54e23479293f2c62f68ae44beb7555bc6c65e8b29a72814fa72fcd5f25fc01b8

Sharing

Copy URL Twitter E-mail

General

Target

54e23479293f2c62f68ae44beb7555bc6c65e8b29a72814fa72fcd5f25fc01b8
Size

444KB
MD5

320d4573fe1a1fd4cc149361eb586aa0
SHA1

c9cb2bd4a98ecf5bda74036acb759be052e7cae9
SHA256

54e23479293f2c62f68ae44beb7555bc6c65e8b29a72814fa72fcd5f25fc01b8
SHA512

394365f6db4790c8fa7dd7dacd72125a5b708a4a7a90ae6a4030e6fdbe0a94d6b0c3e01e60410fd365bc6ac4996adb23f9d3859e6acd08e85cadfefa6b038aaf
SSDEEP

12288:QSTJzNYTbE9bH1g++++++++++++++++++++++++++++++++++++++++z+++++++9:QS9zGTA9bHq++++++++++++++++++++g

Score

N/A

Malware Config

Signatures

Files

54e23479293f2c62f68ae44beb7555bc6c65e8b29a72814fa72fcd5f25fc01b8
.exe windows x86

469d6b439a6c0eae9bd905a540bacdb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gbase

?GetProgramCounter@tracked_objects@@YAPBXXZ
??0Channel@IPC@@QAE@ABUChannelHandle@1@W4Mode@01@PAVListener@1@@Z
?Connect@Channel@IPC@@QAE_NXZ
??0PickleIterator@@QAE@ABVPickle@@@Z
??0Message@IPC@@QAE@XZ
??0Thread@base@@QAE@PBD@Z
??1Thread@base@@UAE@XZ
?Stop@Thread@base@@QAEXXZ
??1RefCountedThreadSafeBase@subtle@base@@IAE@XZ
??0RefCountedThreadSafeBase@subtle@base@@IAE@XZ
?AddRef@RefCountedThreadSafeBase@subtle@base@@IBEXXZ
?Release@RefCountedThreadSafeBase@subtle@base@@IBE_NXZ
?Destruct@TaskRunnerTraits@base@@SAXPBVTaskRunner@2@@Z
?Write@?$ParamTraits@PAX@IPC@@SAXPAVMessage@2@ABQAX@Z
?Read@?$ParamTraits@PAX@IPC@@SA_NPBVMessage@2@PAVPickleIterator@@PAPAX@Z
??0CallbackBase@internal@base@@IAE@PAVBindStateBase@12@@Z
?ThreadMain@Thread@base@@EAEXXZ
?Run@Thread@base@@MAEXPAVMessageLoop@2@@Z
?ReadInt@PickleIterator@@QAE_NPAH@Z
?BaseInitLoggingImpl_built_with_NDEBUG@logging@@YA_NPB_WW4LoggingDestination@1@W4LogLockingState@1@W4OldFileDeletionState@1@W4DcheckState@1@@Z
??0Location@tracked_objects@@QAE@PBD0HPBX@Z
??0LogMessage@logging@@QAE@PBDHHPAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetMessageFilter@MessagePumpForUI@base@@QAEXV?$scoped_ptr@VMessageFilter@MessagePumpForUI@base@@U?$DefaultDeleter@VMessageFilter@MessagePumpForUI@base@@@3@@@@Z
??0AtExitManager@base@@QAE@XZ
??1AtExitManager@base@@QAE@XZ
?Init@CommandLine@@SA_NHPBQBD@Z
?GetSwitchValueNative@CommandLine@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@3@@Z
?ForCurrentProcess@CommandLine@@SAPAV1@XZ
??0FilePath@base@@QAE@XZ
??1FilePath@base@@QAE@XZ
?Get@PathService@@SA_NHPAVFilePath@base@@@Z
??4FilePath@base@@QAEAAV01@ABV01@@Z
?Append@FilePath@base@@QBE?AV12@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?CreateDirectoryW@file_util@@YA_NABVFilePath@base@@@Z
?GetSwitchValueASCII@CommandLine@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@@Z
?StartWithOptions@Thread@base@@QAE_NABUOptions@12@@Z
??0RunLoop@base@@QAE@XZ
??1RunLoop@base@@QAE@XZ
?Run@RunLoop@base@@QAEXXZ
?StopSoon@Thread@base@@QAEXXZ
?PostTask@TaskRunner@base@@QAE_NABVLocation@tracked_objects@@ABV?$Callback@$$A6AXXZ@2@@Z
??0Message@IPC@@QAE@ABV01@@Z
?WriteWString@Pickle@@QAE_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?WriteBytes@Pickle@@QAE_NPBXH@Z
?ReadWString@PickleIterator@@QAE_NPAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?ReadLong@PickleIterator@@QAE_NPAJ@Z
?ReadBool@PickleIterator@@QAE_NPA_N@Z
?current@MessageLoop@base@@SAPAV12@XZ
??1CallbackBase@internal@base@@IAE@XZ
?GetMinLogLevel@logging@@YAHXZ
?get_dcheck_state@logging@@YA?AW4DcheckState@1@XZ
??1LogMessage@logging@@QAE@XZ
??0LogMessage@logging@@QAE@PBDHH@Z
??0MessageLoop@base@@QAE@W4Type@01@@Z
?EndsWith@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@0_N@Z

wininet

InternetSetCookieW
InternetGetCookieW

kernel32

GetProcessHeap
HeapFree
InitializeCriticalSectionAndSpinCount
TerminateProcess
SetLastError
RaiseException
GetCurrentThreadId
GetTickCount
HeapReAlloc
InterlockedDecrement
GlobalAlloc
lstrcmpW
MulDiv
InterlockedIncrement
GlobalLock
GlobalUnlock
LoadLibraryW
FreeLibrary
WritePrivateProfileStringW
GetModuleHandleW
GetProcAddress
LockResource
LoadLibraryExW
GetCurrentProcessId
GetDriveTypeA
GetVolumeInformationA
GetLogicalDriveStringsA
LoadLibraryA
lstrcpyA
CreateFileA
DeviceIoControl
CloseHandle
HeapAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapSetInformation
Sleep
InterlockedExchange
DecodePointer
EncodePointer
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
HeapSize
HeapDestroy
LocalFree
lstrcpynW
lstrcpyW
GetVersionExW
GetPrivateProfileIntW
GetWindowsDirectoryW
lstrcmpiW
lstrlenW
GetPrivateProfileStringW
MultiByteToWideChar
WideCharToMultiByte
GetLastError
lstrlenA
SizeofResource
WaitForSingleObject
DeleteCriticalSection
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource

user32

GetWindowRect
IsWindowVisible
GetTopWindow
DestroyWindow
GetParent
IsWindow
GetClassNameW
GetDesktopWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateWindowExW
GetWindowLongW
SetWindowLongW
wsprintfW
UnregisterClassA
GetWindow
WindowFromPoint
GetCursorPos
SetTimer
TrackPopupMenu
GetMenuState
GetMenuItemCount
DeleteMenu
GetSubMenu
LoadMenuW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
PeekMessageW
SetPropW
CallWindowProcW
GetPropW
RegisterWindowMessageW
DefWindowProcW
ReleaseCapture
CreateAcceleratorTableW
FillRect
GetFocus
DestroyAcceleratorTable
GetSysColor
CharNextW
GetDlgItem
IsChild
SetFocus
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
EndPaint
BeginPaint
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
SendMessageW
ShowWindow
UpdateWindow
CopyRect
FindWindowExW

gdi32

GetDeviceCaps
DeleteObject
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
GetStockObject
GetObjectW
SelectObject

advapi32

RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyW
RegQueryInfoKeyW
RegEnumKeyExW
CryptGetHashParam
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
RegOpenKeyExW

shell32

SHGetMalloc
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

StringFromGUID2
OleLockRunning
OleInitialize
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
OleUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

DispCallFunc
VariantChangeType
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
OleCreateFontIndirect
VariantInit
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
VariantClear
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathRemoveFileSpecW
StrCmpNIW
StrCatW
StrCpyNW

msvcr100

towupper
_initterm_e
_initterm
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
toupper
_crt_debugger_hook
__set_app_type
_fmode
_commode
__setusermatherr
??3@YAXPAX@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
memmove
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
wcsrchr
?what@exception@std@@UBEPBDXZ
_purecall
memcpy_s
wmemcpy_s
free
memmove_s
_recalloc
calloc
_vscwprintf
vswprintf_s
wcschr
wcsncpy_s
malloc
swprintf_s
_configthreadlocale
_strlwr_s
strncmp
_ultoa_s
_scwprintf
_wcsicmp
wcsnlen
_wtoi
strtol
wcstol
_itow_s
isspace
srand
rand
iswspace
realloc
_get_errno
_set_errno
_time64
wcsstr
_wcslwr_s
__CxxFrameHandler3
sscanf
memcpy
sprintf
_CxxThrowException
memset
sprintf_s
strpbrk
memchr

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msvcp100

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_BADOFF@std@@3_JB
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Container_base12@std@@QAE@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setf@ios_base@std@@QAEHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?uncaught_exception@std@@YA_NXZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ

ws2_32

WSAConnect
WSAEnumNetworkEvents
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSARecv
WSAGetLastError
WSASetEvent
WSAEventSelect
FreeAddrInfoW
WSASetLastError
WSASocketW
GetAddrInfoW
WSACloseEvent
closesocket
WSACleanup
WSAStartup
WSACreateEvent

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

dajps
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 84KB - Virtual size: 84KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

469d6b439a6c0eae9bd905a540bacdb0

Headers

DLL Characteristics

File Characteristics

Imports

gbase

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcr100

version

msvcp100

ws2_32

Sections

.text Size: 214KB - Virtual size: 213KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 54KB - Virtual size: 54KB

.reloc Size: 20KB - Virtual size: 19KB

dajps Size: 4KB - Virtual size: 4KB

Size: 84KB - Virtual size: 84KB

.text
Size: 214KB - Virtual size: 213KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 54KB - Virtual size: 54KB

.reloc
Size: 20KB - Virtual size: 19KB

dajps
Size: 4KB - Virtual size: 4KB