806f504ac6672d92e015f517d7894b80d84e54eba108d90c3ebccf694bb8a695

Sharing

Copy URL Twitter E-mail

General

Target

806f504ac6672d92e015f517d7894b80d84e54eba108d90c3ebccf694bb8a695
Size

456KB
MD5

6e16133427d65717684fe62d3c383f00
SHA1

346d03cf4b80285cf02b5a5a6cd6fb981b19e87e
SHA256

806f504ac6672d92e015f517d7894b80d84e54eba108d90c3ebccf694bb8a695
SHA512

951942f7bc3af9360cac629482955506bdc9df7637e92e9498e93b0687a9b06065ccda01c9a4db71ca019847f47cbc7ce8523e9a4e736461b130948712ed199f
SSDEEP

6144:Af9JL6DIrZjhAwVnBJ7lyR6KDN0vtJmOlN7vmZsu3oycVYygUp56Xqc:Af9JL6DEZjhbBJ7AJDN+NresunagU6r

Score

N/A

Malware Config

Signatures

Files

806f504ac6672d92e015f517d7894b80d84e54eba108d90c3ebccf694bb8a695
.dll windows x86

28f7f7666bb717bcc5584d6f4de6e05a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveInPrepareHeader
waveOutClose
waveOutReset
waveOutUnprepareHeader
waveOutPrepareHeader
PlaySoundA
waveOutWrite
waveInAddBuffer
waveOutOpen
waveOutGetNumDevs
waveInGetNumDevs
mixerGetLineControlsW
timeBeginPeriod
timeSetEvent
timeEndPeriod
timeKillEvent
waveInClose
waveInReset
waveInStop
waveInUnprepareHeader
mciSendCommandW
waveInStart
waveInOpen
mixerClose
mixerGetControlDetailsW
mixerSetControlDetails
mixerGetNumDevs
mixerOpen
mixerGetDevCapsW
mixerGetLineInfoW

skinmagicu

ord53
ord9
ord7

gdiplus

GdipFree
GdipAlloc
GdipDeleteGraphics
GdipLoadImageFromFile
GdipDisposeImage
GdipCreateFromHDC
GdipDrawImageRectI
GdipCloneImage
GdiplusStartup
GdiplusShutdown

msvcr71

__CppXcptFilter
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__security_error_handler
floor
ftell
strtol
strncmp
strchr
sprintf
free
strstr
fwrite
atoi
strncpy
wcsncpy
??_U@YAPAXI@Z
fopen
fseek
fread
fclose
swprintf
time
difftime
??_V@YAXPAX@Z
wcsftime
_localtime64
_mktime64
_wcsicmp
malloc
memmove
_purecall
_wtoi
wcscpy
wcscmp
??2@YAPAXI@Z
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcslen
__RTDynamicCast
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??3@YAXPAX@Z
_CIpow
_stricmp
_itoa
memset

mfc71u

ord2340
ord1476
ord1156
ord3331
ord1555
ord651
ord416
ord3448
ord4112
ord3417
ord2254
ord2361
ord2444
ord1782
ord591
ord3165
ord4228
ord1538
ord2080
ord4092
ord1474
ord1922
ord3635
ord3435
ord1079
ord3204
ord1925
ord3198
ord4119
ord1894
ord2086
ord1582
ord5911
ord1611
ord1608
ord3940
ord1393
ord4234
ord5148
ord1899
ord5067
ord6271
ord4179
ord5210
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord2985
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4255
ord3311
ord572
ord741
ord2077
ord1536
ord4226
ord3158
ord587
ord1299
ord2167
ord1636
ord1577
ord4238
ord3298
ord730
ord5178
ord4206
ord4729
ord4884
ord2011
ord1662
ord1661
ord1542
ord5908
ord1392
ord4256
ord577
ord605
ord1096
ord1719
ord293
ord354
ord1883
ord1784
ord1785
ord6063
ord774
ord283
ord6232
ord5199
ord3756
ord5609
ord5829
ord2155
ord280
ord1479
ord282
ord2926
ord1472
ord630
ord3082
ord2012
ord385
ord2651
ord2461
ord4074
ord5558
ord3990
ord5524
ord4347
ord6086
ord5987
ord3753
ord4574
ord1545
ord3189
ord620
ord776
ord2362
ord1271
ord2366
ord2083
ord1632
ord1562
ord4232
ord2952
ord3224
ord658
ord2860
ord2260
ord3983
ord290
ord2876
ord4101
ord5398
ord860
ord2261
ord753
ord563
ord3869
ord2788
ord3155
ord1270
ord5633
ord2076
ord3156
ord709
ord5638
ord5727
ord6033
ord4743
ord501
ord602
ord347
ord6061
ord6279
ord2121
ord777
ord2089
ord1641
ord1585
ord4237
ord2977
ord3318
ord748
ord4109
ord631
ord2271
ord386
ord2656
ord2311
ord5862
ord3873
ord5869
ord3249
ord5327
ord6293
ord5316
ord6282
ord1571
ord1168
ord371
ord1093
ord1182
ord1178
ord4094
ord2085
ord3238
ord1946
ord1274
ord1006
ord287
ord6141
ord2877
ord5803
ord5867
ord2460
ord744
ord556
ord2151
ord4558
ord3678
ord3590
ord760
ord1637
ord1579
ord3306
ord736
ord3395
ord5965

kernel32

GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
ExitProcess
ReleaseMutex
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GlobalLock
GlobalUnlock
GetProcAddress
FreeLibrary
WideCharToMultiByte
CreateEventW
ResetEvent
SetEvent
CloseHandle
WriteFile
CreateFileA
SetupComm
GetCommTimeouts
SetCommTimeouts
PurgeComm
SetCommMask
GetCurrentProcess
SetPriorityClass
CreateThread
WaitForSingleObject
WaitCommEvent
ClearCommError
ReadFile
GetOverlappedResult
MultiByteToWideChar
GetLastError
Sleep
GetTickCount
GetLocalTime
ReleaseSemaphore
CreateSemaphoreW
LoadLibraryW
GetModuleFileNameW
FindFirstFileW
GetVersionExW

user32

GetWindowRect
SendMessageW
GetClientRect
IsWindowVisible
EnableWindow
GetParent
IsWindowEnabled
GetAsyncKeyState
GetCursorPos
PtInRect
PostMessageW
ScreenToClient
InvalidateRect
SetTimer
GetClipboardData
CloseClipboard
OpenClipboard
MoveWindow
GetClassNameW
GetWindow
IsWindow
SetWindowLongW
LoadCursorW
SetCursor
ReleaseCapture
SetCapture
ReleaseDC
GetDC
LoadImageW
SetParent
KillTimer
GetDlgItemTextW
GetDlgCtrlID
SetWindowPos
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
BringWindowToTop
EnableMenuItem
AppendMenuW
CreatePopupMenu
OffsetRect
UpdateWindow
SystemParametersInfoW
GetSystemMetrics
GetWindowLongW
FindWindowW
RedrawWindow
DestroyIcon

gdi32

GetObjectW
CreateFontIndirectW
CreateCompatibleBitmap
DeleteObject
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC

advapi32

RegQueryValueExA
RegCloseKey

shell32

SHAppBarMessage

comctl32

ImageList_GetImageCount
ImageList_AddMasked
ImageList_Remove
ImageList_Draw
ImageList_GetImageInfo
_TrackMouseEvent

shlwapi

PathFileExistsW

msvcp71

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?_Xran@_String_base@std@@QBEXXZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AVconst_iterator@12@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AVconst_iterator@12@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

setupapi

SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

Exports

Exports

CreatePlugin

Sections

.text
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

28f7f7666bb717bcc5584d6f4de6e05a

Headers

File Characteristics

Imports

winmm

skinmagicu

gdiplus

msvcr71

mfc71u

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

msvcp71

setupapi

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 213KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 36KB - Virtual size: 34KB

.text Size: 112KB - Virtual size: 112KB

.text
Size: 216KB - Virtual size: 213KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 36KB - Virtual size: 34KB

.text
Size: 112KB - Virtual size: 112KB