9cc0f2c1a276088b0401bd47dc7c093396095314e4beacc83d16f2e8563ddfdb

Sharing

Copy URL

Twitter E-mail

General

Target

9cc0f2c1a276088b0401bd47dc7c093396095314e4beacc83d16f2e8563ddfdb
Size

1.4MB
MD5

3c09ef8847e0f114b6ac46bb42cf1680
SHA1

dc3ac29ee5d09073cd2c9261159760db635efc8c
SHA256

9cc0f2c1a276088b0401bd47dc7c093396095314e4beacc83d16f2e8563ddfdb
SHA512

b7c6fe7334b521fe8e55e271a37f56d55bf6eef1825cb13c47ffb9948b37c229cce83087cd77c0c2929f889573af7bff52049ab8efcf31b13625b6d3b26a74c9
SSDEEP

24576:F/z+2GAyb2JUqUQDyY4lCPwVgSJmRwlsXuejXqr6NMRDtZcGyoBn1ClhW5tz33mD:7ynqUav4lCIaSJmRwlsXuejXqr6NMRDt

Score

N/A

Malware Config

Signatures

Files

9cc0f2c1a276088b0401bd47dc7c093396095314e4beacc83d16f2e8563ddfdb
.exe windows x86

6d2ed4addac7ebae62381320d82ac4c1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetLayout
GetLayout
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsW
PatBlt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
FillRgn
PtInRegion
CreatePolygonRgn
GetStockObject
SelectObject
GetTextExtentPoint32W
GetObjectW
DeleteObject
CreateSolidBrush
CreateFontIndirectW

user32

GrayStringW
TabbedTextOutW
IsMenu
GetWindowTextLengthW
SetWindowTextW
CreateAcceleratorTableW
BeginPaint
EndPaint
CallWindowProcW
GetClassNameW
InvalidateRgn
LoadStringW
GetWindow
GetWindowLongW
SetRect
CopyRect
GetWindowThreadProcessId
FindWindowExW
RedrawWindow
SendMessageTimeoutW
OffsetRect
SystemParametersInfoW
GetMonitorInfoW
MonitorFromPoint
MessageBoxW
IsRectEmpty
PtInRect
SetRectEmpty
InflateRect
FillRect
DeleteMenu
GetMenuState
InsertMenuW
ModifyMenuW
IsIconic
GetWindowRect
GetClientRect
ClientToScreen
ScreenToClient
InvalidateRect
GetFocus
GetDesktopWindow
ChildWindowFromPointEx
EnableWindow
GetClassInfoW
LoadCursorW
ShowWindow
GetSystemMetrics
GetDlgCtrlID
SetCursor
GetMessagePos
EnumChildWindows
GetSysColorBrush
GetKeyState
GetMenuItemID
MoveWindow
SetFocus
SetCapture
GetCursorPos
MapWindowPoints
RegisterWindowMessageW
DestroyAcceleratorTable
AppendMenuW
GetMenuItemCount
GetMenuStringW
GetMenuItemInfoW
DestroyMenu
SetMenuItemInfoW
CreatePopupMenu
GetSysColor
LoadImageW
DrawTextW
IsChild
SetWindowPlacement
SetParent
GetWindowPlacement
SetWindowLongW
EnableMenuItem
GetSystemMenu
IsZoomed
BringWindowToTop
BeginDeferWindowPos
EndDeferWindowPos
DeferWindowPos
GetCapture
AdjustWindowRectEx
NotifyWinEvent
ReleaseCapture
SetMenuDefaultItem
GetForegroundWindow
CharLowerW
GetNextDlgTabItem
GetDlgItem
TrackPopupMenuEx
IsWindowEnabled
DrawFocusRect
DefWindowProcW
SetWindowPos
SetTimer
KillTimer
GetWindowTextW
GetMenu
SetMenu
ChangeClipboardChain
SetClipboardViewer
SetForegroundWindow
SetActiveWindow
EnumThreadWindows
DrawFrameControl
DestroyIcon
UnionRect
UnhookWindowsHookEx
CallNextHookEx
GetSubMenu
CopyImage
DrawIconEx
GetDoubleClickTime
SetWindowsHookExW
CharUpperW
GetMessageTime
RegisterClassExW
GetClassInfoExW
CreateWindowExW
wsprintfW
GetDC
ReleaseDC
LoadAcceleratorsW
TranslateAcceleratorW
DrawEdge
PrivateExtractIconsW
CopyIcon
GetIconInfo
MessageBeep
DestroyWindow
IsWindow
LoadMenuW
SendMessageW
PostMessageW
UpdateWindow
IsWindowVisible
GetParent
LoadIconW
CharNextW
PeekMessageW

mfc42u

ord4186
ord5436
ord6379
ord702
ord400
ord5592
ord3936
ord5446
ord6390
ord915
ord1569
ord3436
ord1258
ord3808
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5790
ord5575
ord5567
ord6057
ord5860
ord3573
ord825
ord861
ord2606
ord5215
ord5213
ord2755
ord4609
ord4606
ord4604
ord1560
ord3658
ord617
ord296
ord5214
ord1165
ord1172
ord411
ord3654
ord6449
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord3348
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord4157
ord3188
ord3439
ord988
ord5612
ord3102
ord4209
ord2176
ord2177
ord3943
ord5726
ord5935
ord4689
ord709
ord1938
ord4269
ord334
ord3597
ord985
ord3190
ord3441
ord5498
ord5190
ord5725
ord1994
ord3466
ord4479
ord4603
ord4605
ord648
ord6399
ord3517
ord3649
ord2576
ord4215
ord2430
ord1637
ord1143
ord2859
ord6211
ord1215
ord1662
ord2385
ord2644
ord268
ord823
ord800
ord940
ord942
ord538
ord535
ord5568
ord2910
ord540
ord858
ord5303
ord4118
ord4692
ord4211
ord2422
ord2810
ord5499
ord2717
ord5712
ord5713
ord6466
ord1151
ord5285
ord2862
ord927
ord2776
ord5297
ord2627
ord986
ord4154
ord2613
ord1131
ord6113
ord6315
ord815
ord4418
ord5710
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord1995
ord561
ord1196
ord1817
ord4233
ord4817
ord2391
ord1197
ord4124
ord5679
ord1594
ord6191
ord4414
ord4155
ord2532
ord3865
ord652
ord4420
ord4617
ord6171
ord6076
ord3193
ord3449
ord4381
ord5649
ord3167
ord5573
ord1739
ord5239
ord6332
ord3053
ord4690
ord338
ord6928
ord1184
ord641
ord941
ord4608
ord4607
ord4078
ord3490
ord818
ord567
ord3737
ord4621
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord4401
ord1768
ord4073
ord6051
ord3087
ord2855
ord1937
ord4268
ord4294
ord3133
ord2371
ord2527
ord1229
ord5256
ord1090
ord2225
ord6193
ord6375
ord6004
ord2879
ord5848
ord5047
ord3282
ord3291
ord3909
ord3296
ord3344
ord4282
ord6373
ord5977
ord3494
ord537
ord1567
ord5640
ord4343
ord3905
ord4502
ord3288
ord813
ord4426
ord1719
ord3743
ord5236
ord4103
ord4955
ord4958
ord4518
ord4523
ord4520
ord4537
ord4539
ord4525
ord4884
ord4335
ord4893
ord4583
ord4717
ord560
ord2108
ord4458
ord3621
ord2406
ord3614
ord1634
ord2447
ord3716
ord3397
ord5237
ord795
ord1635
ord686
ord2445
ord384
ord5070
ord4886
ord4364
ord4582
ord4279
ord816
ord5871
ord6168
ord2746
ord4018
ord3871
ord5785
ord562
ord3566
ord3792
ord682
ord4270
ord4239
ord5249
ord6238
ord3568
ord3625
ord4394
ord2572
ord3084
ord6896
ord3281
ord860
ord2857
ord303
ord3636
ord3366
ord4397
ord4526
ord2575
ord2836
ord2099
ord613
ord5674
ord283
ord5869
ord5732
ord289
ord2400
ord2088
ord1192
ord6900
ord3629
ord6316
ord6712
ord1850
ord4240
ord674
ord4407
ord4998
ord4788
ord976
ord2858
ord5250
ord1243
ord4718
ord1561
ord1177
ord5048
ord2373
ord5095
ord4494
ord4421
ord2437
ord4430
ord1658
ord2641
ord5279
ord2374
ord5233
ord4072
ord4147
ord2873
ord2874
ord3398
ord5468
ord5006
ord4298
ord4461
ord5094
ord2382
ord2715
ord4452
ord401
ord4766
ord808
ord3726
ord4264
ord291
ord6105
ord3391
ord6451
ord6195
ord6331
ord2538
ord6456
ord6437
ord2854
ord4457
ord6266
ord1941
ord3916
ord4229
ord4847
ord3870
ord3093
ord3605
ord656
ord324
ord3592
ord4419
ord3356
ord5276
ord1767
ord6048
ord4704
ord4992
ord4370
ord5261
ord2455
ord1644
ord6237
ord2115
ord2637
ord1826
ord4224
ord4828
ord355
ord4846
ord4369
ord5010
ord4602
ord4744
ord4710
ord4601
ord4629
ord5061
ord5228
ord5264
ord1173
ord3688
ord3701
ord4292
ord4128
ord5784
ord472
ord755
ord470
ord1851
ord4241
ord4272
ord4148
ord4787
ord4584
ord4331
ord4495
ord5280
ord4869
ord4904
ord3016
ord5251
ord6325
ord5096
ord4422
ord4431
ord2375
ord2875
ord975
ord4462
ord3054
ord2383
ord2119
ord3864
ord4451
ord402
ord2634
ord1264
ord2506
ord1900
ord4709
ord4254
ord1899
ord768
ord609
ord4829
ord5283
ord4371
ord4352
ord4942
ord4970
ord4736
ord4899
ord5154
ord5156
ord5155
ord4253
ord6024
ord489
ord4848
ord3569
ord4390

msvcrt

wcsncmp
iswspace
wcsrchr
_ftol2_sse
wcstoul
_ultow
_ltow
_controlfp
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
wcschr
_wtoi
wcsstr
memcpy
_mbslen
_mbsnbcnt
wcstol
realloc
malloc
??0exception@@QAE@XZ
__wargv
__argc
_CxxThrowException
memcpy_s
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
free
swscanf
__RTDynamicCast
_purecall
memmove_s
_wcsicmp
memset
_vsnwprintf
_wcsnicmp
__CxxFrameHandler3

ntdll

EtwTraceMessage
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags

mmcbase

?ScFromMMC@@YG?AVSC@mmcerror@@J@Z
?InterfaceMethodActivationContextException@BookKeeping@@SGXHPBG0KPAU_EXCEPTION_POINTERS@@@Z
?MMCInterfaceError@BookKeeping@@SGXHPBG0@Z
?AddSnapinInterface@BookKeeping@@SG_NPAUIUnknown@@PBGAAH@Z
??4SC@mmcerror@@QAEAAV01@ABV01@@Z
??1SC@mmcerror@@QAE@XZ
??0SC@mmcerror@@QAE@ABV01@@Z
??0SC@mmcerror@@QAE@J@Z
?LKResult2HRESULT@BookKeeping@@SGJJ@Z
?AddSnapin@BookKeeping@@SGJPBGAAH@Z
?ReleaseSnapinInterface@BookKeeping@@SGJPAUIUnknown@@H@Z
?InvalidInterface@BookKeeping@@SGXHPBG0@Z
?MMCNullInterface@BookKeeping@@SGXHPBG0@Z
?GetSnapinName@BookKeeping@@SGPBGH@Z
?InterfaceMethodException@BookKeeping@@SGXHPBG0KPAU_EXCEPTION_POINTERS@@@Z
?s_hWnd@SC@mmcerror@@0PAUHWND__@@A
?s_CallDepth@SC@mmcerror@@0IA
?TraceSnapinError@@YGXPBGABVSC@mmcerror@@@Z
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
?MMC_PickIconDlg@@YGHPAUHWND__@@PAGIPAH@Z
?FindAllSnapinUIThreads@BookKeeping@@SGJPAPAKPAK@Z
InsideModalLoop
??9SC@mmcerror@@QBE_NJ@Z
?LoadStandardOverlays@@YGJPAU_IMAGELIST@@HPAH1@Z
?RemoveItem@BookKeeping@@SGJPAX@Z
?AddItem@BookKeeping@@SGJAAVItemHandle@@@Z
??7SC@mmcerror@@QBEHXZ
?GetStringModule@@YGPAUHINSTANCE__@@XZ
?Clear@SC@mmcerror@@QAEXXZ
?FromMMC@SC@mmcerror@@QAEAAV12@J@Z
?FindItem@BookKeeping@@SGPAVItemHandle@@PAX@Z
??1?$CEventLock@UAppEvents@@@@QAE@XZ
?FatalError@SC@mmcerror@@QBEXXZ
?Throw@SC@mmcerror@@QAEXXZ
?Throw@SC@mmcerror@@QAEXJ@Z
?FromWin32@SC@mmcerror@@QAEAAV12@J@Z
?MMCErrorBox@@YGHPBGI@Z
?IsError@SC@mmcerror@@QBE_NXZ
?Release@CMMCStrongReferences@@SGKXZ
?AddRef@CMMCStrongReferences@@SGKXZ
?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
??8SC@mmcerror@@QBE_NABV01@@Z
?GetEventBuffer@@YGAAVCEventBuffer@@XZ
?MMCErrorBox@@YGHVSC@mmcerror@@I@Z
?MMCErrorBox@@YGHII@Z
??8SC@mmcerror@@QBE_NJ@Z
?SetHWnd@SC@mmcerror@@SGXPAUHWND__@@@Z
?SetMainThreadID@SC@mmcerror@@SGXK@Z
?FromLastError@SC@mmcerror@@QAEAAV12@XZ
?MMCErrorBox@@YGHPBGVSC@mmcerror@@I@Z
?ScSetConsoleEventDispatcher@CConsoleEventDispatcherProvider@@SG?AVSC@mmcerror@@PAVCConsoleEventDispatcher@@@Z
?TraceAndClear@SC@mmcerror@@QAEXXZ
?GetErrorMessage@SC@mmcerror@@QBEXIPAG@Z
?GetHelpID@SC@mmcerror@@QAEKXZ
?LastRefReleased@CMMCStrongReferences@@SG_NXZ
?GetHelpFile@SC@mmcerror@@SGPBGXZ
?ToHr@SC@mmcerror@@QBEJXZ
??BSC@mmcerror@@QBE_NXZ
?TraceError@@YGXPBGABVSC@mmcerror@@@Z
??4SC@mmcerror@@QAEAAV01@J@Z
?SetFunctionName@SC@mmcerror@@QAEXPBG@Z

ole32

CoGetMalloc
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
StringFromCLSID
CoGetClassObject
RegisterDragDrop
RevokeDragDrop
CoCreateGuid
CoDisconnectObject
OleRun
ProgIDFromCLSID
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StringFromGUID2
DoDragDrop
GetHGlobalFromStream

shlwapi

PathFindFileNameW
ord225
ord176

uxtheme

SetWindowTheme
IsAppThemed
IsThemeActive
OpenThemeData
DrawThemeBackground
CloseThemeData

duser

SetGadgetStyle
GetGadgetRect

api-ms-win-core-localregistry-l1-1-0

RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

kernel32

OutputDebugStringA
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
ExpandEnvironmentStringsA
CreateDirectoryW
ReadFile
GlobalReAlloc
FormatMessageW
InterlockedExchangeAdd
HeapCreate
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
LocalFree
VirtualFree
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
DelayLoadFailureHook
GetFileSize
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
FindFirstFileW
FindNextFileW
FindClose
lstrcmpiW
GlobalAlloc
GlobalLock
GlobalUnlock
RaiseException
GetCurrentProcess
FlushInstructionCache
GetTickCount
GlobalFree
Sleep
FindResourceW
SetLastError
GetVersion
LoadLibraryW
GetModuleHandleA
LoadLibraryA
DeleteAtom
WriteFile
AddAtomW
CreateFileW
GetFileTime
GetCurrentProcessId
GetFileMUIPath
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
DeleteFileW
InterlockedDecrement
SetCurrentDirectoryW
GetModuleFileNameW
GetSystemDirectoryW
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
lstrcpyW
lstrlenW
GetVersionExW
GetFileAttributesW
GetCurrentDirectoryW
GetModuleHandleW
GetProcAddress
CreateProcessW
CloseHandle
GetFullPathNameW
GetLongPathNameW
GetCommandLineW
OutputDebugStringW
ExpandEnvironmentStringsW
GetLastError
CompareStringW
lstrcmpW

Exports

Exports

_GetAllocCounters@0

Sections

.text
Size: 975KB - Virtual size: 975KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 33KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 273KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d2ed4addac7ebae62381320d82ac4c1

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

mfc42u

msvcrt

ntdll

mmcbase

ole32

shlwapi

uxtheme

duser

api-ms-win-core-localregistry-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 975KB - Virtual size: 975KB

.data Size: 33KB - Virtual size: 34KB

.rsrc Size: 273KB - Virtual size: 273KB

.reloc Size: 102KB - Virtual size: 105KB

.text
Size: 975KB - Virtual size: 975KB

.data
Size: 33KB - Virtual size: 34KB

.rsrc
Size: 273KB - Virtual size: 273KB

.reloc
Size: 102KB - Virtual size: 105KB