01494dac85c98940d0986d70b09b89d261f1763a37097c029f6899192d1ae856

Sharing

Copy URL Twitter E-mail

General

Target

01494dac85c98940d0986d70b09b89d261f1763a37097c029f6899192d1ae856
Size

1.3MB
MD5

07df43b40c9194579f1b76ce47ff0182
SHA1

fb05e0ff2d02011a3942c4f676a7697f2bc5f016
SHA256

01494dac85c98940d0986d70b09b89d261f1763a37097c029f6899192d1ae856
SHA512

5c9764e61739564c28aaecd532a8f7c19c2d33edc304c20ff9b45ca66ce5ea7d80701a3c8b96947c16f445e7b9d42b8c294ddbba5e10dfc62a31f5cd440ec0c3
SSDEEP

24576:EkQTuJtiZQoi17JQwJ3kYZiFsvofdTrITnhkKeNWTmvL24GGv:Gm17JVMfdTrITnhkKcWTmD2PY

Score

N/A

Malware Config

Signatures

Files

01494dac85c98940d0986d70b09b89d261f1763a37097c029f6899192d1ae856
.exe windows x86

c5c2e506e39db68ec19284ac9f49d181

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

qtquart

ord5
ord2
ord1
ord7
ord8
ord3
_QT_FindNextItemForCount@8

mfc42u

ord4229
ord6195
ord3087
ord6193
ord6376
ord4294
ord6451
ord6330
ord6898
ord3993
ord2637
ord1172
ord2634
ord3579
ord1143
ord543
ord803
ord3332
ord3806
ord6107
ord755
ord470
ord5798
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord1771
ord5568
ord4199
ord5142
ord5949
ord4166
ord326
ord2385
ord690
ord1980
ord6860
ord5351
ord5804
ord5198
ord3224
ord6055
ord389
ord6003
ord4155
ord3281
ord3093
ord4197
ord1761
ord2809
ord4050
ord3296
ord4272
ord2281
ord3494
ord2507
ord355
ord6911
ord5945
ord6871
ord3568
ord4266
ord2115
ord6668
ord6880
ord3909
ord2644
ord668
ord4120
ord3176
ord4053
ord2773
ord2762
ord356
ord1662
ord860
ord1105
ord6640
ord798
ord1989
ord6388
ord5188
ord533
ord5352
ord5201
ord4270
ord665
ord1971
ord2371
ord5438
ord268
ord3313
ord5180
ord354
ord941
ord833
ord5677
ord6868
ord5461
ord2822
ord2606
ord6920
ord6918
ord5852
ord6381
ord2755
ord4128
ord4292
ord5784
ord3688
ord4273
ord6654
ord6865
ord4119
ord6896
ord6667
ord6879
ord4124
ord3084
ord2859
ord4395
ord2573
ord4214
ord3288
ord2854
ord2746
ord4279
ord692
ord795
ord3701
ord2099
ord2836
ord6390
ord5446
ord6379
ord5436
ord3088
ord323
ord1633
ord5781
ord640
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord562
ord5778
ord816
ord804
ord3724
ord3389
ord4400
ord2579
ord4282
ord6726
ord2114
ord556
ord682
ord3625
ord790
ord3541
ord5871
ord2855
ord1634
ord3614
ord809
ord3658
ord289
ord2559
ord2372
ord283
ord2406
ord4118
ord613
ord3621
ord2111
ord2085
ord2100
ord765
ord3693
ord3393
ord693
ord6504
ord656
ord616
ord609
ord2092
ord6688
ord6238
ord2072
ord3991
ord2108
ord2070
ord2091
ord2105
ord6605
ord2081
ord810
ord3634
ord2016
ord2405
ord6362
ord1764
ord6733
ord3635
ord3365
ord3569
ord4390
ord3716
ord2567
ord3577
ord4392
ord2570
ord4213
ord2015
ord1569
ord2403
ord3605
ord3728
ord3711
ord4396
ord2574
ord1230
ord2144
ord818
ord567
ord3737
ord3397
ord5286
ord1768
ord6051
ord922
ord927
ord537
ord940
ord942
ord5273
ord6370
ord3792
ord324
ord641
ord3592
ord4419
ord4621
ord3356
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord2910
ord2717
ord538
ord2756
ord858
ord861
ord6921
ord6278
ord6279
ord6919
ord5679
ord5706
ord535
ord1131
ord2613
ord1165
ord1229
ord2078
ord6211
ord815
ord561
ord3733
ord4418
ord4394
ord2572
ord6354
ord1088
ord2444
ord6597
ord3566
ord6638
ord2351
ord2292
ord2333
ord2290
ord2331
ord2291
ord2332
ord2350
ord2293
ord2359
ord2358
ord2362
ord2357
ord2356
ord2355
ord2354
ord2353
ord2352
ord3871
ord3173
ord1972
ord2914
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord4269
ord925
ord800
ord540
ord2810
ord823
ord825
ord4667
ord1560

msvcrt

_onexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__dllonexit
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
__CxxFrameHandler
_wcsdup
free
_wcsicmp
wcslen
wcsncpy
wcsrchr
_wtoi64
wcscmp
wcsncat
strncmp
malloc
_beginthreadex
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
_exit
_endthreadex
_beginthread
__setusermatherr
strstr
isalnum
isspace
strncpy
gmtime
calloc
_vsnprintf
fopen
memmove
strchr
fputc
_CIpow
strtod
_iob
fprintf
longjmp
tolower
_wfsopen
_snprintf
abort
isalpha
towlower
_wcsnicmp
atof
wcstod
atoi
_wfopen
fwrite
fclose
_wtoi
__CxxLongjmpUnwind
_setjmp3
fseek
ftell
fread
memchr
floor
ceil
sscanf
??0exception@@QAE@ABQBD@Z
_purecall
time
wcsstr
wcsncmp
__RTDynamicCast
_wmakepath
_wsplitpath
wcschr
_vsnwprintf
_ftol
localtime
toupper
??0exception@@QAE@XZ
_except_handler3
??1type_info@@UAE@XZ

kernel32

GetPrivateProfileSectionW
lstrcmpiW
GetCurrentThread
SetLastError
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
DisconnectNamedPipe
SetEndOfFile
SuspendThread
GetExitCodeThread
ProcessIdToSessionId
lstrcmpW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleA
OutputDebugStringA
DeviceIoControl
GetDriveTypeW
MultiByteToWideChar
WriteFile
SetFileTime
DosDateTimeToFileTime
GetCurrentDirectoryW
DuplicateHandle
GetFileType
SetFilePointer
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
GlobalMemoryStatusEx
GetModuleFileNameA
DeleteFileA
GetACP
WideCharToMultiByte
FindResourceW
LoadResource
CreateMutexA
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
SetErrorMode
LoadLibraryExW
FreeLibrary
GetExitCodeProcess
CreateProcessW
OpenMutexW
OutputDebugStringW
MoveFileW
ResumeThread
lstrcpynW
GetLogicalDriveStringsW
ReleaseMutex
GetSystemTime
GlobalFree
GetPrivateProfileIntW
InterlockedCompareExchange
GetFileAttributesW
ResetEvent
GetCurrentProcess
SetThreadPriority
FindNextFileW
GetTimeZoneInformation
FindFirstFileW
FindClose
GetPrivateProfileIntA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
lstrlenW
CreateThread
WaitForMultipleObjects
SetEvent
CreateWaitableTimerW
GetSystemTimeAsFileTime
SetWaitableTimer
CreateEventW
InterlockedExchange
WaitForSingleObject
TerminateThread
GetSystemDirectoryW
GetVersionExW
LoadLibraryA
GetFileAttributesExW
GetTempFileNameW
CopyFileW
DeleteFileW
SetFileAttributesW
GetSystemWindowsDirectoryW
WritePrivateProfileStringW
GetTempPathW
GetDiskFreeSpaceW
GetWindowsDirectoryW
CreateDirectoryW
RemoveDirectoryW
GetTickCount
GetLongPathNameW
GetCommandLineW
CreateMutexW
GetLastError
InterlockedIncrement
GetModuleFileNameW
GetCurrentProcessId
LoadLibraryW
GetProcAddress
InterlockedDecrement
MoveFileExW
OpenProcess
TerminateProcess
GetPrivateProfileStringW
CreateFileW
GetFileSize
ReadFile
CloseHandle
lstrlenA
LocalFree
ExpandEnvironmentStringsW
SetProcessWorkingSetSize
GetFullPathNameW
CreateSemaphoreA
ReleaseSemaphore
QueryPerformanceCounter
SetNamedPipeHandleState
CreateFileA
ReadFileEx
SleepEx
CreateEventA
GetModuleHandleW
GetStartupInfoW
SizeofResource
Sleep

user32

FillRect
GetDC
ReleaseDC
SetRect
GetGUIThreadInfo
GetWindowThreadProcessId
PostThreadMessageW
SetLayeredWindowAttributes
WindowFromPoint
IsWindowEnabled
ExitWindowsEx
DeleteMenu
GetCursorPos
EnableMenuItem
IsWindowVisible
GetSysColor
CopyRect
CharLowerBuffW
LoadIconW
RedrawWindow
GetDlgItem
ShowWindow
SetWindowTextW
KillTimer
SetTimer
SystemParametersInfoW
GetWindowLongW
SetWindowLongW
SetCapture
ReleaseCapture
GetParent
IsWindow
GetWindowRect
OffsetRect
SetWindowPos
LoadMenuW
GetSubMenu
ModifyMenuW
GetMenuStringW
GetMenuItemID
GetMenuItemCount
GetKeyState
PtInRect
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
EnumChildWindows
IsZoomed
IsRectEmpty
GetUpdateRgn
SetWindowRgn
ScreenToClient
SetCursor
DrawTextW
IntersectRect
TabbedTextOutW
GrayStringW
DrawIconEx
LoadImageW
BringWindowToTop
SetForegroundWindow
GetWindow
PostQuitMessage
IsIconic
LoadCursorW
GetClientRect
FrameRect
GetSystemMetrics
InvalidateRect
RegisterWindowMessageW
SendMessageTimeoutW
EnableWindow
MessageBoxW
FindWindowW
SendMessageW
WaitForInputIdle
GetClassInfoW
PostMessageW
GetDesktopWindow
DrawIcon

gdi32

BitBlt
CreateCompatibleDC
SelectObject
CreateFontIndirectW
GetObjectW
RectInRegion
CombineRgn
CreateRectRgn
ExtCreatePen
GetDeviceCaps
DeleteObject
DeleteDC
Escape
ExtCreateRegion
GetBitmapBits
CreateBitmap
GetStockObject
CreateSolidBrush
CreateCompatibleBitmap
TextOutW
RectVisible
PtVisible
GetTextColor
GetBkMode
GetDIBits
SetRectRgn
GetCurrentObject
SetPixel
SetStretchBltMode
StretchDIBits
CreateDIBSection
ExtTextOutW

advapi32

RegSetValueExW
DeleteService
GetTokenInformation
OpenThreadToken
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
GetUserNameW
RegCreateKeyW
RegRestoreKeyW
ChangeServiceConfigW
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExW

shell32

Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteExW
ShellExecuteW
DragQueryFileW
ShellExecuteA
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
SHGetMalloc
SHGetFileInfoW
SHGetSpecialFolderLocation
ord680

ole32

OleRun
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoUninitialize
CoInitialize

olepro32

ord251

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SysStringByteLen
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SetErrorInfo
CreateErrorInfo
SafeArrayDestroy
GetErrorInfo

shlwapi

PathFileExistsW
StrStrIW
PathAddBackslashW
PathRemoveFileSpecW
PathIsDirectoryW
SHGetValueW
SHSetValueW
StrCmpIW
StrCmpW
wnsprintfW
SHDeleteValueW
StrRChrW
PathAppendW
StrCmpNW
PathCombineW
StrCpyNW
StrCmpNIW
StrChrW

netapi32

NetUserGetInfo
NetApiBufferFree

wininet

InternetGetConnectedState
InternetQueryOptionW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetCrackUrlW

ws2_32

gethostbyname
inet_ntoa
inet_addr
WSAStartup

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

EnumProcessModules
GetModuleFileNameExW
EnumProcesses

msimg32

TransparentBlt

comctl32

_TrackMouseEvent

msvcp60

??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

Sections

.text
Size: 1008KB - Virtual size: 1006KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 60KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c5c2e506e39db68ec19284ac9f49d181

Headers

File Characteristics

Imports

qtquart

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

olepro32

oleaut32

shlwapi

netapi32

wininet

ws2_32

version

psapi

msimg32

comctl32

msvcp60

Sections

.text Size: 1008KB - Virtual size: 1006KB

.rdata Size: 172KB - Virtual size: 168KB

.data Size: 60KB - Virtual size: 62KB

.rsrc Size: 132KB - Virtual size: 132KB

.text
Size: 1008KB - Virtual size: 1006KB

.rdata
Size: 172KB - Virtual size: 168KB

.data
Size: 60KB - Virtual size: 62KB

.rsrc
Size: 132KB - Virtual size: 132KB