37139e01c9ffa6cac4fd6f3f439622b4588b424cf095d39d44cf39950d12965a

Sharing

Copy URL Twitter E-mail

General

Target

37139e01c9ffa6cac4fd6f3f439622b4588b424cf095d39d44cf39950d12965a
Size

293KB
MD5

6876369223959e29942fa0f7efd628a0
SHA1

1e2c1d245c711d6ee3c6e347f62c56ff3c5d29da
SHA256

37139e01c9ffa6cac4fd6f3f439622b4588b424cf095d39d44cf39950d12965a
SHA512

6565abb3a71fc3269830553a486a7b7a7aba322db2b9109ab8b777035ca1f6f1556e3b22bef27c511a03b45a866698ac2fc6bd999525742e03191f51e7a0d3af
SSDEEP

6144:egA84Six4oaOqvNi1GOoxYpNTfp4CpUmkMny:egA54oaHvoTVpUmkMny

Score

N/A

Malware Config

Signatures

Files

37139e01c9ffa6cac4fd6f3f439622b4588b424cf095d39d44cf39950d12965a
.exe windows x86

b054e24d3272da17829a29fc100f67ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsW

ws2_32

WSAStartup
htonl
closesocket
htons

kernel32

GetTempFileNameW
GetTempPathW
CreateDirectoryW
lstrlenW
GetModuleFileNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
DeleteFileW
CloseHandle
ReadFile
SetFilePointer
GetFileSize
CreateFileW
WriteFile
UnmapViewOfFile
GetLastError
CreateEventA
SetEvent
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateEventW
TerminateThread
WaitForSingleObject
ResetEvent
DeleteCriticalSection
Sleep
CreateProcessW
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
MultiByteToWideChar
FlushInstructionCache
GetCurrentProcess
SetLastError
OpenProcess
lstrlenA
lstrcmpiA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcessId
CreateThread
GetModuleHandleW
GetCurrentThreadId
GetCommandLineW
SetUnhandledExceptionFilter
RaiseException
GetThreadLocale
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetACP
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
GetStartupInfoW
UnhandledExceptionFilter
GetLocaleInfoA
InterlockedExchange
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
WaitForMultipleObjects

user32

UnregisterClassA
PostQuitMessage
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
PostMessageW
DestroyWindow
SetWindowLongW
SendMessageW
SetTimer
KillTimer
SendMessageTimeoutW
GetWindowThreadProcessId
DefWindowProcW
FindWindowW
RegisterClassExW
GetWindowLongW
CallWindowProcW
GetDesktopWindow
GetMessageW
PostThreadMessageW
CharNextW
CharUpperW
LoadCursorW
GetClassInfoExW
CreateWindowExW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantCopy

atl80

ord43
ord44
ord32
ord30
ord58
ord23
ord61
ord31
ord17
ord18
ord22
ord64
ord20

msvcp80

??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0ABV12@@Z
??0?$allocator@_W@std@@QAE@XZ
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEX_NI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0ABV12@@Z
??0?$allocator@D@std@@QAE@XZ
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ

wininet

InternetCrackUrlA

msvcr80

malloc
_resetstkoflw
wcsrchr
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
__wgetmainargs
_wtoi
_cexit
_beginthreadex
_itoa
_purecall
_vsnwprintf_s
memcpy_s
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
srand
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
_wcsicmp
calloc
??3@YAXPAX@Z
??_V@YAXPAX@Z
_CxxThrowException
memcpy
memset
__CxxFrameHandler3
swprintf_s
_recalloc
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_snwprintf
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
memmove_s
_snprintf
rand
free

qqmusiccommon

?Log@qqmusic@@YAXPB_W0ZZ

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b054e24d3272da17829a29fc100f67ea

Headers

File Characteristics

Imports

shlwapi

ws2_32

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl80

msvcp80

wininet

msvcr80

qqmusiccommon

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 12KB - Virtual size: 11KB

.rsrc Size: 128KB - Virtual size: 128KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 128KB - Virtual size: 128KB