e81426c0b1f6727b9aee64cbdbd024edb1ff62b9a2ded43ef0b62345905a1037

Sharing

Copy URL

Twitter E-mail

General

Target

e81426c0b1f6727b9aee64cbdbd024edb1ff62b9a2ded43ef0b62345905a1037
Size

232KB
MD5

6d43891fe88d998b54652cf601aee2f7
SHA1

45f80b09f5c01d0279f632cad4c3c028dfaa0fb9
SHA256

e81426c0b1f6727b9aee64cbdbd024edb1ff62b9a2ded43ef0b62345905a1037
SHA512

001b4715f323e4f71469418d46193bcf5c89ed80c5853ed99c84ab1e40d2881f20919e267449a6afa2c223d04f2b074fc343c32a48b739a530258218e8938b08
SSDEEP

3072:WJTbICInI/+4U3iIfbT5spoLm4EYfLLq70F+Xt9hYXM2IuY8QgDyTQzXUiLsDGfX:KoI/1QBspHOPXK9wq97CUieQ1AZVzVs

Score

N/A

Malware Config

Signatures

Files

e81426c0b1f6727b9aee64cbdbd024edb1ff62b9a2ded43ef0b62345905a1037
.exe windows x86

eb6a7f0fd507333784885bb44d3e1970

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

qcui2

??0CQCButton@@QAE@XZ
?Flash@CQCButton@@QAEXHIIPAK0@Z
?SetAsLinkButton@CQCButton@@QAEXH@Z
?SetBorderType@CQCButton@@QAE?AW4BorderType@1@W421@@Z
?SetBorderStyle@CQCButton@@QAE?AW4BorderStyle@1@W421@@Z
??1CGraphic@@UAE@XZ
??1CQCButton@@UAE@XZ
?SetToggleState@CQCButton@@QAE?AW4ButtonToggleState@1@W421@@Z
?SetTooltipText@CQCButton@@QAEXIW4ButtonType@1@@Z
?GetToggleState@CQCButton@@QAE?AW4ButtonToggleState@1@XZ
?GenerateErrorMsg_DiskSaveOperation@@YAHW4MEDIA_FILETYPE@@PBDPAT_ULARGE_INTEGER@@JW4CAMERA_STATUS@@1W4CAMERA_ACTION@@PADHH@Z
?Load@CGraphic@@QAEHPAUHINSTANCE__@@PBD1@Z
?GetHeight@CGraphic@@QAEHI@Z
?GetWidth@CGraphic@@QAEHI@Z
?Draw@CGraphic@@QAEHPAUHDC__@@HHHHHHHHH@Z
??0CGraphic@@QAE@K@Z
?SetButtonBehavior@CQCButton@@QAE?AW4ButtonBehavior@1@W421@@Z

ltfil12n

ord103
ord118

ltkrn12n

ord125

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shlwapi

PathFindFileNameA
PathAppendA
PathRemoveExtensionA
PathStripPathA
SHGetValueA
SHRegGetUSValueA
PathRemoveFileSpecA

mfc71

ord5611
ord6060
ord5608
ord6054
ord4161
ord6057
ord6037
ord5727
ord5647
ord5523
ord5588
ord5414
ord5401
ord5921
ord5719
ord3180
ord5642
ord6062
ord5888
ord5635
ord5634
ord563
ord4115
ord2654
ord502
ord2075
ord2367
ord2585
ord1009
ord6254
ord4100
ord2094
ord3244
ord1955
ord2371
ord1283
ord1063
ord2938
ord3389
ord4108
ord3997
ord2271
ord4541
ord3683
ord757
ord6090
ord1123
ord1065
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2838
ord1545
ord3333
ord566
ord2248
ord314
ord2272
ord4081
ord5403
ord2468
ord1054
ord3641
ord605
ord741
ord2321
ord3204
ord2095
ord1591
ord4240
ord3317
ord1308
ord2176
ord907
ord4580
ord4749
ord709
ord501
ord4035
ord4104
ord5563
ord758
ord567
ord4648
ord4394
ord5182
ord4212
ord4735
ord4890
ord2020
ord1671
ord1670
ord1551
ord5912
ord1401
ord5203
ord4262
ord3182
ord354
ord1794
ord865
ord6067
ord3761
ord1580
ord2346
ord785
ord6144
ord2168
ord1486
ord1405
ord2164
ord2657
ord4692
ord4125
ord1793
ord5613
ord6236
ord2292
ord5529
ord5640
ord326
ord2527
ord6283
ord3109
ord1160
ord1071
ord5323
ord2903
ord629
ord5089
ord384
ord3596
ord3908
ord300
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord1230
ord2086
ord2372
ord3302
ord2368
ord1084
ord4320
ord5731
ord5641
ord4123
ord4001
ord4353
ord3423
ord2131
ord6286
ord5320
ord6297
ord5331
ord572
ord1161
ord1655
ord760
ord3337
ord4261
ord4486
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2862
ord2714
ord4307
ord2835
ord2731
ord2537
ord5200
ord1599
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2408
ord2413
ord2394
ord2410
ord934
ord930
ord932
ord928
ord923
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4244
ord1402
ord3946
ord1617
ord1620
ord5915
ord3255
ord1903
ord1185
ord1482
ord911
ord784
ord2322
ord3684
ord310
ord781
ord762
ord265
ord1917
ord266
ord2933
ord299
ord6118
ord2902
ord1489
ord1187
ord1191
ord3934
ord304
ord578
ord876
ord5491
ord297
ord764
ord347
ord2263
ord1929
ord602
ord5637
ord1279
ord1280
ord3161
ord1934
ord3210
ord3164
ord587
ord2991
ord6065
ord4232
ord581
ord1167
ord1092
ord1209
ord1177
ord1175
ord1201
ord1120
ord371
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord4481
ord1207

msvcr71

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
memset
tolower
isalnum
_setmbcp
_mbsinc
_mbsnbcmp
toupper
strchr
__p__fmode
atoi
_strdup
strncpy
sscanf
_getmbcp
strncmp
strstr
_mbsstr
_mbsnbcpy
_mbschr
_vsnprintf
memmove
_purecall
_splitpath
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0exception@@QAE@XZ
??1exception@@UAE@XZ
realloc
wcsncpy
_except_handler3
_resetstkoflw
free
malloc
sprintf
__CxxFrameHandler
__set_app_type
__security_error_handler
wcscpy
_strupr
_controlfp

kernel32

CreateToolhelp32Snapshot
Module32First
Module32Next
CloseHandle
IsDBCSLeadByte
lstrcpynA
Process32Next
lstrcmpiA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
GetModuleHandleA
GetModuleFileNameA
GetShortPathNameA
Process32First
CreateFileA
WaitForSingleObject
ReleaseMutex
SetEvent
CreateEventA
CreateMutexA
CreateThread
MulDiv
GetPrivateProfileSectionA
FreeLibrary
GetLastError
OpenMutexA
LocalFree
FormatMessageA
LoadLibraryA
GetPrivateProfileStringA
InterlockedIncrement
InterlockedDecrement
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
CreateDirectoryA
CreateProcessA
GetPrivateProfileIntA
Sleep
lstrcpyA
GetFileAttributesA
GetVersion
lstrcmpiW
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalReAlloc
LockResource
GetTickCount
VirtualFree
VirtualAlloc
EnumResourceLanguagesA
VerLanguageNameA
GetProcAddress
LocalAlloc
GetStartupInfoA
ExitProcess
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
lstrlenW
GetSystemTimeAsFileTime

user32

SetWindowPos
LoadBitmapA
EnumChildWindows
GetWindowTextA
SetWindowTextA
LoadCursorA
LoadIconA
LoadImageA
PeekMessageA
TranslateMessage
DispatchMessageA
GetCursorPos
GetAsyncKeyState
FillRect
GetSystemMetrics
SetForegroundWindow
IsWindowVisible
IsIconic
GetSystemMenu
SetMenuDefaultItem
AppendMenuA
DrawIcon
SetRectEmpty
MessageBoxA
DestroyIcon
SetRect
RemoveMenu
InsertMenuA
GetSubMenu
DestroyCursor
PtInRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetParent
InvalidateRect
UpdateWindow
GetClientRect
SendMessageA
CopyRect
IsWindow
EnableWindow
KillTimer
SetTimer
PostMessageA
RegisterWindowMessageA
BroadcastSystemMessageA
CharNextA
LoadStringA
wsprintfA
GetSysColor
InflateRect
OffsetRect
CheckMenuItem
EnableMenuItem
GetMenu
GetWindowRect
AnimateWindow
SystemParametersInfoA
DrawFrameControl
ModifyMenuA
GetMenuItemID
DeleteMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IntersectRect
GetMenuItemCount
GetMenuItemInfoA
SetMenuItemInfoA
GetClassNameA
UnregisterClassA
CharUpperW
CharUpperA
CharLowerW
CharLowerA
GetClassInfoA
ReleaseDC
GetDC
SetWindowRgn
LoadMenuA
MapWindowPoints

gdi32

SetBkColor
SetTextColor
DeleteObject
CreateSolidBrush
BitBlt
CreateFontIndirectA
GetStockObject
Polygon
GetTextExtentPoint32A
BeginPath
StretchBlt
SetPixel
CreatePolygonRgn
Escape
CreateRectRgnIndirect
TextOutA
RectVisible
PtVisible
GetCurrentObject
LPtoDP
DPtoLP
GetMapMode
EndPath
GetTextCharset
PathToRegion
CreatePalette
MoveToEx
LineTo
CreatePen
DeleteDC
GetClipBox
SelectObject
RealizePalette
SelectPalette
GetObjectA
GetDIBits
CreateDIBSection
SetDIBits
CreateBitmap
GetDeviceCaps
CreateDIBitmap
RestoreDC
SetWindowOrgEx
SetViewportOrgEx
ModifyWorldTransform
SetGraphicsMode
SaveDC
GetTextColor
SetBkMode
GetBkColor
StretchDIBits
SetStretchBltMode
PtInRegion
CreateCompatibleDC
ExtTextOutA
CreateCompatibleBitmap
GetRgnBox

advapi32

RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA
RegEnumValueA
RegCloseKey

shell32

SHGetFileInfoA
Shell_NotifyIconA

comctl32

_TrackMouseEvent

ole32

CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoCreateInstance
CoTaskMemRealloc

oleaut32

SysFreeString
VarUI4FromStr
SysAllocStringLen

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eb6a7f0fd507333784885bb44d3e1970

Headers

File Characteristics

Imports

qcui2

ltfil12n

ltkrn12n

version

shlwapi

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp71

Sections

.text Size: 156KB - Virtual size: 156KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 156KB - Virtual size: 156KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 24KB - Virtual size: 24KB