71a39318075e783a9fd0319ee271069e6eb4202d0259da6da5b7bf21293c2365

Sharing

Copy URL Twitter E-mail

General

Target

71a39318075e783a9fd0319ee271069e6eb4202d0259da6da5b7bf21293c2365
Size

2.7MB
MD5

65645fb43ddb472107cffe85c0d45158
SHA1

054f8a585ece5bea724eeab9d179c7a4c527b916
SHA256

71a39318075e783a9fd0319ee271069e6eb4202d0259da6da5b7bf21293c2365
SHA512

20eb11115fd1cfafe1ea1536120e3b89f5bb6d5f9bfe88b2b7729062b8c87cd9f68e678a1e6a9609dc2cbf22e7b67c7a55a2f30d4434eadb090251671eea04a2
SSDEEP

49152:hyxehxP+Bq+TQeag2rLeHVQHHDd6QUGNypqqC3RTOQBS6VjU:hymxPWq+Qe6/MVQHHp6Q9qryjU

Score

N/A

Malware Config

Signatures

Files

71a39318075e783a9fd0319ee271069e6eb4202d0259da6da5b7bf21293c2365
.exe windows x86

2c53c8b6bde3acde7ea0de27a93ff89f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmIsIME

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CryptAcquireCertificatePrivateKey
CertGetCertificateContextProperty
CertFindCertificateInStore
CertFreeCertificateContext
CertGetIssuerCertificateFromStore
CertDuplicateCertificateContext
CertCloseStore
CertOpenSystemStoreW
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertOpenStore
CryptUnregisterOIDFunction
CertUnregisterPhysicalStore
CertCreateCertificateContext

user32

CreateIconIndirect
GetClassNameW
GetWindowTextW
GetWindowTextLengthW
ChildWindowFromPoint
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
keybd_event
HideCaret
SetMenu
EndPaint
DrawIcon
BeginPaint
GetUpdateRect
GetMenuState
CheckMenuItem
CheckMenuRadioItem
ModifyMenuW
SetMenuItemInfoW
CreatePopupMenu
DestroyMenu
RemoveMenu
InsertMenuW
AppendMenuW
CreateMenu
GetSubMenu
InsertMenuItemW
GetWindowDC
RegisterClipboardFormatW
SetTimer
KillTimer
DestroyCursor
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
GetMessageW
ValidateRect
UnionRect
MapWindowPoints
GetMessagePos
DrawStateW
DrawStateA
SetClipboardData
DefFrameProcW
TranslateMDISysAccel
DefMDIChildProcW
GetMenuStringW
DrawEdge
ShowCursor
ChangeDisplaySettingsW
EnumDisplaySettingsW
LoadImageW
DestroyIcon
GetIconInfo
LoadBitmapW
LoadIconW
GetDlgItem
CreateDialogParamW
InflateRect
GetUpdateRgn
GetSysColor
IsDialogMessageW
TrackPopupMenu
IsWindow
PtInRect
GetCapture
UnregisterHotKey
RegisterHotKey
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetActiveWindow
GetMenuItemCount
GetMenuItemInfoW
SetForegroundWindow
GetMessageTime
GetWindow
BeginDeferWindowPos
EndDeferWindowPos
InvalidateRect
SetWindowTextW
GetFocus
IsWindowEnabled
IsWindowVisible
CallWindowProcW
DeferWindowPos
MoveWindow
ClientToScreen
ScreenToClient
UpdateWindow
RedrawWindow
SetParent
GetCursorPos
WindowFromPoint
GetParent
ScrollWindow
SetScrollInfo
GetScrollInfo
SetCursorPos
ReleaseCapture
SetCapture
ShowWindow
EnableWindow
SetFocus
SetWindowPos
SetWindowLongW
GetWindowLongW
FillRect
GetClientRect
GetWindowRect
GetKeyState
GetAsyncKeyState
VkKeyScanW
GetDC
ReleaseDC
DispatchMessageW
TranslateMessage
PostQuitMessage
DdePostAdvise
DdeConnect
DdeNameService
DdeCreateStringHandleW
DdeClientTransaction
DdeDisconnect
DdeInitializeW
DdeGetLastError
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeUninitialize
DdeQueryStringW
DdeFreeStringHandle
LoadCursorW
SetCursor
PeekMessageW
DestroyWindow
DefWindowProcW
SendMessageW
MessageBoxW
PostMessageW
RegisterClassW
MessageBeep
GetForegroundWindow
OffsetRect
DrawFocusRect
DrawTextW
CopyRect
DrawIconEx
DrawFrameControl
CreateDialogIndirectParamW
UnregisterClassW
FlashWindow
SetWindowRgn
CreateWindowExW
PostThreadMessageW
ActivateKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayout
GetSystemMetrics
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
GetMenu
AdjustWindowRectEx
GetSystemMenu
DrawMenuBar
EnableMenuItem
IsIconic
IsZoomed
SystemParametersInfoW
BringWindowToTop

gdi32

CreateRectRgn
ExcludeClipRect
CreateFontIndirectW
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
SetBkColor
SetBkMode
GetObjectW
OffsetRgn
ExtCreateRegion
GetRegionData
ExtCreatePen
CreatePen
GetStockObject
CreateHatchBrush
CreateSolidBrush
CreatePatternBrush
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
SetStretchBltMode
GetClipBox
ExtSelectClipRgn
ExtFloodFill
GetPixel
SetPixel
Polyline
PolyBezier
TextOutW
SetROP2
GetCharABCWidthsW
GetTextExtentExPointW
SetWindowOrgEx
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
SetMapMode
GetBkColor
GetTextColor
SelectClipRgn
Arc
Pie
Polygon
SetPolyFillMode
PolyPolygon
Rectangle
RoundRect
Ellipse
SetBrushOrgEx
MaskBlt
StretchBlt
StretchDIBits
CreateBitmap
LineTo
MoveToEx
PatBlt
CombineRgn
CreateRectRgnIndirect
RectInRegion
SetTextAlign
RestoreDC
SaveDC
CreateICW
GetRgnBox
EqualRgn
PtInRegion
CreateDIBSection
GetDIBits
CreateDIBitmap
GetDIBColorTable
EnumFontFamiliesExW
GetSystemPaletteEntries
GetEnhMetaFileW
CopyEnhMetaFileW
DeleteEnhMetaFile
SetAbortProc
EndDoc
StartPage
EndPage
StartDocW
CreateDCW
GetTextExtentPoint32W
SelectPalette
RealizePalette
GdiFlush
SetTextColor
GetTextMetricsW

shell32

DragQueryFileW
SHGetMalloc
SHGetSpecialFolderPathW
SHBrowseForFolderW
ExtractIconExW
ExtractIconW
ShellExecuteExW
DragQueryPoint
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListW

shlwapi

PathAppendW
PathRemoveFileSpecW

winscard

SCardControl
SCardDisconnect
SCardEndTransaction
SCardEstablishContext
SCardCancel
SCardReleaseContext
SCardTransmit
SCardAccessStartedEvent
SCardReleaseStartedEvent
SCardFreeMemory
SCardBeginTransaction
SCardStatusA
SCardListReadersA
SCardGetStatusChangeA
SCardConnectA
SCardReconnect

advapi32

RegOpenCurrentUser
GetUserNameW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
CryptReleaseContext
CryptExportKey
CryptGetUserKey
RegOpenKeyExW

kernel32

GetTempFileNameW
FindNextFileW
GetEnvironmentVariableW
GetCPInfo
IsValidCodePage
GetModuleFileNameW
TerminateProcess
FormatMessageW
GetFileAttributesW
CopyFileW
SetCurrentDirectoryW
ExpandEnvironmentStringsW
OutputDebugStringW
GetCommandLineW
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalSize
GlobalLock
HeapSize
GetProcessHeap
FindFirstFileW
GetTempPathW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
FreeLibrary
LoadLibraryW
GetProcAddress
GetWindowsDirectoryW
GetSystemDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateProcessW
WaitForSingleObject
GetLastError
GetSystemInfo
GetModuleHandleW
GetVersionExW
GetShortPathNameW
SetLastError
WideCharToMultiByte
LoadLibraryExW
LoadLibraryA
SetErrorMode
LocalFree
LocalUnlock
LocalLock
LocalAlloc
CloseHandle
ReleaseMutex
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GetCurrentProcessId
GetCurrentThreadId
CreateEventA
OpenEventA
SetEvent
WaitForMultipleObjects
FindClose
CreateProcessA
Sleep
GetModuleHandleA
GetVersion
GetFileType
GetStdHandle
MultiByteToWideChar
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
GetACP
GetUserDefaultLCID
GetLocaleInfoW
SetThreadLocale
GetTimeZoneInformation
GetThreadLocale
CreateMutexW
CreateSemaphoreW
ReleaseSemaphore
InterlockedDecrement
SetThreadPriority
ResumeThread
TlsFree
TlsSetValue
TlsAlloc
GetCurrentProcess
ExitProcess
CreateFileW
GetSystemTimeAsFileTime

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

wcschr
_wtoi
_mktime64
wcsftime
setlocale
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strncmp
wcsncpy
_open_osfhandle
_fdopen
_wgetenv
_swprintf
abort
fputwc
fputws
iswalnum
atof
wcsspn
bsearch
swscanf
_close
_read
_write
_lseeki64
_telli64
_get_osfhandle
wcsncmp
_getcwd
_wgetcwd
_ftime64
_fseeki64
_ftelli64
clearerr
_wrename
rename
_wremove
remove
?_wopen@@YAHPB_WHH@Z
?_open@@YAHPBDHH@Z
toupper
_CIsqrt
_CIsin
_CIcos
_wcsnicmp
longjmp
_setjmp3
__CxxLongjmpUnwind
_wtol
_CIpow
strtod
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
_wsetlocale
_cexit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
strcmp
memchr
raise
_exit
__iob_func
vfprintf
wcsstr
strchr
strerror
qsort
isalnum
isdigit
isspace
_vsnprintf
sprintf
wcsncpy_s
strstr
_snwprintf
strtol
_time64
_gmtime64
_wfopen
fgets
_wunlink
ftell
fseek
fwrite
fread
strncpy
realloc
malloc
fopen
fclose
memmove
strcpy
memset
_wcsdup
memmove_s
exit
abs
_strdup
tolower
strlen
towlower
memcpy
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
wcslen
??_V@YAXPAX@Z
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
memcmp
free
_wcsicmp
isalpha
calloc
wcspbrk
_vswprintf_p
wcstod
wcstoul
wcstol
towupper
iswdigit
iswalpha
iswspace
_getch
signal
fputs
_errno
feof
_fileno
_setmode
fflush
ferror
_localtime64
getenv
atoi
strtoul
sscanf
isupper
fprintf
isxdigit
_strnicmp
__getmainargs
_beginthreadex
??0exception@std@@QAE@XZ

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
PrintDlgW
PageSetupDlgW
CommDlgExtendedError

ole32

OleUninitialize
CoCreateInstance
OleInitialize
ReleaseStgMedium
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard

comctl32

ImageList_DragMove
ImageList_DragEnter
ImageList_DragLeave
ImageList_SetDragCursorImage
ImageList_BeginDrag
ImageList_GetIconSize
ImageList_Draw
ImageList_GetImageCount
ImageList_EndDrag
CreateStatusWindowW
ord16
ord17
ImageList_Add
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 700KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 108KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2c53c8b6bde3acde7ea0de27a93ff89f

Headers

File Characteristics

Imports

imm32

version

crypt32

user32

gdi32

shell32

shlwapi

winscard

advapi32

kernel32

winspool.drv

msvcp80

msvcr80

comdlg32

ole32

comctl32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 700KB - Virtual size: 699KB

.data Size: 108KB - Virtual size: 271KB

.rsrc Size: 164KB - Virtual size: 164KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 700KB - Virtual size: 699KB

.data
Size: 108KB - Virtual size: 271KB

.rsrc
Size: 164KB - Virtual size: 164KB