85df947e5cff90e60e9db14ebdfc73e2341e1c73a26405d8eed3daff2bd95165

Sharing

Copy URL Twitter E-mail

General

Target

85df947e5cff90e60e9db14ebdfc73e2341e1c73a26405d8eed3daff2bd95165
Size

572KB
MD5

ebeee97ad73119c926ad353e27fbbcda
SHA1

9f586bf7a3561dcb60365b526b6273a444de1222
SHA256

85df947e5cff90e60e9db14ebdfc73e2341e1c73a26405d8eed3daff2bd95165
SHA512

2bf96a3d16b07825fff91b72184c44ff9cb108b1419992ac0589047cbb7f48455ae9be87f9846382e032b26c1fa63a4230f5a70b79f1ad64a90fc72baa093fdf
SSDEEP

6144:rJcbEWrWmY0mUzynXWE1/uMIIUf0S/4lJHDq5HfutTBVpwOKW2dhYJw:rJKqv0mUzff0U4njq5futTzuDRdq

Score

N/A

Malware Config

Signatures

Files

85df947e5cff90e60e9db14ebdfc73e2341e1c73a26405d8eed3daff2bd95165
.exe windows x86

a859a7a621981213f73eec43368f522b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

skinhu

SkinH_Attach
SkinH_SetAero
SkinH_AttachEx
SkinH_AdjustHSV

winmm

timeGetTime
PlaySoundW
timeBeginPeriod

ws2_32

__WSAFDIsSet
ioctlsocket
htons
ntohs
htonl
ntohl
WSACleanup
select
inet_addr
gethostbyname
closesocket
listen
bind
socket
setsockopt
WSAGetLastError
WSARecvFrom
WSAStartup
WSASendTo

mfc71u

ord2638
ord3943
ord4480
ord4255
ord562
ord751
ord577
ord280
ord776
ord293
ord3289
ord530
ord722
ord266
ord265
ord764
ord6001
ord1176
ord1113
ord1058
ord5710
ord762
ord1472
ord870
ord290
ord2926
ord1244
ord3249
ord1086
ord3204
ord1925
ord3281
ord1271
ord3157
ord3198
ord3155
ord1270
ord5633
ord2895
ord4094
ord2085
ord3238
ord1946
ord1274
ord2365
ord2361
ord2366
ord4035
ord2521
ord5607
ord6056
ord5604
ord6050
ord4155
ord6053
ord5884
ord6033
ord5723
ord5638
ord5643
ord5519
ord5584
ord5410
ord5397
ord5917
ord5715
ord3174
ord602
ord6058
ord347
ord3946
ord5440
ord1920
ord2471
ord1461
ord774
ord2932
ord896
ord4100
ord894
ord899
ord3990
ord2121
ord2260
ord5637
ord5636
ord3995
ord4117
ord1959
ord2066
ord2254
ord1555
ord502
ord5327
ord6293
ord5316
ord6282
ord5727
ord5524
ord3927
ord416
ord1921
ord283
ord2261
ord4074
ord5705
ord277
ord651
ord3678
ord4945
ord4642
ord1894
ord2077
ord1536
ord4226
ord5148
ord6271
ord5210
ord2397
ord4961
ord5171
ord1955
ord2985
ord3158
ord572
ord587
ord753
ord4109
ord6140
ord5829
ord589
ord5609
ord330
ord3756
ord6251
ord1006
ord326
ord563
ord6063
ord3755
ord6086
ord4119
ord2086
ord1582
ord4234
ord3311
ord741
ord1636
ord1577
ord3298
ord1627
ord1922
ord1474
ord4092
ord2080
ord1539
ord4228
ord3166
ord592
ord3872
ord5861
ord1538
ord3165
ord591
ord1545
ord3189
ord620
ord860
ord3644
ord3471
ord4126
ord1999
ord1293
ord4125
ord4668
ord4955
ord4501
ord4940
ord4643
ord4958
ord5047
ord4799
ord4358
ord4704
ord4790
ord4957
ord4371
ord4370
ord4281
ord4788
ord4942
ord3703
ord4667
ord4510
ord4965
ord4474
ord4523
ord4964
ord4840
ord4495
ord4362
ord4433
ord5043
ord4553
ord4914
ord4514
ord4513
ord4908
ord3734
ord4438
ord4437
ord4784
ord4198
ord4775
ord4383
ord4974
ord4165
ord4172
ord4581
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord5910
ord1610
ord5202
ord3338
ord1351
ord5162
ord1553
ord2711
ord4267
ord648
ord4121
ord4347
ord2413
ord2414
ord2415
ord2412
ord2411
ord410
ord6115
ord3215
ord3645
ord3869
ord5862
ord5869
ord2460
ord2876
ord1476
ord2083
ord1632
ord1562
ord4232
ord3224
ord658
ord3873
ord2364
ord3983
ord3789
ord4558
ord5053
ord709
ord501
ord2311
ord5791
ord2611
ord5989
ord5987
ord605
ord730
ord2857
ord2827
ord1330
ord458
ord1182
ord2486
ord2013
ord391
ord2867
ord777
ord5852
ord4755
ord3674
ord2255
ord3793
ord631
ord1431
ord2271
ord386
ord1645
ord1589
ord3322
ord754
ord3877
ord5864
ord3342
ord2878
ord2870
ord3985
ord2872
ord3635
ord3435
ord1079
ord5178
ord4206
ord4729
ord4884
ord2011
ord1662
ord1661
ord1542
ord5908
ord1392
ord5199
ord4256
ord354
ord1785
ord4574
ord2155
ord6061
ord1386
ord3390
ord1178
ord1299
ord1198
ord2089
ord1641
ord1585
ord4237
ord2977
ord3318
ord748
ord4743
ord3875
ord3975
ord3363
ord4882
ord1095
ord4112
ord736
ord1637
ord1579
ord3306
ord5965
ord5485
ord715
ord1634
ord1572
ord3286
ord3677
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord3327
ord566
ord757
ord5971
ord1049
ord1117
ord3824
ord3176
ord4098
ord1479
ord6111
ord282
ord1430
ord6284
ord5319
ord2897
ord5083
ord629
ord384
ord5484
ord737
ord6167
ord897
ord1535
ord2282
ord4101
ord549
ord6173
ord5359
ord1266
ord5398
ord5646
ord1481
ord1118
ord900
ord3713
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1353
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord4179
ord5067
ord1899
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord1586
ord3497
ord909
ord4194
ord2167

msvcr71

_strcmpi
fopen
fprintf
sscanf
fgets
_resetstkoflw
_except_handler3
_time64
mbstowcs
isprint
isspace
tolower
isalnum
strncpy
strstr
strncmp
_strdup
fread
fwrite
_wtoi
rand
perror
abort
memset
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
free
malloc
__CxxFrameHandler
wcscpy
wcslen
memmove
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@XZ
atoi
sprintf
atof
fscanf
fclose
_localtime64
_mktime64

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
CreateThread
CreateMutexW
Sleep
WideCharToMultiByte
WaitForSingleObject
DeviceIoControl
CreateFileW
SetPriorityClass
GetCurrentProcess
InterlockedIncrement
WaitForMultipleObjects
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
lstrcmpW
GetCurrentDirectoryW
DeleteFileA
GetSystemDefaultLangID
GetModuleHandleA
GetStartupInfoW
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLastError
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
GetCommandLineW
GetCPInfo
GetVersionExW
GetVersion
InterlockedExchange
MultiByteToWideChar
FreeResource
LockResource
LoadResource
FindResourceW
GetVersionExA
CloseHandle
lstrlenW
lstrcmpiW

user32

GetCursorPos
LoadCursorW
SetForegroundWindow
FindWindowW
PtInRect
LoadIconW
GetFocus
SetRect
CopyRect
GetSysColor
FillRect
GetSysColorBrush
LoadBitmapW
DrawEdge
CreateMenu
CreatePopupMenu
LoadMenuW
SetWindowLongW
DeleteMenu
AppendMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSubMenu
ModifyMenuW
GetDC
DrawIcon
MessageBoxA
ReleaseDC
GetDesktopWindow
EnableWindow
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
DestroyIcon
MessageBoxW
ShowWindow
DrawIconEx
SystemParametersInfoW
GetSystemMetrics
GetMenuItemInfoW
FindWindowA
IsWindowVisible
SetTimer
IsIconic
KillTimer
UpdateWindow
wsprintfW
LoadImageW
PostMessageW
SetCursor
DestroyCursor
GetWindowLongW
WindowFromPoint
GetParent
GetNextDlgTabItem
GetActiveWindow
InvalidateRect
ClientToScreen
GetClientRect
GetWindowRect
SendMessageW
DrawFocusRect
FrameRect
OffsetRect
InflateRect
GetIconInfo
CreateIconIndirect
IsMenu
DrawStateW

gdi32

GetTextExtentPoint32W
RectVisible
SetPixel
SetDIBColorTable
StretchBlt
SetBkMode
CreateFontW
CreateBitmap
SetBkColor
SetTextColor
GetStockObject
Escape
ExtTextOutW
TextOutW
GetPixel
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
GetObjectW
CreateCompatibleBitmap
CreateFontIndirectW
CreatePen
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
CreateSolidBrush
DeleteObject
DeleteDC
PtVisible

msimg32

TransparentBlt
GradientFill

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetSecurityDescriptorDacl
AddAccessAllowedAce
LookupAccountNameW
InitializeAcl
InitializeSecurityDescriptor

shell32

ShellExecuteW
CommandLineToArgvW
ShellExecuteExW

comctl32

ImageList_GetIcon
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Draw
_TrackMouseEvent
ImageList_Replace
ord17
ImageList_ReplaceIcon

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleCreateStaticFromData

msvcp71

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

gdiplus

GdipLoadImageFromFileICM
GdipGetImageWidth
GdipGetImageHeight
GdipDisposeImage
GdipCreateFromHDC
GdipDrawImageRectI
GdipCloneImage
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDrawImageI
GdipDeleteGraphics
GdipAlloc
GdipFree

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 316KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a859a7a621981213f73eec43368f522b

Headers

File Characteristics

Imports

skinhu

winmm

ws2_32

mfc71u

msvcr71

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

ole32

msvcp71

gdiplus

wininet

iphlpapi

Sections

.text Size: 316KB - Virtual size: 314KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 4KB - Virtual size: 159KB

.rsrc Size: 172KB - Virtual size: 169KB

.text
Size: 316KB - Virtual size: 314KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 4KB - Virtual size: 159KB

.rsrc
Size: 172KB - Virtual size: 169KB