c72ca037ab99fb850f3be860ff08dc5f3f73dc66294817915046869ec5f4bf23

Sharing

Copy URL Twitter E-mail

General

Target

c72ca037ab99fb850f3be860ff08dc5f3f73dc66294817915046869ec5f4bf23
Size

169KB
MD5

6a596915b9a8d99b70f68c799a14c919
SHA1

c258b1f8fbec91203fd999d1ab9f820446f99652
SHA256

c72ca037ab99fb850f3be860ff08dc5f3f73dc66294817915046869ec5f4bf23
SHA512

8c1306606cc2c0d3eab381d1a7d4f01d2aa9d9c685c6bd27e303aa1f0dc16bb67c96a72df991e9e36433780b8f3ad504142c918c6235f78c30e814573a023fc3
SSDEEP

3072:KRXD8Zb+V4n3b7ridZiAKJ5oMhycmAbU4Ufviwn4TvY/pDGI4EElhq:K98nT4Z0hycmp4aviwnoINcEElw

Score

N/A

Malware Config

Signatures

Files

c72ca037ab99fb850f3be860ff08dc5f3f73dc66294817915046869ec5f4bf23
.exe windows x86

9a6c528cb4b64863bdb57a75f7399cac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

simplyaccounting_bus

?bCompactDatabase@SmpDataConn@@QAEHPAD@Z
vGLBSetSecurityFileExt
vGLBSetNewCompExt
?UpdateReleaseNumber@SmpDataConn@@QAEHPAD@Z
??1SmpUserListDB@@QAE@XZ
?nGetHistSet@SmpDataConn@@QAEFXZ
?lGetNumUsers@SmpUserListDB@@QAEJXZ
?bReadUserList@SmpUserListDB@@QAEHXZ
??0SmpUserListDB@@QAE@XZ
vGLBSetUseBilingual
?vSetErrorQueue@DisplayErrorQueue@@QAEXPAVErrorQueue@@@Z
vGLBSetSimplyDataVersion
vGLBSetBusFileExt
vGLBSetOldCompExt
vGLBSetIniKeys
?vInitCountryType@SmpDataConn@@QAEXF@Z
vGLBSetCountry
vGLBSetProfFileName
vGLBSetAppName
vGLBSetSVal
pGLBGetErrorQueue
vGLBSetLeadYear
vGLBSetShorterDateFormat
vGLBSetsDateFormat
vGLBSetwDateFormat
bGLBGetLeadYear
vGLBGetShorterDateFormat
vGLBGetsDateFormat
wGLBGetwDateFormat
?vSetLogOnInfo@SmpDataConn@@QAEXPAX@Z
??1CUserLogOn@@QAE@XZ
?bLogOffUser@CUserLogOn@@QAEHJ@Z
?vGetLogOnInfo@SmpDataConn@@QAEXAAPAX@Z
vGetAppName
vGLBSetquitting
bTAXPurgeAllMem
?bIsLiteOnly@VersionDef@@QAEHXZ
bSimpleMAPILogoff
?bIsTrialVersion@VersionDef@@QAEHXZ
vIncrementHelpDataDateFromRegistry
vGLBSetCrystalSession
pGLBGetCrystalSession
?vDestroyInstance@InvPriceUtil@@SAXXZ
?DestroyInstance@JobCategoryUtil@@SAXXZ
?DestroyInstance@SA_DateFormat@@SAXXZ
??1SmpWinPos@@UAE@XZ
?bFindWndLoc@SmpWinPos@@QAEHPAD@Z
?vInit@SmpWinPos@@QAEXXZ
??0SmpWinPos@@QAE@XZ
SmpCenterWindow
vGLBSetHelpFileName
?DestroyInstance@DBMPref@@SAXXZ
?DestroyInstance@SmpHistLstManager@@SAXXZ
?DestroyInstance@InvPrePayment@@SAXXZ
?DestroyInstance@POInvStyle@@SAXXZ
?DestroyInstance@ShpTrack@@SAXXZ
?DestroyInstance@InvTemplateCustomize@@SAXXZ
?DestroyInstance@InvTemplateCreator@@SAXXZ
??1SmpPasswordUtil@@QAE@XZ
StopAlert
?bIsProVersion@VersionDef@@QAEHXZ
AskIndAlertEx
?bSharedMode@VersionDef@@QAEHXZ
?wGetSBLLastError@SmpDataConn@@QAEGXZ
vGLBSetSADBOpenType
?bValidate@SmpDataConn@@QAEHPADG0000@Z
?bCreateSysAdmin@SmpPasswordUtil@@QAEHPAD0@Z
??0SmpPasswordUtil@@QAE@XZ
?vInitSBLDBGlobals@SmpDataConn@@QAEXFHH@Z
?bIsConnected@SmpDataConn@@QAEHXZ
?bGetDataVersion@SmpDataConn@@QAEHAAF00AA_N@Z
vGLBSetDBType
?bIsPremConsolidation@VersionDef@@QAEHXZ
?vInitSBLDBGlobalsPremCon@SmpDataConn@@QAEXH@Z
?vInitSBLDBGlobalsLiteVersion@SmpDataConn@@QAEXH@Z
nGLBGetSimplyDataVersion
?bDBUpdateFileVersion@SmpDataConn@@QAEHF@Z
vGLBGetOldCompExt
?bIsAccountant@VersionDef@@QAEHXZ
vGLBGetNewCompExt
bFileExist
AskAlert
vGLBSetDBOpenType
vGLBSetpassAccess
BuildPathName
fwExists
StopIndAlert
vGLBGetpassAccess
CenterWindowToParent
BoolDialogBox
SetDlgItemsFont
vSetWinAppTitle
FreezeApp
DisposeBar
AskIndAlertHelp
pGetDispErrorQueue
?wGetLastIOError@DisplayErrorQueue@@QAEGXZ
nGetDiskFreeSpace
??1VersionDef@@QAE@XZ
iGLBGetCountry
?wReadAllSN@CompanySettingDB@@QAEGJ@Z
?IncomesUS@CompanySetting@@QAEAAVCompIncomesUS@@XZ
?begin@?$CompIncsDeds_Base@VCompIncomeUS@@UIncomeIndexUS@@@@QAEPAVCompIncomeUS@@XZ
?IncomesCan@CompanySetting@@QAEAAVCompIncomesCan@@XZ
?begin@?$CompIncsDeds_Base@VCompIncomeCan@@UIncomeIndexCan@@@@QAEPAVCompIncomeCan@@XZ
??0CompSettingUtil@@QAE@PAVCompanySetting@@@Z
?bTransBegin@SmpDataConn@@QAEHXZ
?bSaveNewSettings@CompSettingUtil@@QAEHHPAVCompanySetting@@H@Z
?bTransCommit@SmpDataConn@@QAEHAAVCompanySetting@@@Z
?bTransRollback@SmpDataConn@@QAEHAAVCompanySetting@@@Z
bPlaybackErrors
??1CompSettingUtil@@QAE@XZ
StopIndAlertEx
?bCloseCompTables@SmpDataConn@@QAEHXZ
??0JourEdit@@QAE@XZ
??0JourPost@@QAE@XZ
??0Date@@QAE@XZ
??0CompanySettingDB@@QAE@XZ
pGLBGetAccountRanges
?wReadSNFileVerWL@CompanySettingDB@@QAEGXZ
?wReadSNCompanyWL@CompanySettingDB@@QAEGXZ
?wReadSNLinkActWL@CompanySettingDB@@QAEGH@Z
?wReadSNMiscWL@CompanySettingDB@@QAEGXZ
?wReadSNShrdWL@CompanySettingDB@@QAEGXZ
?wUpdateSNLinkAct@CompanySettingDB@@QAEGXZ
??1CompanySettingDB@@UAE@XZ
??1Date@@QAE@XZ
?bDrType@AccountRanges@@QAEHJ@Z
??0AcctNum@@QAE@ABJ@Z
?iUpdateGSRec@JourEdit@@QAEHVAcctNum@@JNNHHH@Z
?vSetCurrencyId@JourEdit@@QAEXJ@Z
?vSetDecs@JourEdit@@QAEXH@Z
??4Date@@QAEAAV0@ABV0@@Z
pGLBGetCompanySettingDB
??4CompanySettingDB@@QAEAAV0@ABV0@@Z
?nGetGSRecs@JourEdit@@QAEFXZ
pGetLstRecMgr
?bInitOneModule@SmpLstRecManager@@QAEHPAVCompanySetting@@H@Z
iLoadString
??4JourEdit@@QAEAAV0@ABV0@@Z
?iGetDecs@JourEdit@@QAEHXZ
?bDoJournal@JourPost@@QAEHHPAVJourEdit@@HHVAcctNum@@VDate@@PAD3HIJNJGH_N@Z
?wUpdateJournalEntries@JourPost@@QAEGXZ
?bUpdateAcctBalance@JourPost@@QAEHPAVCompanySetting@@H@Z
?wUpdateSNShrdWL@CompanySettingDB@@QAEGXZ
?wUpdateSNCompanyWL@CompanySettingDB@@QAEGXZ
?wUpdateSNMiscWL@CompanySettingDB@@QAEGXZ
??1JourPost@@QAE@XZ
??1JourEdit@@QAE@XZ
??0VersionDef@@QAE@XZ
pGLBGetDataConn
?bDisconnect@SmpDataConn@@QAEHXZ
?vUnloadDAO@SmpDataConn@@SAXXZ
?bIsPayrollOnly@VersionDef@@QAEHXZ
PercentDlg
?bConnect@SmpDataConn@@QAEHPADG00000@Z
vSetProgBarText
?bIsPremiumVer@VersionDef@@QAEHXZ
DeinitSimpleMAPI

simplyaccounting_glblsui

vGLBSetszFileName
hGLBGetMWnd
vGLBGetCompId
vGLBGetszFileName
vGLBSetHeaderFont
hGLBSetUnderLineFont
vGLBSetBoldFont
vGLBSetSelBoldFont
hGLBGetCompFont
vGLBGetServerName
hGLBGetCashJEntsHandle
vGLBSetHHWBackPalette
hGLBGetHIcon
vGLBSetHBrush
vGLBSetHBitmap
vGLBSetHHWDIB
hGLBGetHHWDIB
vGLBSetHIcon
hGLBGetHHWXtraBack
vGLBSetSelFont
vGLBSetCompFont
hGLBGetHBrush
vGLBSetSymbolPlacement
vGLBSetdollSign
vGLBGetdollSign
vGLBSetthousSep
vGLBSetdecPt
vGLBSetMWnd
vGLBSetWndProc
fpGLBGetWndProc
hGLBGetGrayPen
vGLBSetBRUsedExt
hGLBGetBRUsedExt
hGLBGetCurrencyHandle
vGLBSetNumDepartmentEnts
hGLBGetDepartmentHandle
hGLBGetCreditCardEntsHandle
hGLBGethPRDist
hGLBGetCHistTrans
hGLBGetVHistTrans
hGLBGetLYJEntsHandle
hGLBGetJEntsHandle
hGLBGetHPen
hGLBGetHeaderFont
hGLBGetUnderLineFont
hGLBGetBoldFont
hGLBGetSelFont
hGLBGetButHBitmap
hGLBGetHBitmap
vGLBSetIconsTheIcon
hGLBGetIconsTheIcon
vGLBSetHHWXtraBack
hGLBGetHHWBackPalette

simplyaccounting_simconv

bConvertTo90
bConvertTo140
lSimConvMain
bConvertTo130
bConvertTo100
bConvertTo85
bConvertToMySQL
bConvertTo110
bConvertTo120

simplyaccounting_resstr

nResGetCurrLang
vResSetCurrLang
vResSetUseBilingual

simplyaccounting_resdlg

hResDlgGetInst

simplyaccounting_io

nIOGetCurrencyDecFromDB
?nType@CompIncomeUS@@QBEFXZ
?vType@CompIncomeUS@@QAEXF@Z
?nType@CompIncomeCan@@QBEFXZ
?vType@CompIncomeCan@@QAEXF@Z
?vInsHrs@CompIncomeCan@@QAEXH@Z
wIOClosePIDTable

simplyaccounting_dblyr

vSDBLogDBChanges
bSDBGetLogFileName

simplyaccounting_utils

vGetAppPath
SimplyGlobalFree
SimplyGlobalSize
SimplyGlobalAllocPtr
SimplyGlobalFreePtr
bGetSimplyIniFolder
ParamText
pMakeFileName
vGetDateFormat

comctl32

InitCommonControlsEx
ord17

kernel32

DeleteFileA
GetSystemDirectoryA
GetProfileStringA
FindFirstFileA
GetProfileIntA
FindResourceA
LoadResource
LockResource
FreeResource
CreateProcessA
WaitForSingleObject
CloseHandle
CreateDirectoryA
CopyFileA
FindNextFileA
FindClose
RemoveDirectoryA
GetTempPathA
GetModuleFileNameA
RtlUnwind
GetLastError
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
RaiseException
GetProcAddress
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
HeapAlloc
TerminateProcess
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
LoadLibraryA
SetStdHandle
FlushFileBuffers

user32

GetClientRect
GetWindowTextA
DrawTextA
CreateWindowExA
GetWindowLongA
GetClassInfoA
RegisterClassA
PostQuitMessage
MessageBoxA
IsWindowEnabled
GetActiveWindow
GetSysColor
GetWindowRect
MoveWindow
ShowWindow
CheckRadioButton
IsDlgButtonChecked
EndDialog
SetDlgItemTextA
SetFocus
SendMessageA
BeginPaint
LoadIconA
DrawIcon
EndPaint
CreateDialogParamA
LoadCursorA
SetCursor
DestroyWindow
GetDlgItem
CallWindowProcA
DestroyIcon

gdi32

GetTextMetricsA
GetDeviceCaps
DeleteDC
MoveToEx
LineTo
SetBkMode
SelectObject
SetTextColor
DeleteObject
CreateICA
GetStockObject
GetObjectA
CreateFontIndirectA

ole32

CoInitialize
CoUninitialize

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a6c528cb4b64863bdb57a75f7399cac

Headers

File Characteristics

Imports

simplyaccounting_bus

simplyaccounting_glblsui

simplyaccounting_simconv

simplyaccounting_resstr

simplyaccounting_resdlg

simplyaccounting_io

simplyaccounting_dblyr

simplyaccounting_utils

comctl32

kernel32

user32

gdi32

ole32

version

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 80KB - Virtual size: 80KB