21789af4a7d652f725046a100c6feca91de25bec733ed84cdea960509cffa342

Sharing

Copy URL

Twitter E-mail

General

Target

21789af4a7d652f725046a100c6feca91de25bec733ed84cdea960509cffa342
Size

761KB
MD5

403c05c38670dd4d5e68a558e7f751ef
SHA1

77d4a6a03e3fe56edd15ccf3578fb204e41ddab2
SHA256

21789af4a7d652f725046a100c6feca91de25bec733ed84cdea960509cffa342
SHA512

c3249e8ed28b7a25d98006787df86ddcae384aaccfcb4eca065837f460895a76182fc847687a7c649b11de2f9b028a598e21c4697519a5d5bf0c4fd9af51a6ec
SSDEEP

12288:THkDePoXQQb/1fr0XVrEy1fOZUF/QzsKMGebeGG1nQQb/1fr0XVrEy1fOZUF/Qzk:THkDeQwVN82

Score

N/A

Malware Config

Signatures

Files

21789af4a7d652f725046a100c6feca91de25bec733ed84cdea960509cffa342
.exe windows x86

0676422b9d49854731fbbc8eb60f2529

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wkwbl90

?LoadUIResourceDLL@MWblIntl@@SAPAUHINSTANCE__@@PB_WPAU2@@Z
?CwchLoadWz@MWblIntl@@SAHPAUHINSTANCE__@@IPA_WH@Z
?NMessageBox@CWblMessages@@QAEHPAUHWND__@@IPB_W@Z
?_WksHeapDestroy@@YAPAXPAX@Z
?CwchFromWz@MWblStrings@@SAHPB_W@Z
?FailureMemory@CWblMessages@@QAEXPAUHWND__@@@Z
?WzStrStrEx@MWblStrings@@SAPA_WPB_WI0IW4EStringCompareType@@@Z
WksSqmRegWinMsg
?Init@CWblMessages@@QAEXPAUHINSTANCE__@@@Z
?_WksHeapCreate@@YAPAXKKK@Z
??0CWblMessages@@QAE@XZ
?CbFromWz@MWblStrings@@SAHPB_W@Z
?_WksHeapAlloc@@YAPAXPAXKK@Z
??2@YAPAXIPAXK@Z
?OperatorDelete@@YAXPAX@Z
?WzStrStr@MWblStrings@@SAPA_WPB_WI0I@Z
?_WblMemoryUninit@@YAXXZ
WksSqmOnBroadcast
WksSqmEnd
?FailureReinstall@CWblMessages@@QAEXPAUHWND__@@PB_W@Z
WksSqmBegin

wkwat90

?DryOff@@YAXXZ
?WksSetUnhandledExceptionFilter@@YAXXZ
?HrInitWksGen@@YAJK@Z
?WksBFirstRunEula@@YA_NXZ
?CleanUpWksGen@@YAXXZ
?kPM_SPARKCOMMAND@@3IA
?kPM_GETADMANAGER@@3IA
?Splash@@YAHIPB_WPAUHICON__@@1_N@Z

kernel32

InitializeCriticalSection
MultiByteToWideChar
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
GetModuleHandleW
GetCommandLineW
GetCurrentThreadId
CreateEventW
GetLastError
SetEvent
WaitForSingleObject
GetVersionExA
ResetEvent
Sleep
lstrcpynA
lstrcpynW
lstrlenW
GetVersionExW
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
GetModuleFileNameW
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersion
SetLastError
EnterCriticalSection
CreateSemaphoreW
RaiseException
GetCurrentThread
IsValidLocale
GetUserDefaultLCID
GetACP
HeapFree
GetProcessHeap
HeapAlloc
InterlockedIncrement
DeleteCriticalSection
InterlockedCompareExchange
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetLocaleInfoA
GetThreadLocale
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle

user32

GetTopWindow
MoveWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DestroyAcceleratorTable
GetSysColor
BeginPaint
FillRect
EndPaint
GetDC
ReleaseDC
IsChild
GetDlgItem
RedrawWindow
DestroyWindow
GetClassNameW
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
SetCapture
ReleaseCapture
InvalidateRect
InvalidateRgn
IsMenu
GetClassInfoExW
LoadCursorW
RegisterClassExW
CallWindowProcW
LoadAcceleratorsW
LoadMenuW
GetMessageW
TranslateMessage
wsprintfW
LoadImageW
DefWindowProcW
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
DestroyMenu
CreatePopupMenu
GetWindowRect
GetWindowLongW
PtInRect
TrackPopupMenuEx
IsWindow
MapWindowPoints
MessageBeep
SetWindowPos
SetRect
DeleteMenu
MessageBoxW
CreateWindowExW
RegisterWindowMessageA
GetParent
GetFocus
GetDesktopWindow
GetKeyState
SetWindowLongW
GetWindow
GetClientRect
LoadStringA
PostQuitMessage
SetFocus
IsWindowVisible
LoadStringW
CallNextHookEx
UnhookWindowsHookEx
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
SendMessageTimeoutW
GetLastActivePopup
SetForegroundWindow
PostMessageW
IsIconic
SetWindowsHookExW
CharNextW
SendMessageW
RegisterWindowMessageW
FindWindowW
UnregisterClassA
ShowWindow

gdi32

GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
SelectObject
BitBlt
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
GetObjectW

advapi32

RegSetValueExW
RegCreateKeyExW
OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
OleUninitialize
StringFromGUID2
OleLockRunning
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize

oleaut32

VariantClear
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
SysAllocStringLen
SysAllocStringByteLen
VariantInit
SysAllocString
SysFreeString
SysStringLen

msvcr80

memset
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
memcpy
wcslen
wcsncpy_s
wcscat_s
wcscpy_s
_unlock
_endthreadex
_beginthreadex
free
swprintf_s
memmove_s
_recalloc
memcmp
memcpy_s
malloc
_purecall
wcsncmp
wcscmp
_vsnwprintf_s
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
__CxxFrameHandler3
_CxxThrowException

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 652KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0676422b9d49854731fbbc8eb60f2529

Headers

DLL Characteristics

File Characteristics

Imports

wkwbl90

wkwat90

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcr80

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 652KB - Virtual size: 652KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 652KB - Virtual size: 652KB