3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458

Sharing

Copy URL

Twitter E-mail

General

Target

3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458
Size

300KB
MD5

5ce56c5100e83633653a9eba854524ce
SHA1

cdeef6853b5dec0dee4748441b6df013c5967997
SHA256

3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458
SHA512

6744e90b7dd5734660da660ed2b143da1930230227e3b2084a2628dd84b34ccb8b538012ae1897627d24bdbbf635d74f41774720c361419384e51a169b39832c
SSDEEP

6144:YS08N/IjM1MvBjBk4WNFJoxtFti+nq9mgLGgAlk:YSnNAj8NJWPq9DLn+

Score

N/A

Malware Config

Signatures

Files

3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458
.dll windows x86

da4935e10206c44643c3f81e41e85b71

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ashbase

_basGetProcAddress@8
_basFriendlyTaskName@8
_basFreeStorage@4
_basGetTypeDescription@12
_basStoreDWORDValue@12
_basGetDWORDValue@12
_notFree@0
_notInit@0
_basLoadLanguage@4
_basCreatePath@16
_basExecuteAndWait@8
?RemoveAll@CMyArray@@QAEXXZ
?AddReal@CMyArray@@IAEPAEPAK@Z
_basAdjustBuffer@12
_basA2U@12
_basLogEvent@24
_basCodeStringPassword@4
_basAutoComplete@8
_basCreateFriendFileName@16
_notEvent@4
?Copy@CMyArray@@QAEKPAV1@@Z
_basGetBinaryValue@16
_basGetLanguage@0
_basStoreBinaryValue@16
_basIsOS@4
??1CMyPtrArray@@UAE@XZ
??1CMyArray@@UAE@XZ
??0CMyPtrArray@@QAE@XZ
_basLoadStorage@0
_basNetAlert@16

aswcmnb

fsGetAvastProgramPath
fsGetAvastReportPath

aswcmnos

dep_osIsWin2kOrBetter
dep_fsEnableWow64FsRedirection
dep_osIsWow64
dep_osIsWin64

ashtask

_tskAddAreaR@8
_tskDefTask@16
_tskSetScanAreas@24
_tskVA2Prop@12
_tskProp2VA@12
_tskBrowseForScanAreas@8
_tskFreeAreas@4
_tskAddNetAlert@8
_tskProcessNetAlert@16
_tskFreeNetAlert@4
_tskSetNetAlert@20
_tskProcessAreas@28

aswaux

?EnumElements@IaswObject@@QAE_NAAPAXPADKAAW4aswElementType@1@@Z
??0IaswObject@@QAE@_N@Z
??1IaswObject@@QAE@XZ
?SetValue@IaswObject@@QAEXPBD0@Z
?GetValue@IaswObject@@QBE_NPBDPADK0@Z

ashuint

?OnInitDialog@CAvastDlg@@MAEHXZ
_usiGetImageList@4
_usiMessage@20
_usiErrorMessage@28
??0CEnterNetAlert@@QAE@PAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDPAVCWnd@@@Z
??1CEnterNetAlert@@UAE@XZ
??0CAvastDlg@@QAE@IPAVCWnd@@PBK@Z
??0CMAPISettings@@QAE@PAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0PAVCWnd@@@Z
??1CMAPISettings@@UAE@XZ
?DoDataExchange@CAvastDlg@@MAEXPAVCDataExchange@@@Z
??1CAvastDlg@@UAE@XZ
?OnCancel@CAvastDlg@@MAEXXZ
_usiInitLibrary@4
?DoModal@CAvastDlg@@UAEHXZ
_usiFreeLibrary@0
?OnOK@CAvastDlg@@MAEXXZ
?GetThisMessageMap@CAvastDlg@@KGPBUAFX_MSGMAP@@XZ
?GetThisClass@CCfgTab@@SGPAUCRuntimeClass@@XZ
??1CCfgTab@@UAE@XZ
?Validate@CCfgTab@@UAE_NXZ
?InitControls@CCfgTab@@UAEKXZ
?OnCancel@CCfgTab@@MAEXXZ
?OnOK@CCfgTab@@MAEXXZ
?MoveResizeDlgItem@CCfgTab@@IAEXIHHHH_N@Z
_usiExtendedStyles@8
?OnInitDialog@CCfgTab@@MAEHXZ
_usiFreeProperties@4
?OnDestroy@CAvastDlg@@IAEXXZ
_usiAddProperty@12
_usiInfoWindow@8
_usiCompareProps@8
?OnDestroy@CCfgTab@@IAEXXZ
?GetCheck@CCfgTab@@IAEHI@Z
?CheckDlgItem@CCfgTab@@IAEXIH@Z
?ErrorMessage@CCfgTab@@QAEKKKIPBD@Z
_usiHelp@8
??0CStatic3d@@QAE@XZ
??1CStatic3d@@UAE@XZ
?SetCaptionIcon@CStatic3d@@QAEPAUHICON__@@PAU2@@Z
?MoveResizeDlgItem@CAvastDlg@@IAEXIHHHH_N@Z
?GetCaption@CCfgTab@@QAEPBDXZ
?EnablePage@CCfgTab@@QAEXHH@Z
_usiGetLang@0
_usiInteractiveDlg@8
_usiDeleteDlg@16
_usiRepairDlg@16
_usiMoveDlg@16
?Update@CCfgTab@@UAEKXZ
??0CCfgTab@@QAE@IPAVCWnd@@PBK@Z
?DoDataExchange@CCfgTab@@MAEXPAVCDataExchange@@@Z
?GetThisMessageMap@CCfgTab@@KGPBUAFX_MSGMAP@@XZ
?OnHelpInfo@CCfgTab@@IAEHPAUtagHELPINFO@@@Z
?OnCtlColor@CCfgTab@@IAEPAUHBRUSH__@@PAVCDC@@PAVCWnd@@I@Z
?OnEraseBkgnd@CCfgTab@@IAEHPAVCDC@@@Z
?GetRuntimeClass@CCfgTab@@UBEPAUCRuntimeClass@@XZ

mfc71

ord581
ord1167
ord1092
ord5991
ord5994
ord730
ord1586
ord1645
ord3563
ord3684
ord2367
ord5715
ord6006
ord4115
ord3182
ord4125
ord908
ord5430
ord2933
ord299
ord6118
ord1489
ord297
ord4066
ord426
ord663
ord869
ord2272
ord557
ord745
ord907
ord2321
ord5969
ord3312
ord1588
ord1646
ord736
ord3022
ord4109
ord2271
ord5563
ord1412
ord2663
ord2131
ord911
ord1209
ord1177
ord1175
ord1201
ord1120
ord371
ord1098
ord1208
ord1206
ord1037
ord315
ord765
ord3683
ord1198
ord764
ord762
ord1084
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord2248
ord3948
ord4568
ord5230
ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord566
ord757
ord3830
ord1091
ord313
ord314
ord2372
ord1308
ord2176
ord1187
ord2375
ord6090
ord1185
ord5714
ord3441
ord5182
ord4890
ord1671
ord1670
ord1551
ord5912
ord1620
ord1617
ord3946
ord1401
ord4244
ord5152
ord1908
ord5073
ord6275
ord4185
ord5203
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2862
ord4486
ord4262
ord754
ord578
ord1794
ord1283
ord1063
ord1903
ord1654
ord1598
ord5915
ord1402
ord5214
ord2987
ord3328
ord572
ord3883
ord5868
ord310
ord876
ord2902
ord781
ord2884
ord2867
ord722
ord4035
ord5403
ord2468
ord530
ord2322
ord2164
ord2657
ord2370
ord784
ord5807
ord2662
ord2020
ord658
ord2092
ord1641
ord1571
ord4238
ord2958
ord3230
ord2495
ord5613
ord6067
ord2866
ord5655
ord5833
ord5871
ord5746
ord3879
ord3875
ord2368
ord591
ord587
ord1482
ord2086
ord1545
ord4232
ord2991
ord3164
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord3171
ord4081
ord3997
ord2882
ord3934
ord1395
ord6065
ord6005
ord4100
ord2094
ord3244
ord1955
ord6144
ord2371
ord5873
ord5444
ord5866
ord865

msvcr71

_adjust_fdiv
__CppXcptFilter
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
_itoa
_mbsstr
_mbsnbcat
_mbsrchr
time
mktime
localtime
memcpy
strcpy
strcat
_purecall
_mbsicmp
_snprintf
_strdup
strlen
malloc
sprintf
_mbsnbicmp
_mbsnbcpy
_mbschr
_CxxThrowException
free
__CxxFrameHandler
_except_handler3
memset
atoi

kernel32

GetCurrentThreadId
GetTickCount
GetCurrentProcessId
QueryPerformanceCounter
LocalFree
GetSystemTimeAsFileTime
LocalAlloc
ExitProcess
GetModuleFileNameA
lstrcpyA
GetSystemDirectoryA
GetWindowsDirectoryA
FindFirstFileA
FindNextFileA
FindClose
LoadLibraryExA
GetProcessHeap
HeapAlloc
GetShortPathNameA
HeapFree
GetFileAttributesA
EnterCriticalSection
FreeLibrary
GetLastError
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
GetLocaleInfoA

user32

wsprintfA
SendMessageA
PostMessageA
LoadMenuA
EnableWindow
GetMessagePos
GetWindowRect
GetClientRect
UpdateWindow
InvalidateRect
GetParent
GetSystemMetrics
AppendMenuA
EnableMenuItem
GetSubMenu
SetForegroundWindow
GetKeyState
GetFocus
LoadStringA
DestroyIcon
GetWindowLongA
IsWindow
MapWindowPoints
LoadIconA
SetWindowPos
CreateWindowExA
GetDC
ReleaseDC
MessageBeep

gdi32

GetTextExtentPoint32A

advapi32

RegEnumKeyExA

shell32

SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

comctl32

ImageList_GetIcon

ole32

CoInitialize
CoUninitialize

xt1922

?TrackPopupMenu@CXTMenu@@QAEHIHHPAVCWnd@@PBUtagRECT@@H@Z
?GetSubMenu@CXTMenu@@QBEPAV1@H@Z
??0CXTMenu@@QAE@XZ
??1CXTMenu@@UAE@XZ

Exports

Exports

_cftFilterDllMsg@4
_cftFreeLibrary@0
_cftInitLibrary@0
_cftMailAlert@4
_cftMailAlertClose@4
_cftMailAlertModeless@8
_cftSchedConfig@4
_cftSchedConfigClose@4
_cftSchedConfigModeless@8
_cftTaskConfig@4
_cftTaskConfigClose@4
_cftTaskConfigModeless@8

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da4935e10206c44643c3f81e41e85b71

Headers

File Characteristics

Imports

ashbase

aswcmnb

aswcmnos

ashtask

aswaux

ashuint

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

xt1922

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 172KB - Virtual size: 172KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB