6195
ord6517
ord3662
ord5403
ord2627
ord1431
ord1425
ord5429
ord4616
ord1723
ord3157
ord3906
ord1096
ord3934
ord2875
ord3156
ord3383
ord6426
ord3807
ord1067
ord6164
ord2676
ord3868
ord5124
ord590
ord795
ord293
ord2100
ord3810
ord2954
ord4251
ord4518
ord2504
ord5938
ord6831
ord6830
ord6829
ord3423
ord3422
ord3421
ord5675
ord5567
ord617
ord341
ord813
ord286
ord5834
ord2352
ord996
ord570
ord4441
ord6482
ord1186
ord1220
ord1108
ord1137
ord2597
ord794
ord589
ord4043
ord4893
ord4890
ord811
ord4345
ord5602
ord5664
ord4702
ord6376
ord3226
ord5625
ord4681
ord4774
ord1360
ord5845
ord480
ord1088
ord321
ord2451
ord2452

msvcr90

?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_CIpow
_CxxThrowException
floor
memcpy
__CxxFrameHandler3
_wcsdup
_wcsicmp
ceil
_getcwd
_time64
free
malloc
wcsncpy
_wsplitpath
wcsncat
wcsftime
_localtime64_s
memcpy_s
memset
wcsstr
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
isalnum
isalpha
isdigit
isprint
memmove_s
_beginthreadex
setlocale

kernel32

OpenProcess
GetCurrentProcess
FindClose
GetCompressedFileSizeW
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalFree
ResetEvent
SetEvent
WaitForSingleObject
FindCloseChangeNotification
WaitForMultipleObjects
GetVersion
FreeLibrary
LoadLibraryA
InterlockedExchange
GetModuleHandleA
SetLastError
GetWindowsDirectoryW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
WritePrivateProfileStringW
GetFullPathNameW
FindNextFileW
GetCurrentDirectoryW
MultiByteToWideChar
GlobalReAlloc
GlobalAlloc
GetLocalTime
FindResourceW
LoadResource
LockResource
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
GetLastError
CreateEventW
GetCurrentThreadId
Sleep
GetLogicalDrives
lstrcpynW
CloseHandle
CreateProcessW
lstrlenW
lstrcatW
lstrcpyW
LoadLibraryW

user32

GetKeyState
TranslateMessage
GetMenuDefaultItem
DestroyMenu
CheckMenuItem
GetCursor
DispatchMessageW
GetMessageW
IsChild
GetActiveWindow
DrawFrameControl
OffsetRect
SetRect
GetMessagePos
EndDeferWindowPos
BeginDeferWindowPos
EqualRect
AppendMenuW
CreatePopupMenu
GetMenuState
ModifyMenuW
GetMenuItemCount
GetTabbedTextExtentW
GrayStringW
DrawTextExW
TabbedTextOutW
GetCapture
ClipCursor
GetClipCursor
InvertRect
GetClassInfoW
SetFocus
IsWindowEnabled
GetFocus
MessageBoxW
EndDialog
GetForegroundWindow
FlashWindow
GetCaretBlinkTime
EnumThreadWindows
CallWindowProcW
DrawFocusRect
CopyIcon
ReleaseDC
GetDC
SetWindowLongW
SetCursor
SetCapture
ReleaseCapture
PtInRect
MessageBeep
DestroyCursor
InvalidateRect
SetRectEmpty
DrawStateW
DrawTextW
InflateRect
GetSysColor
RedrawWindow
EnumChildWindows
GetMenuItemID
TrackPopupMenu
DestroyIcon
SetMenuDefaultItem
GetSubMenu
ClientToScreen
GetCursorPos
KillTimer
SetTimer
IsWindow
GetWindowRect
CopyRect
GetParent
GetSystemMetrics
GetClientRect
UpdateWindow
SetForegroundWindow
IsIconic
IsWindowVisible
GetLastActivePopup
GetWindowThreadProcessId
ScreenToClient

gdi32

SelectObject
PatBlt
CreateRectRgnIndirect
GetDIBits
CreateDIBSection
DeleteObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
Polygon
GetCurrentObject
BitBlt
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
GetTextExtentPoint32W
CreateFontIndirectW
GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegOpenKeyExW
OpenSCManagerW
CloseServiceHandle
RegQueryValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegDeleteValueW

shell32

SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
DragFinish
DragAcceptFiles

comctl32

ImageList_Draw
ImageList_GetIconSize

shlwapi

PathRemoveFileSpecW
PathStripToRootW
PathAppendW

ole32

RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop

oleaut32

VarUdateFromDate
VarDateFromStr
SysFreeString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime

Sections

.text
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

857c7fa65d340f7454a0fbd8c593fca2

Headers

DLL Characteristics

File Characteristics

Imports

shfolder

eraser

mfc90u

msvcr90

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

Sections

.text Size: 201KB - Virtual size: 201KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 111KB - Virtual size: 112KB

.text
Size: 201KB - Virtual size: 201KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 111KB - Virtual size: 112KB