923866ebaf610ba4c4ef6b19dfce72fddc0b56093814ec1bf590322446f352ac

Sharing

Copy URL

Twitter E-mail

General

Target

923866ebaf610ba4c4ef6b19dfce72fddc0b56093814ec1bf590322446f352ac
Size

884KB
MD5

63cc8d4777b75d597fba867339f32400
SHA1

f2d0bb551cf4e2848705ebb00116e4cdb92ce2fe
SHA256

923866ebaf610ba4c4ef6b19dfce72fddc0b56093814ec1bf590322446f352ac
SHA512

0cda8641167db2aece869af3119f774a17ead71654699b9fd0fc10007cc06a3d7cb11076961c65710010368e96eda14361aade098e572d6a91f65549ee1519a3
SSDEEP

24576:vg+IWgRGx0Tr9mzMYudQkplJt+CaRUo13SoM:vQWCQw5+CaRUoRM

Score

N/A

Malware Config

Signatures

Files

923866ebaf610ba4c4ef6b19dfce72fddc0b56093814ec1bf590322446f352ac
.exe windows x86

8699653a7e302efb1518d11af7b16713

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5252
ord5030
ord4413
ord6379
ord4034
ord4436
ord5054
ord4981
ord5860
ord6142
ord2754
ord3571
ord2452
ord2753
ord1949
ord5782
ord2841
ord1105
ord5856
ord2107
ord5683
ord5450
ord5440
ord6383
ord6394
ord668
ord3178
ord3181
ord4058
ord2781
ord2770
ord356
ord4078
ord1776
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord6877
ord3810
ord3880
ord3425
ord3054
ord5858
ord4278
ord536
ord1621
ord4499
ord4457
ord6442
ord926
ord772
ord366
ord500
ord674
ord4427
ord1665
ord2649
ord5282
ord5237
ord4077
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord5012
ord3350
ord4303
ord4467
ord5103
ord5100
ord3059
ord2390
ord2723
ord4242
ord1842
ord323
ord1640
ord2450
ord640
ord5289
ord6403
ord3521
ord2725
ord1134
ord6117
ord6402
ord3522
ord2092
ord1768
ord561
ord815
ord3738
ord4622
ord5714
ord5307
ord4698
ord4079
ord5600
ord1083
ord501
ord773
ord1576
ord1862
ord3701
ord1574
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord3717
ord967
ord4975
ord4863
ord4335
ord4447
ord2032
ord5482
ord5811
ord4779
ord5308
ord4274
ord1168
ord941
ord2116
ord2135
ord2864
ord3574
ord4396
ord2575
ord1146
ord1644
ord2863
ord6270
ord2438
ord3654
ord2584
ord4220
ord1200
ord2645
ord939
ord3097
ord2302
ord656
ord3610
ord3402
ord2301
ord4123
ord1175
ord3797
ord2714
ord6605
ord2078
ord2086
ord4234
ord2362
ord324
ord2514
ord6880
ord6334
ord5953
ord6242
ord6199
ord2370
ord609
ord6197
ord3092
ord2642
ord641
ord3597
ord4425
ord5280
ord1775
ord6052
ord4710
ord4998
ord4853
ord4376
ord5265
ord4160
ord6453
ord2818
ord2817
ord537
ord924
ord2763
ord5710
ord858
ord4129
ord535
ord2859
ord860
ord4299
ord2379
ord1233
ord2152
ord4287
ord6215
ord823
ord5875
ord3573
ord470
ord5799
ord6129
ord3756
ord755
ord1641
ord4275
ord2414
ord3626
ord3663
ord825
ord567
ord540
ord2614
ord5768
ord429
ord1652
ord4042
ord3216
ord404
ord5445
ord703
ord5510
ord6778
ord6929
ord6927
ord4328
ord818
ord800
ord3619
ord3706
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord1929
ord2124
ord2446
ord795
ord2764
ord4202
ord1638
ord791
ord523
ord1639
ord1995
ord2449
ord4411
ord5797
ord5479
ord1247
ord6094
ord6282
ord6663
ord4476
ord3874
ord3693
ord4133
ord4297
ord5788
ord2860
ord1792
ord2405
ord4022
ord5785
ord3721
ord3873
ord5789
ord6172
ord1795
ord6241
ord613
ord289
ord6157
ord5873
ord940
ord5981
ord4284
ord2688
ord816
ord562
ord6378
ord2096
ord686
ord384
ord5787
ord2243
ord2380
ord1979
ord6385
ord665
ord5186
ord354
ord1270
ord1232
ord3089
ord3496
ord2915
ord2919
ord1567
ord268
ord2567
ord472
ord4267
ord6170
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord6194
ord1844
ord2580
ord4400
ord3630
ord682
ord6654
ord2862
ord2393
ord1099
ord5053
ord1265
ord6909
ord6720
ord4694
ord5148
ord5572
ord6662
ord6779
ord6648
ord1945
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord4432
ord813
ord560
ord5260
ord4723
ord4273
ord3692
ord2093
ord3754
ord3920
ord2089
ord6458
ord5791
ord283
ord3138
ord1133
ord6128
ord3752
ord812
ord559
ord6144
ord5781
ord6119
ord5862
ord4774
ord3921
ord2381
ord6283
ord1816
ord6055

msvcrt

__CxxFrameHandler
memmove
_ftol
qsort
sprintf
_purecall
free
_strdup
__p___argc
malloc
_lseek
_read
_filelength
_close
_open
_write
_chsize
_tell
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_mkdir
rename
calloc
_snprintf
isprint
fprintf
fflush
_mbsicmp
_mbschr
strrchr
atoi
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
time
srand
_mbscmp
__p___argv
atol
strchr
_mbsnbcmp
_strlwr
_mbsrchr
realloc
_mbsnbcpy
_strcmpi
_stricmp
strstr
isdigit
isxdigit
_ismbcdigit
_strnicmp
sscanf
wcscpy
_mbspbrk
strtoul
wcslen
_setmbcp
rand
_local_unwind2
_except_handler3
strncpy
fread
fopen
fwrite
fclose
_vsnprintf

kernel32

OutputDebugStringA
lstrcmpiA
GetVersion
lstrcmpA
FindResourceExA
GlobalSize
GlobalReAlloc
_lread
GlobalLock
GlobalUnlock
WriteFile
GetLastError
_lopen
_llseek
_lclose
lstrcpynA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
lstrcatA
lstrcpyA
IsBadWritePtr
IsBadReadPtr
VirtualQuery
SizeofResource
LockResource
LoadResource
FindResourceA
LocalFree
SetFilePointer
GetFileAttributesA
GetStartupInfoA
GetTempPathA
SetFileAttributesA
DeleteFileA
FindFirstFileA
FindClose
GetCurrentProcess
OpenProcess
TerminateProcess
CreateProcessA
GetCurrentThreadId
GetTickCount
InterlockedExchange
GetModuleFileNameA
CreateFileA
GetFileSize
GlobalAlloc
ReadFile
GlobalMemoryStatus
GetVersionExA
GetModuleHandleA
GetCurrentProcessId
GetPrivateProfileIntA
ExitProcess
WaitForMultipleObjects
GetPrivateProfileStringA
SetEvent
WaitForSingleObject
TerminateThread
CreateEventA
CreateThread
CloseHandle
CopyFileA
GetLocalTime
GlobalFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetCurrentDirectoryA
lstrlenW
WideCharToMultiByte
Sleep
lstrlenA
IsDBCSLeadByte
LoadLibraryA
GetProcAddress
FreeLibrary
MulDiv

user32

EnableWindow
CopyRect
PostMessageA
PtInRect
ClientToScreen
IsIconic
GetWindowRect
InvalidateRect
UpdateWindow
IsWindow
DrawTextA
ScreenToClient
EnableMenuItem
GetSubMenu
LoadMenuA
SetCapture
ReleaseCapture
DestroyIcon
DrawIconEx
EnumChildWindows
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
LoadBitmapA
DrawEdge
IsZoomed
SetActiveWindow
GetActiveWindow
DestroyCursor
CreateCursor
GetKeyState
LoadImageA
UnionRect
GetSysColor
CloseClipboard
OpenClipboard
SetClipboardData
EmptyClipboard
GetAsyncKeyState
GetFocus
RegisterWindowMessageA
LoadCursorFromFileA
SendMessageA
GetClassInfoA
SetRectEmpty
IsRectEmpty
InvertRect
DrawFrameControl
GetClassNameA
GetWindow
ClipCursor
GetClipCursor
TabbedTextOutA
GrayStringA
SetFocus
GetWindowTextA
IsChild
ShowScrollBar
DrawStateA
GetIconInfo
IsMenu
GetNextDlgTabItem
GetNextDlgGroupItem
GetMenuStringA
GetMenuItemID
GetMenuItemCount
DrawIcon
GetCursor
MessageBeep
AdjustWindowRectEx
ModifyMenuA
GetMenuState
MessageBoxA
SetRect
GetDC
SetTimer
SetCursor
LoadStringA
SystemParametersInfoA
GetSystemMetrics
GetWindowDC
ReleaseDC
KillTimer
OffsetRect
SetWindowRgn
IsWindowVisible
SetPropA
WaitForInputIdle
InflateRect
BeginPaint
EndPaint
WindowFromPoint
ChildWindowFromPointEx
RegisterClassExA
CreateWindowExA
ShowWindow
DestroyWindow
UnregisterClassA
GetDesktopWindow
DefWindowProcA
IntersectRect
GetParent
GetCapture
SetWindowPos
CopyImage
FillRect
GetWindowLongA
SetWindowLongA
GetClientRect
GetCursorPos
TranslateAcceleratorA
GetSystemMenu
AppendMenuA
GetWindowThreadProcessId
GetForegroundWindow
FlashWindow
PostQuitMessage
GetWindowRgn
FindWindowA
RedrawWindow
LoadCursorA
LoadAcceleratorsA
LoadIconA
wsprintfA

gdi32

CreateRectRgnIndirect
GetTextColor
LineDDA
Rectangle
GetBkColor
GetDIBColorTable
GetTextMetricsA
ExtTextOutA
PtVisible
GetBkMode
GetCurrentObject
GetTextAlign
CreateHalftonePalette
CreatePatternBrush
Ellipse
Arc
SetPixel
GetDeviceCaps
CreateFontA
GetPaletteEntries
GetSystemPaletteEntries
RectVisible
GetStockObject
CreatePen
CreatePalette
CreateDIBitmap
RealizePalette
SelectPalette
GetRegionData
GetDIBits
SetStretchBltMode
ExtCreateRegion
PathToRegion
LPtoDP
SetDIBitsToDevice
StretchDIBits
Escape
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
SetBkColor
StretchBlt
GetPixel
CreateDIBSection
DeleteDC
GetTextExtentPointA
DeleteObject
SetBkMode
SetTextColor
TextOutA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetCharWidthA
GetTextExtentPoint32A
CreatePolygonRgn
CreateRoundRectRgn
CreateRectRgn
BeginPath
OffsetRgn
GetRgnBox
CreateSolidBrush
FillRgn
FrameRgn
GetObjectA
CreateFontIndirectA
EndPath
CombineRgn

advapi32

RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueA
GetUserNameA
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHBrowseForFolderA
ShellExecuteExA
SHAppBarMessage
SHGetPathFromIDListA

comctl32

ImageList_GetIcon
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_AddMasked
_TrackMouseEvent

olepro32

ord251

ole32

CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
OleRun
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
SysAllocStringLen
SysAllocString
SystemTimeToVariantTime

winmm

mmioDescend
PlaySoundA
mmioOpenA
mmioClose
mmioAscend
mmioRead

dsound

ord1

msvcp60

?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_7out_of_range@std@@6B@
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wsock32

inet_addr
send
recv
htons
ntohs
select
ioctlsocket
connect
closesocket
WSAGetLastError
gethostbyname
bind
htonl
socket
setsockopt
inet_ntoa
WSASetLastError
getsockname

msimg32

TransparentBlt
AlphaBlend

Sections

.text
Size: 720KB - Virtual size: 719KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8699653a7e302efb1518d11af7b16713

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

olepro32

ole32

oleaut32

winmm

dsound

msvcp60

version

wsock32

msimg32

Sections

.text Size: 720KB - Virtual size: 719KB

.rdata Size: 80KB - Virtual size: 77KB

.data Size: 32KB - Virtual size: 75KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 720KB - Virtual size: 719KB

.rdata
Size: 80KB - Virtual size: 77KB

.data
Size: 32KB - Virtual size: 75KB

.rsrc
Size: 48KB - Virtual size: 45KB