d7dcbcc531285dc2eb8224e00b73ff4a3912c1a5ecd4b41fe3748e2e12754472

Sharing

Copy URL Twitter E-mail

General

Target

d7dcbcc531285dc2eb8224e00b73ff4a3912c1a5ecd4b41fe3748e2e12754472
Size

668KB
MD5

6b6c3cf8ba4cc7bc81669b7a85087810
SHA1

2ebdd80edfb7a788e0d3b47054a12bcb8443a61d
SHA256

d7dcbcc531285dc2eb8224e00b73ff4a3912c1a5ecd4b41fe3748e2e12754472
SHA512

69657a4208637027d6a2abf320a676098b26fb1dc5d9fc2c7562b61213bd1d38986b4c6630679e6eaf8d627062f399fe50c1d85474ccfa8750696789ae6dde35
SSDEEP

12288:PFBmFnYmyEHLvxIekd9c5JpyMBxFk8jk:dB/wJIjd9c53rLkI

Score

N/A

Malware Config

Signatures

Files

d7dcbcc531285dc2eb8224e00b73ff4a3912c1a5ecd4b41fe3748e2e12754472
.exe windows x86

f6af76e1e50ad50828b348f60ab891f1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

libdb50

ord1

mfc80

ord299
ord6703
ord3761
ord310
ord4580
ord6754
ord6752
ord1084
ord1903
ord3164
ord4261
ord4232
ord1402
ord5915
ord6725
ord1545
ord572
ord3317
ord2991
ord5214
ord4240
ord1591
ord2095
ord741
ord3684
ord3210
ord1934
ord3161
ord1280
ord1279
ord5637
ord2367
ord2372
ord587
ord266
ord265
ord4115
ord1929
ord4951
ord589
ord5613
ord330
ord1063
ord6255
ord1009
ord326
ord2075
ord6067
ord4035
ord753
ord347
ord563
ord602
ord5833
ord4001
ord4123
ord5641
ord502
ord5731
ord3302
ord5634
ord762
ord2168
ord5807
ord2164
ord2657
ord4320
ord6090
ord6283
ord5805
ord4125
ord6065
ord1425
ord709
ord501
ord3552
ord718
ord784
ord516
ord4720
ord5211
ord4736
ord4190
ord4844
ord4867
ord4617
ord4797
ord5070
ord5072
ord5071
ord6747
ord3928
ord1793
ord1873
ord1892
ord4318
ord1482
ord6236
ord3667
ord1791
ord1881
ord1790
ord1880
ord3229
ord4237
ord1570
ord1484
ord1933
ord6266
ord1397
ord657
ord3167
ord2941
ord2407
ord2412
ord2389
ord922
ord4233
ord1546
ord2087
ord4096
ord4508
ord3171
ord4234
ord1547
ord2089
ord4098
ord1483
ord1931
ord591
ord2494
ord781
ord2662
ord630
ord3088
ord2021
ord385
ord1405
ord5744
ord3163
ord4243
ord1594
ord1650
ord748
ord3583
ord3676
ord1091
ord2368
ord3244
ord2094
ord4100
ord1955
ord2371
ord3997
ord5563
ord2271
ord304
ord2264
ord5642
ord2055
ord332
ord3255
ord1181
ord5320
ord2346
ord6286
ord1564
ord2938
ord651
ord416
ord1580
ord5331
ord6297
ord1283
ord1966
ord4109
ord2272
ord6037
ord3406
ord6144
ord3990
ord907
ord911
ord2322
ord3204
ord2131
ord297
ord3401
ord5403
ord2468
ord1123
ord3230
ord2958
ord4238
ord2092
ord658
ord2370
ord3489
ord2873
ord4761
ord2527
ord4888
ord3651
ord2883
ord586
ord322
ord3160
ord925
ord1436
ord5362
ord5649
ord4813
ord4866
ord4745
ord4289
ord4248
ord1494
ord5365
ord5665
ord4166
ord2899
ord3553
ord721
ord980
ord524
ord4272
ord1521
ord1489
ord1582
ord2036
ord1327
ord5702
ord3070
ord4319
ord2428
ord4280
ord6120
ord4583
ord3668
ord5866
ord3879
ord340
ord4273
ord5167
ord1361
ord3344
ord5151
ord4239
ord3974
ord4861
ord4864
ord4379
ord4384
ord4381
ord4399
ord4401
ord4386
ord4777
ord4591
ord4181
ord4172
ord4980
ord4387
ord4781
ord4204
ord4790
ord4443
ord4444
ord2093
ord596
ord3490
ord3875
ord4306
ord2866
ord3085
ord2430
ord4352
ord3652
ord5873
ord635
ord751
ord740
ord3207
ord4265
ord5165
ord4277
ord1306
ord2173
ord5205
ord5148
ord3945
ord1557
ord4019
ord2424
ord2425
ord2992
ord5356
ord943
ord4904
ord2939
ord4135
ord5012
ord5009
ord2615
ord1913
ord2246
ord5705
ord3076
ord4299
ord3803
ord1122
ord744
ord555
ord4342
ord552
ord562
ord395
ord2019
ord333
ord5795
ord2022
ord391
ord2617
ord3648
ord1395
ord3883
ord5868
ord5173
ord3588
ord2867
ord3991
ord3799
ord5420
ord3681
ord3304
ord730
ord3465
ord6765
ord393
ord1556
ord5174
ord1360
ord5204
ord5914
ord6764
ord4860
ord4863
ord4776
ord4178
ord4171
ord4388
ord3740
ord2419
ord2420
ord2421
ord2418
ord2417
ord4935
ord3694
ord4587
ord3357
ord5991
ord3369
ord4298
ord3647
ord4118
ord4749
ord1207
ord5715
ord4104
ord2321
ord3683
ord4541
ord757
ord745
ord2248
ord3830
ord1100
ord557
ord566
ord3333
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3337
ord2475
ord4648
ord4353
ord631
ord2755
ord3931
ord2288
ord2280
ord386
ord1115
ord2751
ord6281
ord760
ord1161
ord5640
ord3215
ord1559
ord1638
ord643
ord4213
ord2801
ord746
ord2286
ord1006
ord5447
ord558
ord1005
ord1554
ord865
ord3195
ord620
ord3172
ord1548
ord1636
ord592
ord3878
ord528
ord3328
ord2987
ord754
ord1774
ord5751
ord5993
ord1412
ord2496
ord2663
ord1856
ord908
ord4108
ord5529
ord1275
ord1544
ord578
ord912
ord3641
ord1794
ord5182
ord4212
ord4735
ord4890
ord2020
ord1671
ord1670
ord1551
ord6724
ord5912
ord1620
ord1617
ord3946
ord1401
ord4244
ord5152
ord1908
ord5073
ord6275
ord4185
ord5203
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394

msvcr80

rand
isspace
srand
fread
fwrite
fprintf
fopen
fgets
strtoul
sprintf
strncpy
strchr
malloc
_setmbcp
_stricmp
_strnicmp
_itoa
free
_except_handler4_common
?terminate@@YAXXZ
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
fclose
_controlfp_s
__CxxFrameHandler3
_mbsnbcpy
memset
_purecall
_invalid_parameter_noinfo
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
strftime
_localtime64_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
strstr
_mbsstr
memcpy
atol
strrchr
memmove_s
_mbschr
vsprintf_s
toupper
_time64
strncpy_s
isdigit

kernel32

GlobalLock
FreeLibrary
GetWindowsDirectoryA
WinExec
lstrcatA
GetVersionExA
MulDiv
CreateDirectoryA
GetModuleFileNameA
Sleep
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
GetPrivateProfileStringA
InterlockedDecrement
GlobalUnlock
SizeofResource
GetPrivateProfileIntA
WritePrivateProfileStringA
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GlobalFree
lstrcpyA
FindResourceA
LoadResource
LockResource
GlobalAlloc
GlobalReAlloc
CloseHandle
SetLastError
GetProcAddress
GetModuleHandleA
InterlockedExchange
MultiByteToWideChar
WideCharToMultiByte
GetLastError
lstrlenA
GetACP
GetLocaleInfoA
GetThreadLocale
GetTickCount
LoadLibraryA
LocalFree

user32

SetForegroundWindow
UnregisterHotKey
RegisterHotKey
GetDoubleClickTime
DrawFrameControl
GetCursor
EnableMenuItem
SetRect
GetKeyState
DrawFocusRect
MessageBeep
SetWindowLongA
LoadCursorA
CopyIcon
IsWindow
RedrawWindow
SetClipboardData
CloseClipboard
GetDesktopWindow
OpenClipboard
GetFocus
ReleaseDC
DrawTextA
SystemParametersInfoA
ModifyMenuA
GetMenuState
GetMenuItemID
GetMenuItemCount
AppendMenuA
GetTabbedTextExtentA
LoadBitmapA
GetClassLongA
SetClassLongA
SetWindowRgn
BringWindowToTop
InsertMenuA
DeleteMenu
UpdateWindow
PostMessageA
GetWindow
ReleaseCapture
SetCapture
CreatePopupMenu
CopyImage
LoadIconA
GetSystemMetrics
IsIconic
DrawIcon
ScreenToClient
LockWindowUpdate
GetCursorPos
PtInRect
EnableWindow
SetTimer
KillTimer
SendMessageA
DrawStateA
CopyRect
InflateRect
OffsetRect
FillRect
FrameRect
GetWindowRect
GetClientRect
ClientToScreen
GetDC
InvalidateRect
GetActiveWindow
GetNextDlgTabItem
DestroyMenu
GetParent
WindowFromPoint
GetWindowLongA
DestroyIcon
SetCursor
TrackPopupMenuEx
GetSubMenu
GetIconInfo
GetSysColor
LoadImageA
DestroyCursor
LoadMenuA
GetCapture

gdi32

CreateRectRgnIndirect
GetDeviceCaps
GetTextMetricsA
CreateFontIndirectA
CreateSolidBrush
CreateRoundRectRgn
GetObjectA
StretchBlt
CreateBitmap
SetBkColor
SetTextColor
DeleteDC
GetStockObject
DeleteObject
GetTextExtentPoint32A
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
Rectangle

advapi32

RegQueryValueA
RegOpenKeyExA
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteA
ShellExecuteExA

comctl32

_TrackMouseEvent
ImageList_GetIconSize
ImageList_DrawEx

ole32

CreateStreamOnHGlobal

oleaut32

VariantClear
SysAllocString
SysFreeString

ws2_32

inet_addr
closesocket
connect
inet_ntoa
WSAAsyncGetHostByName
htons
gethostbyname
send
ntohs
recv
getsockname
ntohl
listen
WSAGetLastError
shutdown
sendto
recvfrom
WSAStartup
htonl

gdiplus

GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipDrawImageI
GdipDrawImageRectRectI
GdipFillPath
GdipDrawRectangleI
GdipCreateFromHDC
GdipCreatePathGradientFromPath
GdipAddPathRectangleI
GdipSetImageAttributesColorKeys
GdipCreateFont
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipSetPathGradientSurroundColorsWithCount
GdipGetPathGradientPointCount
GdipSetPathGradientCenterColor
GdipDeletePath
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipDrawString
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHICON
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteStringFormat
GdipCreateStringFormat
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectI
GdipBitmapGetPixel
GdipGetImageHeight
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipCloneBrush
GdipCreatePath

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

�Sd
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6af76e1e50ad50828b348f60ab891f1

Headers

File Characteristics

Imports

winmm

libdb50

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

ws2_32

gdiplus

msvcp80

Sections

.text Size: 276KB - Virtual size: 274KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 200KB - Virtual size: 196KB

�Sd Size: 92KB - Virtual size: 92KB

.text
Size: 276KB - Virtual size: 274KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 200KB - Virtual size: 196KB

�Sd
Size: 92KB - Virtual size: 92KB