a8234395e7eb456310a34f23ae34e3e6de788d49ae5c3f78bfe26945bb872501

Sharing

Copy URL

Twitter E-mail

General

Target

a8234395e7eb456310a34f23ae34e3e6de788d49ae5c3f78bfe26945bb872501
Size

468KB
MD5

39f5c66bb86df26648e8a0d1d9b72090
SHA1

b993f31bfeadb7cf612c62879bf8608c0a97de2f
SHA256

a8234395e7eb456310a34f23ae34e3e6de788d49ae5c3f78bfe26945bb872501
SHA512

b3397aa9249ba7a648f9dc929e5de87e1eb22a3a62680f07c5537ba63aabe06b9738bfdf59c890e714ed5735a17af91c57ce4b91ac4ad62e6bc0904acf2b3a14
SSDEEP

12288:LfU33GSJkvtsIY9qtgWjOdB0+gI0aT4/jNo:o33GSy1so+t0y4/jO

Score

N/A

Malware Config

Signatures

Files

a8234395e7eb456310a34f23ae34e3e6de788d49ae5c3f78bfe26945bb872501
.exe windows x86

158672559afba0701c788454fd8bc961

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
CreateMutexA
CloseHandle
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
SetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpA
lstrcpynA
TerminateThread
LoadLibraryA
SetUnhandledExceptionFilter
SetErrorMode
GetLocalTime
IsDebuggerPresent
GetCurrentProcessId
CreateFileA
WriteFile
GetModuleFileNameA
LocalFree
LoadLibraryExA
FindResourceA
LoadResource
GetLastError
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
SizeofResource
RaiseException
lstrlenW
IsDBCSLeadByte
lstrcmpiA
GetModuleHandleA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
lstrlenA
LeaveCriticalSection
EnterCriticalSection
Sleep
GetTickCount
WaitForSingleObject
SetEvent
CreateEventA

user32

PostThreadMessageA
PeekMessageA
MsgWaitForMultipleObjects
SendMessageTimeoutA
UnregisterClassA
MessageBoxA
TranslateMessage
DispatchMessageA
PostMessageA
CharNextA
GetFocus
GetParent
SendMessageA
SetTimer
RegisterWindowMessageA
GetWindowTextLengthA
SetWindowTextA
BeginPaint
EndPaint
IsChild
SetFocus
GetWindow
GetDlgItem
IsWindow
GetClassNameA
GetSysColor
RedrawWindow
CreateAcceleratorTableA
ClientToScreen
ScreenToClient
SetCapture
ReleaseCapture
FillRect
GetClientRect
InvalidateRgn
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
CallWindowProcA
GetWindowTextA
SetWindowPos
SetParent
KillTimer
LoadStringA
GetClassInfoExA
DefWindowProcA
PostQuitMessage
UpdateWindow
ShowWindow
MoveWindow
SetWindowLongA
GetWindowLongA
CreateWindowExA
RegisterClassExA
GetMessageA
DestroyWindow
LoadCursorA
LoadIconA

gdi32

CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetStockObject
CreateCompatibleDC
DeleteObject
GetDeviceCaps
GetObjectA
CreateSolidBrush

advapi32

RegDeleteValueA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

ole32

CoCreateInstance
OleUninitialize
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoTaskMemRealloc
StringFromGUID2
CoTaskMemFree

oleaut32

OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SysFreeString
VariantInit
VariantClear
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysAllocStringLen
VarUI4FromStr

comctl32

InitCommonControlsEx

msvcp90

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

kwlib

?GetUserID@UserId@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?MultiByteToWideCharOfGB18030@Charset@KwLib@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PBDH@Z
?GetKwPath@Dir@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Path_Type@12@@Z
?WString2String@Charset@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z
?ReadString@REG@KwLib@@YA_NPAUHKEY__@@PBD1QADI@Z
?KillOtherInstance@Process@KwLib@@YA_NXZ
?Format@StringUtility@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDZZ

ccenter

RS_InitializeCallCenter

kwlog

?LogUserActMsg@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PBD_N@Z
?YL_Log@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PBDZZ
?LogInit@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?LogClientErrorMsg@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@000@Z

kwmodconfig

AfxGetConfigManager

msvcr90

__p__fmode
__set_app_type
_except_handler4_common
_CxxThrowException
malloc
_mbsnbcpy_s
memmove_s
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
memcpy_s
__p__commode
??2@YAPAXI@Z
exit
strstr
_beginthreadex
??3@YAXPAX@Z
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_crt_debugger_hook
_wcsicmp
_except_handler3
_XcptFilter
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
free
_resetstkoflw
_mbsstr
_recalloc
strncpy
sprintf_s
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_purecall
_mbsicmp
calloc
_splitpath_s
_makepath_s
strcpy_s
vsprintf_s
??_V@YAXPAX@Z
memset
__CxxFrameHandler3
memcpy
_exit

wininet

InternetSetOptionA

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 333KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

158672559afba0701c788454fd8bc961

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

msvcp90

kwlib

ccenter

kwlog

kwmodconfig

msvcr90

wininet

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 333KB - Virtual size: 336KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 333KB - Virtual size: 336KB