e81e1abcd5c426764f9e726cb272bbe93c17e9004ac2160222c6d4c3258c06f9

Sharing

Copy URL Twitter E-mail

General

Target

e81e1abcd5c426764f9e726cb272bbe93c17e9004ac2160222c6d4c3258c06f9
Size

363KB
MD5

090e03eb9a980c3d3814459ff9b95be0
SHA1

1a3a6182588df3cc565464dc9ac26d9b32c93528
SHA256

e81e1abcd5c426764f9e726cb272bbe93c17e9004ac2160222c6d4c3258c06f9
SHA512

d46664f15016ce59cf7132e679993c8055b35b37901c1edd5efa6cca99ca1c68295e9694939283f4a6691aa7e6f2d49670ef1ebe18d3f3bc75892fd735f3fdf5
SSDEEP

6144:v+CRac0b+4S/zJK0VkR9Zbjc35juDoOGiTZnI8wEnPpmxF3:5RobE/zc00j6CNTJIUIxt

Score

N/A

Malware Config

Signatures

Files

e81e1abcd5c426764f9e726cb272bbe93c17e9004ac2160222c6d4c3258c06f9
.exe windows x86

4c56d80d893231a50f1b602b4560aa2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

basedll

?SafeLoadLibrary@Library@Base@@YAPAUHINSTANCE__@@PB_WH@Z

utilsdll

?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?SetSupplyID@Misc@Utils@@YAHH@Z
?GetSoftID@Misc@Utils@@YAIXZ
?GetSupplyID@Misc@Utils@@YAHAAH@Z

reportdll

GetReportMgr
ReleaseReportMgr

kernel32

GetFileAttributesW
Sleep
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WideCharToMultiByte
FindResourceExW
CreateEventA
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
LockResource
GlobalHandle
IsBadWritePtr
InterlockedExchange
FormatMessageA
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GlobalLock
MultiByteToWideChar
lstrcmpiW
GlobalUnlock
FreeLibrary
InterlockedIncrement
InterlockedDecrement
CreateMutexW
LeaveCriticalSection
GetLastError
CloseHandle
GetCurrentThreadId
RaiseException
FindResourceW
SetLastError
LoadResource
MulDiv
GetModuleFileNameW
EnterCriticalSection
GetCurrentProcess
GetModuleHandleW
InitializeCriticalSection
FlushInstructionCache
lstrcmpW
SizeofResource
LoadLibraryExW
WaitForSingleObject
DeleteCriticalSection
lstrlenW
GlobalAlloc
GetProcAddress
CreateEventW
SetEvent
GlobalFree
FreeResource

user32

PeekMessageW
TranslateMessage
DispatchMessageW
RedrawWindow
ReleaseCapture
LoadCursorW
SetFocus
DestroyWindow
DestroyAcceleratorTable
ClientToScreen
SetWindowLongW
GetDesktopWindow
UnregisterClassA
CreateAcceleratorTableW
GetWindowLongW
SetWindowTextW
GetWindow
GetDlgItem
GetSysColor
ScreenToClient
SendMessageW
CallWindowProcW
DefWindowProcW
IsChild
MoveWindow
CreateWindowExW
BeginPaint
SetWindowContextHelpId
SystemParametersInfoW
MapWindowPoints
GetCapture
EnableWindow
UpdateWindow
AdjustWindowRectEx
IsDialogMessageW
OffsetRect
GetMonitorInfoW
GetMenu
MonitorFromWindow
DrawFocusRect
ShowWindow
InflateRect
PostMessageW
DrawEdge
CreateDialogIndirectParamW
MapDialogRect
IsWindowEnabled
KillTimer
PtInRect
GetSystemMetrics
GetDlgCtrlID
LoadImageW
GetWindowRect
SetTimer
SetWindowRgn
InvalidateRgn
SetCapture
GetParent
FillRect
RegisterWindowMessageW
CharNextW
GetClassInfoExW
EndPaint
IsWindow
GetClassNameW
GetWindowTextLengthW
RegisterClassExW
GetMessageW
GetClientRect
GetDC
InvalidateRect
ReleaseDC
SetWindowPos
GetWindowTextW
GetFocus

gdi32

GetTextExtentPoint32W
SetBkMode
SetTextColor
CreateFontW
RoundRect
CreatePen
GetDIBColorTable
StretchBlt
TextOutW
CreateDIBSection
SetDIBColorTable
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
DeleteObject
CreateSolidBrush
GetDeviceCaps
SelectObject
GetStockObject
GetObjectW
SetViewportOrgEx
CreateRoundRectRgn
Rectangle

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW

shell32

ShellExecuteW

ole32

CoGetClassObject
CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoTaskMemAlloc
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleInitialize
CoTaskMemRealloc
OleLockRunning
StringFromGUID2

oleaut32

OleCreateFontIndirect
DispCallFunc
SysAllocString
SysFreeString
SysStringLen
LoadTypeLi
VarUI4FromStr
LoadRegTypeLi
SysAllocStringLen
VariantInit
SysStringByteLen
VariantClear

comctl32

InitCommonControlsEx
ImageList_Add
ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_Destroy
ImageList_GetIconSize

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipDisposeImage
GdipDeleteGraphics
GdipDrawImageI
GdipGetImagePaletteSize
GdipGetImageGraphicsContext
GdipCloneImage
GdipBitmapUnlockBits
GdiplusShutdown
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipFree
GdipAlloc
GdipCreateBitmapFromStream
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePalette
GdipBitmapLockBits
GdiplusStartup

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

msvcr80

strerror
_itoa
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
??3@YAXPAX@Z
fopen
fwrite
free
fclose
??_V@YAXPAX@Z
wcsncpy_s
_recalloc
??2@YAPAXI@Z
malloc
memcpy_s
memmove_s
_time64
swprintf_s
sprintf
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_vswprintf
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
memset
memcpy
_CxxThrowException
__iob_func
fprintf
fflush
_snprintf
__CxxFrameHandler3
vswprintf_s
_vscwprintf
_waccess
rand
srand
_wcsicmp
_wtoi
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_purecall
_resetstkoflw
wcscpy_s
wcsstr
_wcsnicmp

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c56d80d893231a50f1b602b4560aa2e

Headers

File Characteristics

Imports

basedll

utilsdll

reportdll

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

gdiplus

msvcp80

msvcr80

version

Sections

.text Size: 204KB - Virtual size: 200KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 204KB - Virtual size: 200KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 84KB - Virtual size: 84KB