ae1511afa2ef686865d792c7a1a5e41b094436a3421c54c65263d527a16b8bbd

Sharing

Copy URL

Twitter E-mail

General

Target

ae1511afa2ef686865d792c7a1a5e41b094436a3421c54c65263d527a16b8bbd
Size

1.2MB
MD5

48fac0b513b6fae1c5e98937679216c0
SHA1

9b85d1b479692a8f5a794a0b2cf2b03799b290c6
SHA256

ae1511afa2ef686865d792c7a1a5e41b094436a3421c54c65263d527a16b8bbd
SHA512

c49c9b7daef594ecb965d15f1b9641c305f7cd337cc120eaf1dce907952d45351a3b0aa47ea625632c3401b6b76f19647a83b6ee6da9260b8712d77b6186fe18
SSDEEP

24576:Tb1Y1ZfXi2hfpa9cvGJQrPIG4v5+caBybpCd:T0flJFPh4vccaB+E

Score

N/A

Malware Config

Signatures

Files

ae1511afa2ef686865d792c7a1a5e41b094436a3421c54c65263d527a16b8bbd
.exe windows x86

e80999478819fedbea1bdb4b6d3e7711

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
SetUnhandledExceptionFilter
GetStartupInfoW
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapAlloc
UnhandledExceptionFilter
GetFileTime
FileTimeToSystemTime
FlushInstructionCache
MulDiv
TerminateThread
GetCurrentProcessId
OpenFileMappingW
MapViewOfFile
GetSystemTime
GetTickCount
CreateMutexW
ResetEvent
SetEvent
CreateEventW
SetFilePointer
InitializeCriticalSectionAndSpinCount
Sleep
WaitForSingleObject
CreateThread
GetLogicalDriveStringsW
QueryDosDeviceW
GetLocalTime
GetVersionExW
ExpandEnvironmentStringsW
GetCurrentProcess
LocalFree
SetLastError
lstrcmpiW
LoadLibraryExW
InitializeCriticalSection
InterlockedDecrement
lstrlenA
lstrlenW
EnterCriticalSection
LeaveCriticalSection
CreateFileW
ReadFile
GlobalSize
FreeResource
DeleteCriticalSection
FreeLibrary
GetCurrentThreadId
InterlockedIncrement
LoadLibraryW
GetProcAddress
GetPrivateProfileStringW
CreateDirectoryW
WritePrivateProfileStringW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
UnmapViewOfFile
CreateFileMappingW
GetModuleFileNameW
GetLastError
MapViewOfFileEx
GetEnvironmentVariableW
GetPrivateProfileIntW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
TerminateProcess
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateFileA
GetFileSize
CloseHandle
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetModuleHandleW
HeapFree

user32

GetWindowLongW
GetWindowRect
GetWindow
GetParent
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsWindow
PeekMessageW
CopyRect
InflateRect
ReleaseDC
RegisterWindowMessageW
CharNextW
ShowWindow
IsWindowVisible
GetClientRect
SendMessageW
SetFocus
KillTimer
ExitWindowsEx
FindWindowExW
PostThreadMessageW
GetFocus
GetMonitorInfoW
MonitorFromWindow
SetLayeredWindowAttributes
GetKeyState
GetScrollPos
WindowFromPoint
InvalidateRect
RedrawWindow
GetDlgCtrlID
SetCapture
ReleaseCapture
MapWindowPoints
GetActiveWindow
IsWindowEnabled
EnableWindow
GetForegroundWindow
GetWindowThreadProcessId
SystemParametersInfoW
SetWindowPos
AttachThreadInput
SetForegroundWindow
SetActiveWindow
SetTimer
DefWindowProcW
GetNextDlgTabItem
BeginPaint
EndPaint
SetCursor
LoadCursorW
PtInRect
SetRect
OffsetRect
EqualRect
PostMessageW
GetDesktopWindow
DrawTextW
GetDC
LoadIconW
UnregisterClassA
CallWindowProcW
SetWindowLongW
GetClassInfoExW
LoadImageW
DestroyIcon
DrawFrameControl
UpdateLayeredWindow
RegisterClassExW
CreateWindowExW
DrawIconEx
GetDlgItem
SetRectEmpty

gdi32

RectInRegion
CombineRgn
CreateRectRgnIndirect
GetTextExtentPoint32W
TextOutW
RoundRect
GetClipRgn
SetBkMode
GetCurrentObject
GetDeviceCaps
GetGlyphOutlineW
GetObjectA
DeleteDC
SelectObject
EnumFontFamiliesExW
DeleteObject
CreateFontIndirectW
GetObjectW
StretchDIBits
SetDIBitsToDevice
CreateCompatibleDC
CreateDIBSection
SaveDC
RestoreDC
SelectClipRgn
MoveToEx
LineTo
Rectangle
ExtTextOutW
SetBkColor
CreateRectRgn
CreatePen
CreateCompatibleBitmap
BitBlt
StretchBlt
SetTextColor
CreateBitmap
GetTextMetricsW
GetRegionData
GetStockObject
GetTextColor

advapi32

GetSidLengthRequired
InitializeSecurityDescriptor
FreeSid
EqualSid
AllocateAndInitializeSid
RegOpenKeyW
RegEnumValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeAcl
AddAce
GetAclInformation
GetAce
GetNamedSecurityInfoW
SetNamedSecurityInfoW
IsValidSid
GetLengthSid
CopySid
SetSecurityDescriptorDacl
InitializeSid
GetSidSubAuthority
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
GetTokenInformation

shell32

ShellExecuteW
SHChangeNotify
Shell_NotifyIconW
SHGetFileInfoA
SHFileOperationW

ole32

CoCreateGuid
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

VariantTimeToSystemTime
VarUI4FromStr
SystemTimeToVariantTime

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
StrToIntA
PathRemoveExtensionW
SHDeleteKeyW
PathAddBackslashW
StrStrIA
StrToIntW
PathFileExistsA
PathAppendW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt

msvcp80

?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ

gdiplus

GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipDrawLineI
GdipSetImageAttributesRemapTable
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipCreateFromHDC
GdipDeleteGraphics
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipAlloc
GdipCreateFontFromLogfontW
GdipLoadImageFromStreamICM
GdipFree
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdiplusShutdown
GdipGetDC
GdipReleaseDC
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipSetStringFormatTrimming
GdipDrawString
GdipSetTextRenderingHint
GdipLoadImageFromStream
GdipDrawImageRectRectI
GdipDrawImagePointsRectI
GdipDrawImageRectI
GdipGetInterpolationMode
GdipSetInterpolationMode
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetStringFormatLineAlign
GdipSetPageScale
GdipSetPageUnit
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipResetWorldTransform
GdipSetSmoothingMode
GdipSetImageAttributesWrapMode
GdipSetPixelOffsetMode
GdipGetPixelOffsetMode

msvcr80

_encode_pointer
_lock
_onexit
_decode_pointer
_except_handler4_common
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
strcat
ceil
wcsstr
tolower
strchr
strncmp
__dllonexit
isalnum
isalpha
_vsnprintf_s
sscanf_s
fputc
ferror
fseek
ftell
memset
wcscpy_s
wcsrchr
??_V@YAXPAX@Z
strlen
fread
fclose
fprintf
atof
atoi
fopen_s
memmove
_wtoi
wcsncpy_s
_recalloc
calloc
vswprintf_s
_vscwprintf
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_unlock
wcspbrk
vsprintf_s
_vscprintf
swprintf_s
_mbschr
_mbsstr
_mbsicmp
sscanf
_stricmp
labs
_endthread
wcschr
wcscat
_beginthreadex
strcpy
strncat
memcmp
_wcsnicmp
sprintf
strncpy
isspace
_itoa
_mbscmp
abs
_purecall
strcmp
free
malloc
_wcslwr_s
wcscmp
_wassert
__RTDynamicCast
__CxxFrameHandler3
memcpy_s
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
wcscspn
wcsspn
_wcsicmp
iswspace
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
memmove_s
_invalid_parameter_noinfo
memcpy
wcscpy
wcslen
??3@YAXPAX@Z

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

imagehlp

ImageGetCertificateHeader

crypt32

CertGetNameStringW
CertNameToStrW

Sections

.text
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 783KB - Virtual size: 784KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e80999478819fedbea1bdb4b6d3e7711

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

msvcp80

gdiplus

msvcr80

version

iphlpapi

imagehlp

crypt32

Sections

.text Size: 369KB - Virtual size: 369KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 783KB - Virtual size: 784KB

.text
Size: 369KB - Virtual size: 369KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 783KB - Virtual size: 784KB