bdd63f9c828be0f43666ad1e9d487f1d90d6a2b925e4abaf553884f9448f521d

Sharing

Copy URL Twitter E-mail

General

Target

bdd63f9c828be0f43666ad1e9d487f1d90d6a2b925e4abaf553884f9448f521d
Size

920KB
MD5

46c61260ab91c4f07e140a5a2ed6ef34
SHA1

1e1b2956e4fa95045a9f3598c9bfb61240b3fb60
SHA256

bdd63f9c828be0f43666ad1e9d487f1d90d6a2b925e4abaf553884f9448f521d
SHA512

0c49fe1ddddeebf9c4fb65a2d0288dea02d545046006307bef3e92d66f0af041e1826b1126facbad9b667bea1367d72a071c3c35cc0369437f897564cc1cac4f
SSDEEP

12288:hiLYXe1sYD+pZ+HeoGCx19KkOvvstr25hoMJ+f3IEAZg:yYXe1sYD+rQeRCzms5AoMStAZg

Score

N/A

Malware Config

Signatures

Files

bdd63f9c828be0f43666ad1e9d487f1d90d6a2b925e4abaf553884f9448f521d
.exe windows x86

4f579b39a5234faabe100442ef1b70f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

idl32

ord108
ord253
ord189
ord254
ord315
ord458
ord481
ord394
ord318
ord478
ord496
ord454
ord149
ord461
ord482
ord484
ord396
ord413
ord537
ord483
ord541
ord552
ord550
ord553
ord556
ord564
ord566
ord239
ord256
ord480
ord460
ord468
ord469
ord555
ord567
ord477
ord543
ord399
ord463
ord462
ord491
ord490
ord185
ord517
ord486
ord488
ord579
ord261
ord563
ord562
ord565
ord573
ord574
ord575
ord576
ord577
ord546
ord548
ord559
ord547
ord549
ord551
ord570
ord569
ord568
ord539
ord561
ord560
ord578
ord485
ord492
ord494
ord493
ord495
ord459
ord479
ord472
ord467
ord466
ord473
ord376
ord475
ord474
ord476
ord545
ord533
ord536
ord401
ord542
ord497
ord236
ord404
ord457
ord281
ord415
ord111
ord456
ord131
ord300
ord505
ord512
ord502
ord527
ord503
ord504
ord511
ord520
ord521
ord470
ord489
ord518
ord528
ord529
ord501
ord500
ord455
ord557
ord540
ord538
ord397
ord535
ord572
ord571
ord487
ord465
ord187
ord464

mfc42

ord2860
ord6453
ord3803
ord823
ord2859
ord772
ord3701
ord5860
ord1938
ord4268
ord500
ord5606
ord2530
ord4366
ord4056
ord3295
ord4121
ord2389
ord5234
ord6369
ord5279
ord5064
ord5248
ord6154
ord554
ord807
ord5471
ord6197
ord3092
ord6605
ord1716
ord4284
ord3797
ord4163
ord2444
ord5158
ord2379
ord5884
ord2921
ord6335
ord2546
ord6109
ord291
ord4806
ord6064
ord3495
ord4615
ord4612
ord4610
ord4274
ord1711
ord2554
ord2512
ord5731
ord3922
ord1089
ord6880
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord4622
ord3738
ord815
ord561
ord3874
ord860
ord6375
ord2635
ord2558
ord1199
ord5214
ord2621
ord1146
ord3663
ord617
ord542
ord296
ord802
ord2514
ord773
ord4376
ord4853
ord3597
ord324
ord3619
ord3626
ord2414
ord4234
ord640
ord2817
ord6199
ord2405
ord323
ord1641
ord1640
ord4299
ord5289
ord2614
ord5199
ord1218
ord1203
ord6215
ord4129
ord537
ord5220
ord6117
ord2863
ord5643
ord1001
ord5609
ord2764
ord1134
ord535
ord2777
ord3702
ord501
ord4224
ord5101
ord2101
ord2723
ord2390
ord3059
ord5100
ord5104
ord4303
ord3351
ord5012
ord5472
ord3403
ord2879
ord2878
ord4152
ord4077
ord5237
ord2382
ord5283
ord2649
ord1665
ord4436
ord2445
ord1085
ord3650
ord5254
ord4458
ord5981
ord976
ord5031
ord2011
ord6068
ord1083
ord3754
ord2438
ord6270
ord4220
ord2584
ord3654
ord1644
ord5683
ord1081
ord1147
ord1148
ord5484
ord4467
ord401
ord674
ord4245
ord4772
ord4995
ord4413
ord4337
ord4364
ord3583
ord620
ord298
ord4230
ord1233
ord6379
ord3089
ord4076
ord755
ord470
ord2800
ord2302
ord2086
ord5802
ord3098
ord4055
ord3525
ord6093
ord4275
ord3721
ord795
ord3571
ord4123
ord3873
ord3876
ord941
ord715
ord415
ord2152
ord2116
ord5601
ord6134
ord4130
ord5620
ord4204
ord3483
ord5641
ord356
ord1979
ord5442
ord665
ord5186
ord354
ord5597
ord3993
ord5882
ord5872
ord5883
ord5785
ord2775
ord5605
ord1859
ord4246
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord6069
ord3610
ord2383
ord5284
ord5255
ord796
ord818
ord529
ord402
ord3771
ord4457
ord2494
ord4428
ord5032
ord5732
ord3870
ord1008
ord6209
ord4437
ord6663
ord3452
ord4907
ord5607
ord2762
ord4153
ord6111
ord2639
ord924
ord4362
ord2626
ord5871
ord2627
ord1168
ord647
ord4157
ord333
ord6067
ord3482
ord6000
ord2117
ord2080
ord2120
ord3103
ord4146
ord5053
ord4216
ord3499
ord2652
ord1669
ord4501
ord922
ord810
ord686
ord4145
ord3708
ord781
ord2111
ord3763
ord4131
ord5849
ord3476
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord496
ord497
ord4259
ord4715
ord2646
ord3317
ord5873
ord6172
ord5789
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord768
ord489
ord4258
ord5937
ord3061
ord4644
ord4217
ord2576
ord4397
ord3352
ord3577
ord925
ord2937
ord2615
ord5890
ord3995
ord6780
ord6334
ord5951
ord3095
ord2754
ord3573
ord703
ord1643
ord403
ord2587
ord4406
ord3729
ord804
ord384
ord3394
ord4267
ord2119
ord4287
ord2123
ord2096
ord2862
ord6008
ord4125
ord3287
ord3297
ord3303
ord3742
ord5787
ord3220
ord4083
ord4133
ord4297
ord5788
ord472
ord3693
ord1768
ord4454
ord5600
ord998
ord2301
ord3398
ord3733
ord6676
ord2097
ord2408
ord6889
ord939
ord2827
ord926
ord3127
ord5651
ord3616
ord350
ord3126
ord3613
ord2370
ord2358
ord4271
ord3914
ord3296
ord2149
ord603
ord1989
ord2454
ord3318
ord1969
ord273
ord882
ord2801
ord6383
ord879
ord2740
ord5440
ord5815
ord3104
ord2776
ord3977
ord355
ord692
ord616
ord4425
ord1175
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4834
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2515
ord4998
ord4852
ord4375
ord5265
ord5016
ord4750
ord4716
ord4635
ord5067
ord1834
ord2915
ord5572
ord6662
ord1200
ord5710
ord858
ord4278
ord2818
ord6282
ord2763
ord3175
ord656
ord3574
ord4396
ord2575
ord2864
ord4710
ord6241
ord540
ord4160
ord3907
ord2642
ord6320
ord609
ord4229
ord641
ord800

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_chdir
_stricmp
_getcwd
_strdup
_stat
strstr
malloc
__p___argv
__p___argc
_mbscmp
free
strchr
__RTDynamicCast
abs
strncmp
strcat
atoi
strrchr
isspace
_strcmpi
strtod
_CIpow
_setmbcp
strcpy
tolower
memcmp
strlen
__CxxFrameHandler
strcmp
sscanf
memset
memcpy
toupper
_purecall
strtok
_ftol
_splitpath
_controlfp
strtol
strtoul
_mbsicmp
fputc
fgetc
fclose
fopen
realloc
rename
isdigit
atof
atol
sprintf
memmove
_except_handler3
strncpy
time
_fullpath
_strnicmp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
exit

kernel32

OpenFile
SetLastError
GetVersion
IsDBCSLeadByte
LocalAlloc
WritePrivateProfileStringA
SearchPathA
GetModuleHandleA
GetFileAttributesA
CopyFileA
FindResourceA
SizeofResource
LoadResource
FreeResource
CreateDirectoryA
FindNextFileA
FindClose
GetTempFileNameA
DeleteFileA
FormatMessageA
LocalFree
GetProcAddress
LoadLibraryA
FreeLibrary
lstrcpyA
SetCurrentDirectoryA
lstrlenA
GetLastError
GlobalHandle
GlobalUnlock
GlobalFree
GetProfileStringA
Sleep
MulDiv
lstrcmpiA
GlobalAlloc
GlobalLock
GetModuleFileNameA
GetVersionExA
GetFullPathNameA
FindFirstFileA
GetCurrentDirectoryA
lstrcmpA
_lopen
LocalUnlock
LocalLock
lstrcpynA
_lwrite
_lread
_lcreat
GetStartupInfoA
_lclose

user32

SetClipboardData
GetCursor
SetCursorPos
GetKeyState
RedrawWindow
GetForegroundWindow
MessageBoxA
wvsprintfA
DialogBoxParamA
GetWindow
ShowCaret
CreateCaret
DestroyCaret
LoadIconA
EditWndProc
GetScrollPos
SetCaretPos
ScrollWindow
BringWindowToTop
GetClientRect
GetCursorPos
GetMessagePos
ScreenToClient
EmptyClipboard
OpenClipboard
DrawFocusRect
PeekMessageA
BeginPaint
HideCaret
GetScrollRange
CharLowerA
GetClipboardData
GetDlgItemInt
SetDlgItemInt
ShowScrollBar
GetDlgItemTextA
IsDlgButtonChecked
GetDialogBaseUnits
SetDlgItemTextA
SendDlgItemMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
CloseClipboard
FrameRect
RemoveMenu
CharUpperBuffA
WinHelpA
KillTimer
LoadStringA
CopyRect
OffsetRect
CopyAcceleratorTableA
CreateAcceleratorTableA
DestroyAcceleratorTable
wsprintfA
GetQueueStatus
SetActiveWindow
GetCapture
IsWindowVisible
GetSysColor
LoadBitmapA
CharPrevA
CharNextA
CharUpperA
SetRect
InflateRect
GetSystemMetrics
ShowWindow
GetWindowLongA
LoadMenuA
LoadCursorA
SetCursor
UpdateWindow
ReleaseCapture
MessageBeep
IsWindow
GetActiveWindow
IsZoomed
SetFocus
MoveWindow
ClientToScreen
SetCapture
SetTimer
GetFocus
CreateWindowExA
SetScrollRange
SetScrollPos
EnableMenuItem
DrawMenuBar
MapWindowPoints
LoadImageA
CreateDialogParamA
FillRect
DestroyWindow
GetMenu
GetSubMenu
GetMenuStringA
GetMenuItemCount
AppendMenuA
DeleteMenu
SetForegroundWindow
IsIconic
PostMessageA
IsCharAlphaA
IsCharAlphaNumericA
EndPaint
SetClassLongA
InvalidateRect
SetRectEmpty
SetWindowLongA
ReleaseDC
GetDC
SendMessageA
GetDlgItem
SetWindowTextA
GetWindowRect
SetWindowPos
EnableWindow
GetParent
EndDialog
RegisterClassA
DefWindowProcA
RegisterWindowMessageA
ValidateRect
SetParent
IsChild
GetMessageA
GetUpdateRect
ScrollDC
CreatePopupMenu

gdi32

StretchBlt
RealizePalette
GetStockObject
MoveToEx
SetTextColor
SetTextAlign
GetCurrentPositionEx
CreatePalette
SetBkColor
GetCharWidthA
GetTextExtentPointA
DeleteObject
TextOutA
CreateFontA
PatBlt
EnumFontFamiliesA
ExtTextOutA
CreateSolidBrush
SetMapMode
StartDocA
SetAbortProc
EndPage
EndDoc
StartPage
CreateDCA
CreateDIBitmap
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
GetTextMetricsA
DeleteDC
GetDeviceCaps
BitBlt
CreateFontIndirectA
GetObjectA
CreateICA
CreatePen
Polygon
GetTextExtentPoint32A

comdlg32

PageSetupDlgA
PrintDlgA
GetSaveFileNameA
CommDlgExtendedError
ChooseFontA
GetOpenFileNameA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHFileOperationA
DragQueryFileA
DragFinish

comctl32

ImageList_EndDrag
ImageList_DragEnter
ImageList_DragMove
ImageList_DragLeave
ImageList_Add
ImageList_BeginDrag

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Sections

.text
Size: 448KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f579b39a5234faabe100442ef1b70f9

Headers

File Characteristics

Imports

idl32

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

version

Sections

.text Size: 448KB - Virtual size: 448KB

.rdata Size: 76KB - Virtual size: 76KB

.data Size: 24KB - Virtual size: 33KB

.rsrc Size: 368KB - Virtual size: 366KB

.text
Size: 448KB - Virtual size: 448KB

.rdata
Size: 76KB - Virtual size: 76KB

.data
Size: 24KB - Virtual size: 33KB

.rsrc
Size: 368KB - Virtual size: 366KB