a5d27517c87634ce0774df4f0a90c82aa4b32c1d9099d9fee1264cd494edcbd4

Sharing

Copy URL Twitter E-mail

General

Target

a5d27517c87634ce0774df4f0a90c82aa4b32c1d9099d9fee1264cd494edcbd4
Size

672KB
MD5

6996b93a8eed6c860d63688fa9168c20
SHA1

79119eb18491489e4d6118aa1ff0fa9d19b6da72
SHA256

a5d27517c87634ce0774df4f0a90c82aa4b32c1d9099d9fee1264cd494edcbd4
SHA512

2e4e818be5011666afcd11305e37cdb9ef01dafce5f7b7ae2a8220e5465c8eab8223f72266c1e1c73ad4c8a9de4baed738b2682f3bad89168bc421dfd8390f30
SSDEEP

12288:4ATKAxiBaMAKh54yLEvunm/pcb23xnzyP2f2UbRshX9/WTbJkoW1tuT:FTKoMa4NLE/x9nijhtuTbJk71

Score

N/A

Malware Config

Signatures

Files

a5d27517c87634ce0774df4f0a90c82aa4b32c1d9099d9fee1264cd494edcbd4
.exe windows x86

abd7d622ff18e9e1916a0cde217a6b39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyaddr
ntohs
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr
WSAStartup
WSACleanup
htons
socket
connect
closesocket
send
recv
WSASetLastError
getservbyport

dnsapi

DnsQuery_W
DnsRecordListFree

wininet

HttpOpenRequestW
InternetCloseHandle
HttpSendRequestExW
InternetReadFile
InternetOpenW
InternetConnectW
HttpEndRequestW
InternetWriteFile

rpcrt4

UuidToStringA
RpcStringFreeA

gdi32

SetLayout
CreatePen
CreateDCW
GetDIBits
TextOutW
CreateFontW
CreateRectRgn
SelectClipRgn
BitBlt
SelectPalette
RealizePalette
SetStretchBltMode
StretchBlt
SetViewportOrgEx
DeleteObject
SelectObject
SetDIBits
SetBkMode
SetTextColor
DeleteDC
CreateFontIndirectW
GetStockObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
Polygon
CreateSolidBrush
SetBkColor
CreateHalftonePalette
CreatePalette
GetDIBColorTable

shell32

ExtractIconW
CommandLineToArgvW
SHGetFileInfoW
Shell_NotifyIconW
SHFileOperationW
SHGetSpecialFolderPathW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

psapi

GetProcessMemoryInfo

kernel32

UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
GetVersionExA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualFree
CreateDirectoryW
FormatMessageW
GlobalFree
GetPrivateProfileStringW
GetTempPathW
GetTempFileNameW
SystemTimeToFileTime
WritePrivateProfileStringW
GetSystemDirectoryA
SetEvent
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
lstrlenW
ResetEvent
InterlockedIncrement
CreateEventW
FindNextFileW
FindClose
SetLastError
GetFullPathNameW
FindFirstFileW
lstrlenA
DebugBreak
OutputDebugStringW
GetSystemTime
FileTimeToSystemTime
GetProcessTimes
FreeLibrary
GetProcAddress
LoadLibraryW
OpenProcess
SystemTimeToTzSpecificLocalTime
GetFileSizeEx
CreateFileW
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
RaiseException
GetLastError
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
lstrcmpiW
MulDiv
CompareStringW
lstrcmpW
GetModuleHandleW
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleFileNameW
CreateMutexW
GetCommandLineW
GetVersionExW
CreateProcessW
ReadFile
GetFileInformationByHandle
WriteFile
CreateThread
UnmapViewOfFile
CreateFileMappingW
GetSystemInfo
MapViewOfFile
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcessId
OpenFileMappingW
LoadLibraryA

user32

DrawTextExA
CharUpperW
SetScrollInfo
GetScrollInfo
PostMessageW
DialogBoxParamW
PostQuitMessage
LoadIconW
CopyRect
AdjustWindowRectEx
IsDialogMessageW
EnableWindow
KillTimer
SetTimer
MoveWindow
GetMenu
GetIconInfo
DrawTextExW
DrawIcon
GetActiveWindow
GetSubMenu
TrackPopupMenu
UnregisterClassA
GetWindow
SystemParametersInfoW
MonitorFromPoint
GetMonitorInfoW
DestroyMenu
SetMenuItemInfoW
CheckMenuRadioItem
DeleteMenu
EndDialog
MessageBoxW
SetProcessDefaultLayout
LoadImageW
GetDesktopWindow
GetSysColorBrush
GetKeyState
CreateDialogParamW
GetClassNameW
LoadCursorW
EnumDisplayMonitors
GetFocus
OffsetRect
ReleaseCapture
ReleaseDC
AnimateWindow
EndPaint
BeginPaint
GetCursorPos
SetCursor
DrawFocusRect
FillRect
DrawTextW
PtInRect
CallWindowProcW
IsWindow
GetDlgCtrlID
GetParent
SetFocus
SetCapture
IsWindowEnabled
UpdateWindow
ScreenToClient
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateWindowExW
DestroyWindow
SetRectEmpty
MapWindowPoints
GetDlgItem
RedrawWindow
IsWindowVisible
ShowWindow
InvalidateRect
SendMessageW
GetWindowRect
SetWindowPos
GetWindowLongW
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowLongW
DestroyIcon
GetGuiResources
CharNextW
LoadStringW
GetCursorInfo
GetWindowThreadProcessId
EnableMenuItem
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetDC
IntersectRect
EnumWindows
GetSysColor
GetCapture
LoadMenuW

advapi32

RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateGuid

oleaut32

VarR8FromStr
VarDecFromStr
VarDecCmp
SysFreeString
VarI4FromStr
VarDateFromStr
VarUI4FromStr

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Create
_TrackMouseEvent

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

strtod
longjmp
__iob_func
strncpy
strcpy
_gmtime64
fabs
abs
pow
abort
sprintf
isalpha
tolower
isspace
strncmp
atof
fseek
ftell
ferror
fopen_s
_vsnprintf_s
sscanf_s
fputc
memmove
swprintf_s
strftime
_wdupenv_s
_time64
_gmtime64_s
wcscspn
strcat_s
strtoul
strncpy_s
calloc
strcpy_s
wcsstr
strchr
__CxxLongjmpUnwind
fprintf
atoi
wcsncmp
_wtol
_setjmp3
fflush
_onexit
fwrite
fwprintf
sprintf_s
feof
_wstat64i32
fread
wcschr
wcsncpy_s
malloc
_recalloc
_wcsicmp
free
_purecall
strcmp
memcpy
_wfopen_s
fclose
memcmp
wcslen
_wtoi
wcscmp
iswspace
iswdigit
wcsrchr
vswprintf_s
wcscpy_s
memmove_s
strlen
isalnum
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??_V@YAXPAX@Z
memset
memcpy_s
_CxxThrowException
_invalid_parameter_noinfo
??3@YAXPAX@Z
exit
sscanf
rand
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
tmpfile
rewind
getenv
srand
_ftelli64
_fseeki64
_wfopen
fopen
_except_handler4_common
_unlock
_encode_pointer
__dllonexit
_lock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
_decode_pointer

Sections

.text
Size: 440KB - Virtual size: 438KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�+T
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

abd7d622ff18e9e1916a0cde217a6b39

Headers

File Characteristics

Imports

ws2_32

dnsapi

wininet

rpcrt4

gdi32

shell32

comdlg32

version

psapi

kernel32

user32

advapi32

ole32

oleaut32

comctl32

msvcp80

msvcr80

Sections

.text Size: 440KB - Virtual size: 438KB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 32KB - Virtual size: 28KB

�+T Size: 88KB - Virtual size: 88KB

.text
Size: 440KB - Virtual size: 438KB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 32KB - Virtual size: 28KB

�+T
Size: 88KB - Virtual size: 88KB