a13a61fc22b66be74d38b5c7025019eac914cb9e1cd6e6a9f61243b475a9b255

Sharing

Copy URL Twitter E-mail

General

Target

a13a61fc22b66be74d38b5c7025019eac914cb9e1cd6e6a9f61243b475a9b255
Size

341KB
MD5

21432e2f128a4946d8d470185c19f714
SHA1

eb10c11a753634a7a3215ee2a649b45d33cd4457
SHA256

a13a61fc22b66be74d38b5c7025019eac914cb9e1cd6e6a9f61243b475a9b255
SHA512

fb07c98cd921a5c2fb239c5c0f862c0d0379bb676c82942061a0f670336064562ccdbb34e7680b9c5e75650e127acf9069309ad7b039b6df9cd6dcf86c6215ce
SSDEEP

6144:PO34BK1qlh70oLTpzxzAIwSLKCSM1BhQ+xNJUOaH2lAPud:PO34BK1qTBLTtfLKCdfNOW

Score

N/A

Malware Config

Signatures

Files

a13a61fc22b66be74d38b5c7025019eac914cb9e1cd6e6a9f61243b475a9b255
.exe windows x86

fc967590d31f435818ba6c902f3affbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140u

ord13070
ord3182
ord7654
ord7066
ord6495
ord5961
ord4604
ord4605
ord4603
ord4606
ord11222
ord11217
ord11212
ord11363
ord7469
ord3849
ord545
ord11995
ord1175
ord12317
ord6834
ord3257
ord4236
ord1446
ord9135
ord5850
ord13656
ord5173
ord13337
ord8067
ord6526
ord3162
ord1105
ord6830
ord3254
ord13289
ord1442
ord14131
ord7418
ord7642
ord14599
ord7441
ord6973
ord1476
ord6528
ord13261
ord13775
ord12558
ord12578
ord12953
ord12867
ord13694
ord14115
ord8881
ord14112
ord13019
ord14123
ord13022
ord5210
ord290
ord8756
ord8032
ord13087
ord13086
ord13095
ord4881
ord898
ord6795
ord14606
ord498
ord1521
ord6117
ord9138
ord4239
ord8070
ord3366
ord3260
ord6842
ord8062
ord11038
ord4485
ord6531
ord9468
ord8754
ord13544
ord4477
ord14234
ord14128
ord7810
ord5422
ord8773
ord974
ord1142
ord2885
ord12351
ord11962
ord500
ord8464
ord1454
ord2307
ord8470
ord7653
ord1472
ord8386
ord12247
ord10433
ord12928
ord12865
ord4589
ord7997
ord8324
ord5357
ord10379
ord2486
ord12542
ord12541
ord14589
ord7922
ord14595
ord9398
ord4152
ord4090
ord12947
ord7941
ord2034
ord11983
ord11982
ord14466
ord12531
ord8000
ord14667
ord6348
ord14669
ord6350
ord14668
ord6349
ord13911
ord995
ord6860
ord3852
ord5918
ord12239
ord8217
ord12251
ord12219
ord2345
ord5763
ord10250
ord1450
ord9131
ord1179
ord2753
ord14573
ord3874
ord2994
ord8745
ord4224
ord3189
ord6588
ord14657
ord12405
ord14604
ord12348
ord8712
ord12763
ord6751
ord2378
ord266
ord265
ord1526
ord1368
ord4076
ord2614
ord842
ord1451
ord975
ord2383
ord9126
ord1066
ord4219
ord3145
ord6490
ord1405
ord3359
ord1108
ord6801
ord3833
ord2750
ord2172
ord6501
ord1141
ord492
ord1452
ord976
ord1687
ord2389
ord2385
ord8757
ord8719
ord4664
ord5074
ord8360
ord12921
ord12584
ord1693
ord1689
ord2215
ord8746
ord4227
ord5954
ord2526
ord4885
ord3932
ord6607
ord2886
ord5583
ord4663
ord3846
ord2990
ord13251
ord1653
ord14405
ord2996
ord4886
ord6559
ord3882
ord2522
ord6566
ord8182
ord2304
ord4735
ord4715
ord8177
ord5586
ord1144
ord503
ord4815
ord5921
ord1692
ord280
ord285
ord3009
ord14320
ord12559
ord5109
ord2256
ord9128
ord1070
ord3872
ord2993
ord8744
ord4222
ord3147
ord6497
ord6316
ord4093
ord1143
ord501
ord1133
ord6549
ord7493
ord12131
ord6218
ord13752
ord2760
ord9210
ord12172
ord1111
ord9040
ord11015
ord11396
ord10472
ord4092
ord458
ord3403
ord3404
ord3164
ord7107
ord6129
ord6220
ord13756
ord3305
ord3302
ord10255
ord8210
ord2761
ord14785
ord10285
ord10287
ord10286
ord10284
ord10288
ord5652
ord11725
ord11726
ord9139
ord12089
ord3838
ord11936
ord14588
ord8965
ord12220
ord6978
ord11002
ord9256
ord3266
ord13878
ord12262
ord12258
ord1722
ord1744
ord1770
ord1756
ord1777
ord4936
ord5003
ord4948
ord4966
ord4960
ord4954
ord5013
ord4997
ord4942
ord5019
ord4974
ord4912
ord4927
ord4988
ord4502
ord5790
ord9693
ord4494
ord3055
ord14590
ord7923
ord14596
ord6877
ord11717
ord13028
ord13703
ord5935
ord7820
ord14137
ord2682
ord12124
ord3941
ord3371
ord3372
ord3265
ord12168
ord1002
ord5249
ord5549
ord5760
ord9350
ord5525
ord5252
ord5411
ord5228
ord7722
ord7723
ord13085
ord3864
ord450
ord7712
ord5409
ord8219
ord9209
ord2520
ord6486
ord358
ord6489
ord4094
ord3697
ord509
ord5962
ord9039
ord1391
ord11014
ord6499
ord890
ord10049
ord4882
ord2246
ord1525
ord11171
ord13654
ord13257
ord2010
ord1523
ord1690
ord5882
ord1462
ord14547
ord2029
ord985
ord5984
ord7509
ord9132
ord1180
ord1045
ord286
ord4225
ord5837
ord6589
ord7165
ord4466
ord5322
ord14377
ord3961
ord1171
ord296
ord3959
ord4884
ord5884
ord540
ord4649
ord14047
ord1663
ord1513
ord3237
ord13293
ord3363
ord1511
ord2409

kernel32

SetEvent
GlobalAlloc
GetLongPathNameW
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ReadDirectoryChangesW
GetCurrentDirectoryW
ResetEvent
GetDriveTypeW
WideCharToMultiByte
GlobalAddAtomW
GetVersionExW
FileTimeToLocalFileTime
CompareFileTime
RemoveDirectoryW
GetVersion
GlobalLock
GlobalUnlock
lstrcpyW
CopyFileW
MoveFileExW
SetErrorMode
OutputDebugStringW
WaitForMultipleObjects
FindFirstFileW
LocalFileTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryW
GlobalMemoryStatus
GetTickCount
FindClose
ResumeThread
CreateFileMappingW
LocalFree
VirtualQuery
FormatMessageW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
UnmapViewOfFile
MapViewOfFile
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetLocalTime
lstrlenW
FindNextFileW
GetFileAttributesW
CreateDirectoryW
FindResourceW
ReadFile
WriteFile
SizeofResource
LoadResource
GetPrivateProfileStringW
SetCurrentDirectoryW
GetModuleFileNameW
WritePrivateProfileStringW
DeleteFileW
CreateFileW
GetLastError
OpenProcess
GetCommandLineW
GlobalFree
CreateMutexW
CloseHandle
Sleep
GetVolumeInformationW
WaitForSingleObject
CreateEventW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetFileSize

user32

ReleaseDC
GetDC
GetWindowThreadProcessId
EnumWindows
RemovePropW
GetPropW
SetPropW
SetForegroundWindow
CopyIcon
LoadImageW
DestroyIcon
LoadMenuW
GetWindowRect
GetClientRect
InvalidateRect
EnableWindow
SendMessageW
GetSubMenu
MonitorFromWindow
GetMonitorInfoW
DrawFrameControl
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetMenuItemCount
AppendMenuW
ModifyMenuW
PostMessageW
SetTimer
KillTimer
SetCursor
LoadCursorW
TranslateMessage
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
GetClassInfoW
RegisterHotKey
SetWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
GetKeyState
LoadAcceleratorsW
TranslateAcceleratorW
GetSystemMetrics
GetSystemMenu
CheckMenuItem
EnableMenuItem
DeleteMenu
DrawIcon
GetParent
LoadIconW
IsWindow
GetDlgCtrlID
UpdateWindow
GetCursorPos
ScreenToClient
CopyRect
RemoveMenu
CreatePopupMenu
InsertMenuW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
UnregisterHotKey
GetFocus
ClientToScreen
GetDoubleClickTime
GetMenuState
TrackMouseEvent
FillRect
GetWindowLongW
PtInRect
CallWindowProcW
GetMenuItemInfoW
SetWindowLongW
SetRect
DrawEdge
RegisterClipboardFormatW

gdi32

Escape
RectVisible
TextOutW
ExtTextOutW
CreateFontW
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
GetTextMetricsW
SelectObject
RoundRect
GetBkMode
GetBkColor
GetObjectW
PtVisible
BitBlt
CreateFontIndirectW

advapi32

RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegSetValueExW
RegCreateKeyW
GetUserNameW
RegOpenKeyExW
RegEnumKeyExW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
SHGetFileInfoW
CommandLineToArgvW
ShellExecuteExW
SHBrowseForFolderW
Shell_NotifyIconW
SHGetDesktopFolder
SHFileOperationW
SHGetMalloc
SHGetPathFromIDListW

comctl32

ImageList_Draw
ImageList_ReplaceIcon
ord17

skinhu

SkinH_DetachEx
SkinH_Detach
SkinH_Attach

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xruntime_error@std@@YAXPBD@Z
??0_Locinfo@std@@QAE@HPBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getname@_Locinfo@std@@QBEPBDXZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?global@locale@std@@SA?AV12@ABV12@@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z

uilibu

??1CDialogBuilder@DuiLib@@QAE@XZ
??1CPaintManagerUI@DuiLib@@QAE@XZ
?MessageHandler@CPaintManagerUI@DuiLib@@QAE_NIIJAAJ@Z
?Offset@CDuiRect@DuiLib@@QAEXHH@Z
??0CDuiRect@DuiLib@@QAE@ABUtagRECT@@@Z
?Create@CDialogBuilder@DuiLib@@QAEPAVCControlUI@2@VSTRINGorID@2@PB_WPAVIDialogBuilderCallback@2@PAVCPaintManagerUI@2@PAV32@@Z
??0CDialogBuilder@DuiLib@@QAE@XZ
?GetCurSel@CTabLayoutUI@DuiLib@@QBEHXZ
?FindControl@CPaintManagerUI@DuiLib@@QBEPAVCControlUI@2@PB_W@Z
?AddNotifier@CPaintManagerUI@DuiLib@@QAE_NPAVINotifyUI@2@@Z
?SelectItem@CTabLayoutUI@DuiLib@@QAE_NH@Z
?AttachDialog@CPaintManagerUI@DuiLib@@QAE_NPAVCControlUI@2@@Z
?SetDefaultLinkHoverFontColor@CPaintManagerUI@DuiLib@@QAEXK@Z
?SetDefaultLinkFontColor@CPaintManagerUI@DuiLib@@QAEXK@Z
??1CDuiString@DuiLib@@QAE@XZ
??BCDuiString@DuiLib@@QBEPB_WXZ
??HCDuiString@DuiLib@@QBE?AV01@PB_W@Z
?GetInstancePath@CPaintManagerUI@DuiLib@@SA?AVCDuiString@2@XZ
?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?SetResourceZip@CPaintManagerUI@DuiLib@@SAXPB_W_N@Z
??8CDuiString@DuiLib@@QBE_NPB_W@Z
??0CPaintManagerUI@DuiLib@@QAE@XZ
?Init@CPaintManagerUI@DuiLib@@QAEXPAUHWND__@@@Z
?AttachHostWindow@CWindowCtrlUI@DuiLib@@QAEHPAUHWND__@@@Z

vcruntime140

__CxxFrameHandler3
_CxxThrowException
memmove
__std_terminate
memset
memcpy
__RTDynamicCast
wcschr
_purecall
_except_handler4_common

api-ms-win-crt-string-l1-1-0

_wcsicmp
wcsncpy
towupper

api-ms-win-crt-runtime-l1-1-0

_initterm
_errno
exit
_invalid_parameter_noinfo_noreturn
_controlfp_s
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_app_type
_exit
_initterm_e
_configure_wide_argv
_get_wide_winmain_command_line
_initialize_wide_environment
_invalid_parameter_noinfo

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswscanf
__stdio_common_vswprintf
__p__commode
_set_fmode

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstoul
_ltow
wcstol

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath

api-ms-win-crt-utility-l1-1-0

srand
rand
qsort

api-ms-win-crt-time-l1-1-0

_time64
_mktime64
wcsftime
_localtime64_s

api-ms-win-crt-heap-l1-1-0

malloc
_msize
_set_new_mode
calloc
realloc
free

api-ms-win-crt-math-l1-1-0

_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc967590d31f435818ba6c902f3affbe

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

gdi32

advapi32

shell32

comctl32

skinhu

msvcp140

uilibu

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 205KB - Virtual size: 204KB

_TEXT Size: 1KB - Virtual size: 1KB

.rdata Size: 79KB - Virtual size: 79KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 52KB - Virtual size: 51KB

.text
Size: 205KB - Virtual size: 204KB

_TEXT
Size: 1KB - Virtual size: 1KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 52KB - Virtual size: 51KB