5e8dd7a27ee17a4ff935526b91cc9bbbda331b2fad6f626015ba8fbff8b1b97c

Sharing

Copy URL Twitter E-mail

General

Target

5e8dd7a27ee17a4ff935526b91cc9bbbda331b2fad6f626015ba8fbff8b1b97c
Size

376KB
MD5

6a74ee09f087cd09456e73ec32f199c5
SHA1

070fdb46ef107c181b15917e0f7eaad381cb1b2f
SHA256

5e8dd7a27ee17a4ff935526b91cc9bbbda331b2fad6f626015ba8fbff8b1b97c
SHA512

678d980d446ddf1267f82425981ebcd994d5418f7862f1971140109f9d5b50bfe7dc5537f420135eec7d09c92ef7275796e9a0e770f257990086fa45747af0f6
SSDEEP

6144:nZDrVEZmX6Zd8kwo/SY3s+SrBIJ2j+x3gYeH:nZDrVEK6Zd87o/SNa2q4

Score

N/A

Malware Config

Signatures

Files

5e8dd7a27ee17a4ff935526b91cc9bbbda331b2fad6f626015ba8fbff8b1b97c
.dll windows x86

2a9f99c404e2d791c5519eef8f8b06fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringA
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedExchange
SetLastError
FreeLibrary
GetLastError
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
ExitProcess
GetModuleFileNameA
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement

ole32

CoCreateGuid
StringFromGUID2

fineobj

??0CHeapManager@FObj@@QAE@XZ
??1CHeapManager@FObj@@UAE@XZ
?Reset@CBlockManager@FObj@@QAEXXZ
?Destroy@CHeapManager@FObj@@QAEX_N@Z
??0CUnicodeString@FObj@@QAE@PB_W@Z
??1CUnicodeString@FObj@@QAE@XZ
?SerializeVersion@CArchive@FObj@@QAEHH@Z
?getWritePtr@CArchive@FObj@@AAEPAXH@Z
?getReadPtr@CArchive@FObj@@AAEPBXH@Z
??0CUnicodeString@FObj@@QAE@ABV01@@Z
?RegisterCreateObjectFunction@FObj@@YAXP6A?AV?$CPtr@VIObject@FObj@@@1@XZABVtype_info@@ABVCUnicodeString@1@@Z
?UnregisterCreateObjectFunction@FObj@@YAXABVtype_info@@@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
?GenerateInternalError@FObj@@YA_NW4TInternalErrorType@1@PB_W11JK@Z
??0CUnicodeString@FObj@@QAE@XZ
??1CUnicodeSet@FObj@@QAE@XZ
??0CUnicodeSet@FObj@@QAE@XZ
??4CUnicodeString@FObj@@QAEAAV01@ABV01@@Z
??4CUnicodeSet@FObj@@QAEAAV01@ABV01@@Z
?GenerateCheck@FObj@@YAXAAVCError@1@PB_W11@Z
??BCUnicodeString@FObj@@QBEPB_WXZ
?Name@CArchive@FObj@@QBE?AVCUnicodeString@2@XZ
?ERR_BAD_ARCHIVE_VERSION@FObj@@3VCError@1@A
?ReadSmallValue@CArchive@FObj@@QAEHXZ
?ERR_BAD_ARCHIVE@FObj@@3VCError@1@A
??5FObj@@YAAAVCArchive@0@AAV10@AAVCUnicodeString@0@@Z
?Write@CArchive@FObj@@QAEXPBXH@Z
?Read@CArchive@FObj@@QAEXPAXH@Z
??6FObj@@YAAAVCArchive@0@AAV10@ABVCUnicodeString@0@@Z
?DoCreateObject@FObj@@YA?AV?$CPtr@VIObject@FObj@@@1@ABVCUnicodeString@1@@Z
?Reset@?$CPagedBitSet@$0BAAAA@$0EAA@VCUnicodeSetAllocator@FObj@@@FObj@@QAEXXZ
?allocateEmptyPage@?$CPagedBitSet@$0BAAAA@$0EAA@VCUnicodeSetAllocator@FObj@@@FObj@@CAPAV?$CBitSet@$0EAA@@2@XZ
?SerializeSmallValue@CArchive@FObj@@QAEXAAH@Z
??_5CRect@FObj@@QAEXABUtagRECT@@@Z
??0CBlockManager@FObj@@QAE@HH@Z
??1CBlockManager@FObj@@UAE@XZ
?WriteSmallValue@CArchive@FObj@@QAEXH@Z
?GetObjectClassName@FObj@@YA?AVCUnicodeString@1@PBVIObject@1@@Z
?IsRegisteredClassName@FObj@@YA_NABVCUnicodeString@1@@Z
?IntersectRect@CRect@FObj@@QAE_NABUtagRECT@@0@Z
??0CArchive@FObj@@QAE@PAVCBaseFile@1@W4TDirection@01@H@Z
??1CArchive@FObj@@UAE@XZ
?Close@CArchive@FObj@@QAEXXZ
??0CMemoryFile@FObj@@QAE@H@Z
??1CMemoryFile@FObj@@UAE@XZ
?Attach@CMemoryFile@FObj@@QAEXPAEHH@Z
?SetLength@CMemoryFile@FObj@@UAEXH@Z
?GetPosition@CMemoryFile@FObj@@UBEHXZ
?Close@CMemoryFile@FObj@@UAEXXZ
?GetFileName@CMemoryFile@FObj@@UBE?AVCUnicodeString@2@XZ
?Read@CMemoryFile@FObj@@UAEHPAXH@Z
?Write@CMemoryFile@FObj@@UAEXPBXH@Z
?Seek@CMemoryFile@FObj@@UAEHHW4TSeekPosition@CBaseFile@2@@Z
?GetLength@CMemoryFile@FObj@@UBEHXZ
?Abort@CMemoryFile@FObj@@UAEXXZ
?Flush@CMemoryFile@FObj@@UAEXXZ
?Format@FObj@@YA?AVCUnicodeString@1@PB_WZZ
??1CString@FObj@@QAE@XZ
??1CMessage@FObj@@QAE@XZ
?UnicodeStr@CMessage@FObj@@QBE?AVCUnicodeString@2@XZ
??0CMessage@FObj@@QAE@PB_WH@Z
??0CString@FObj@@QAE@XZ
??4CString@FObj@@QAEAAV01@ABV01@@Z
??5FObj@@YAAAVCArchive@0@AAV10@AAVCString@0@@Z
??0CUnicodeString@FObj@@QAE@PBDI@Z
??BCString@FObj@@QBEPBDXZ
?Merge@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@0@Z
?Skip@CArchive@FObj@@QAEXH@Z
?GetNameExt@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?GenerateCheckHRESULT@FObj@@YAXJ@Z
?Length@CUnicodeString@FObj@@QBEHXZ
?safeStrLen@CUnicodeString@FObj@@CAHPB_W@Z
?concatStr@CUnicodeString@FObj@@CAPAVCUnicodeStringBody@2@PB_WH0H@Z
??0CFile@FObj@@QAE@ABVCUnicodeString@1@I@Z
??1CFile@FObj@@UAE@XZ
?GetLength@CFile@FObj@@UBEHXZ
?ReadRecord@CFile@FObj@@QAEXPAXH@Z
?AccessFile@FileSystem@FObj@@YA_NABVCUnicodeString@2@I@Z
?Write@CFile@FObj@@UAEXPBXH@Z
?RemoveIgnoreErrors@FileSystem@FObj@@YA_NABVCUnicodeString@2@@Z
?Format@FObj@@YA?AVCString@1@PBDZZ
??0CString@FObj@@QAE@PB_WI@Z
??6FObj@@YAAAVCArchive@0@AAV10@ABVCString@0@@Z
?Close@CFile@FObj@@UAEXXZ
?Compare@CUnicodeString@FObj@@QBEHPB_W@Z
?UnicodeName@CArchive@FObj@@QBE?AVCUnicodeString@2@XZ
??$DuplicateObject@VIObject@FObj@@@FObj@@YA?AV?$CPtr@VIObject@FObj@@@0@PBVIObject@0@@Z
?Merge@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@00@Z
?Trim@CUnicodeString@FObj@@QAEXXZ
?MergePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@0@Z
?GetDrivePath@FileSystem@FObj@@YA?AVCUnicodeString@2@ABV32@@Z
?IsEmpty@?$CPagedBitSet@$0BAAAA@$0EAA@VCUnicodeSetAllocator@FObj@@@FObj@@QBE_NXZ
?GetCurrentLanguageCode@FObj@@YAHXZ
??UCUnicodeSet@FObj@@QBE?AV01@ABV01@@Z
?UpperPrimeNumber@FObj@@YAHH@Z
?HashKey@@YAHPB_W@Z
??0CUnicodeSet@FObj@@QAE@ABV01@@Z
?Has@CUnicodeSet@FObj@@QBE_N_W@Z
?HasRegisteredClassName@FObj@@YA_NABVtype_info@@@Z
?SeekToBegin@CBaseFile@FObj@@QAEXXZ
??_7CListNodeBase@FObj@@6B@
??1CListNodeBase@FObj@@UAE@XZ
??0CListBase@FObj@@QAE@XZ
??1CListBase@FObj@@UAE@XZ
??0rational@FObj@@QAE@H@Z
??0rational@FObj@@QAE@HH@Z
??UCRect@FObj@@QBE?AV01@ABUtagRECT@@@Z
?safeMake@rational@FObj@@CA?AV12@_J0@Z
?make@rational@FObj@@CA?AV12@_J0@Z
?Detach@CListNodeBase@FObj@@QAEXXZ
?DetachAll@CListBase@FObj@@QAEXXZ
?AddLast@CListBase@FObj@@QAEXPAVCListNodeBase@2@@Z
?DeleteAll@CListBase@FObj@@QAEXXZ
?AddFirst@CTreeBase@FObj@@QAEXPAV12@@Z
?CopyObject@FObj@@YAXPBVIObject@1@PAV21@@Z
?Alloc@CHeapManager@FObj@@UAEPAXH@Z
?Free@CHeapManager@FObj@@UAEXPAX@Z
??0CMemoryManagerSwitcher@FObj@@QAE@PAVIMemoryManager@1@@Z
??1CMemoryManagerSwitcher@FObj@@QAE@XZ
?LoadModule@FObj@@YAPAUHINSTANCE__@@PB_W@Z
?Create@CHeapManager@FObj@@QAEXXZ
?Delete@CException@FObj@@QAEXXZ
?NormalizeRect@CRect@FObj@@QAEXXZ
??0CError@FObj@@QAE@PB_WH@Z
??1CError@FObj@@QAE@XZ
??5FObj@@YAAAVCArchive@0@AAV10@AAVrational@0@@Z
??6FObj@@YAAAVCArchive@0@AAV10@Vrational@0@@Z
??0CException@FObj@@QAE@XZ
??1CException@FObj@@UAE@XZ
??4CUnicodeString@FObj@@QAEAAV01@PB_W@Z
??YCUnicodeString@FObj@@QAEAAV01@ABV01@@Z
?UnicodeFormatAddress@FObj@@YA?AVCUnicodeString@1@PBX@Z
??YCUnicodeString@FObj@@QAEAAV01@PB_W@Z
?Warning@CException@FObj@@UBEXXZ
??3?$CAllocatedOn@VRuntimeHeap@FObj@@@FObj@@SAXPAX@Z
??2?$CAllocatedOn@VRuntimeHeap@FObj@@@FObj@@SAPAXI@Z
?Mid@CUnicodeString@FObj@@QBE?AV12@H@Z
?GetBuffer@CString@FObj@@QAEPADH@Z
?ReleaseBuffer@CString@FObj@@QAEXH@Z
?ReadText@CFile@FObj@@SA?AVCUnicodeString@2@ABV32@I@Z
?Mid@CUnicodeString@FObj@@QBE?AV12@HH@Z
?GetFineObjectsVersion@FObj@@YAHXZ
?RemoveResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z
?AddResourceModule@FObj@@YAXPAUHINSTANCE__@@@Z
?GetModuleFileNameW@FileSystem@FObj@@YA?AVCUnicodeString@2@PAUHINSTANCE__@@@Z
?RegisterModule@FObj@@YAXPAUHINSTANCE__@@P6AXXZ1@Z
?EndStaticPart@FObj@@YAXXZ
?GetErrorFlag@FObj@@YA_NXZ
?BeginStaticPart@FObj@@YAXXZ
?UnregisterModule@FObj@@YAXPAUHINSTANCE__@@@Z
?Warning@FObj@@YAXPAVCException@1@@Z

msvcr71

__RTDynamicCast
memmove
_purecall
__RTtypeid
_CxxThrowException
__security_error_handler
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
__CxxFrameHandler
_clearfp

langinfo

?GetLanguageId@UnicodeLangInfo@@YAFPBD@Z
?GetUserDefaultLanguage@UnicodeLangInfo@@YAFXZ
?IsValidLanguageId@UnicodeLangInfo@@YA_NF@Z
?GetExternalLanguageName@UnicodeLangInfo@@YA?AVCUnicodeString@FObj@@F@Z
?GetLanguageAlphabet@UnicodeLangInfo@@YAABVCUnicodeSet@FObj@@F@Z
?GetLanguagePrefixes@UnicodeLangInfo@@YAABVCUnicodeSet@FObj@@F@Z
?GetLanguageSuffixes@UnicodeLangInfo@@YAABVCUnicodeSet@FObj@@F@Z
?GetCharacter@UnicodeLangInfo@@YA_WPBD@Z
?MakeSetFromNames@UnicodeLangInfo@@YA?AVCUnicodeSet@FObj@@PBD@Z
?GetLanguageId@UnicodeLangInfo@@YAFPB_W@Z
?ReadLetterSet@UnicodeLangInfo@@YA?AVCUnicodeSet@FObj@@AAVCArchive@3@@Z
?GetLanguageProperties@UnicodeLangInfo@@YAKF@Z
?GetSystemDefaultLanguage@UnicodeLangInfo@@YAFXZ
?GetLanguageInterwordPunctuators@UnicodeLangInfo@@YAABVCUnicodeSet@FObj@@F@Z
?GetLanguageIgnorableCharacters@UnicodeLangInfo@@YAABVCUnicodeSet@FObj@@F@Z

user32

MessageBoxA

Exports

Exports

__FineObjUsed

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a9f99c404e2d791c5519eef8f8b06fd

Headers

File Characteristics

Imports

kernel32

ole32

fineobj

msvcr71

langinfo

user32

Exports

Exports

Sections

.text Size: 168KB - Virtual size: 164KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 24KB

.text Size: 112KB - Virtual size: 112KB

.text
Size: 168KB - Virtual size: 164KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 24KB

.text
Size: 112KB - Virtual size: 112KB