3d199880038232fb121ab454546e4bbf4bc0e1040793e73b6364e86225bdb7b9

Sharing

Copy URL Twitter E-mail

General

Target

3d199880038232fb121ab454546e4bbf4bc0e1040793e73b6364e86225bdb7b9
Size

844KB
MD5

6a9e10931cb1510beb7f310507a7c68a
SHA1

c55cabe9dc1bc644892249e03f3bbc471f785394
SHA256

3d199880038232fb121ab454546e4bbf4bc0e1040793e73b6364e86225bdb7b9
SHA512

df18224537e12d7486e35865c82cb0a1a1c2c6ddf153a028704863a26a6789d6bc1931cb4eb472183c0450f6958a63d2622aa4e5cda9e69fa3fb548339b034cb
SSDEEP

24576:7spfQcPCIoKi16Uo//B2b+m+UGZKv7Ri/unD2sH0C5ASzdVRrem4/WzHprzC7mAw:OPri11n+mQLmn

Score

N/A

Malware Config

Signatures

Files

3d199880038232fb121ab454546e4bbf4bc0e1040793e73b6364e86225bdb7b9
.exe windows x86

70ecafd034130e62507df5b85e5b5814

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdipCreateCachedBitmap
GdipDisposeImage
GdipDrawCachedBitmap
GdipDeleteGraphics
GdipDeleteCachedBitmap
GdipFree
GdipCreateFromHDC
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipCloneImage
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipGetImageWidth
GdipGetImageHeight

hpqlvsr

??0CLiveSearch@@QAE@XZ
?Search@CLiveSearch@@QAE?AW4HVS_RET_VAL@@UONLINE_SEARCH_ATTRIBUTES@@AAV?$vector@UONLINE_RESULT_SET@@V?$allocator@UONLINE_RESULT_SET@@@std@@@std@@@Z
??1CLiveSearch@@QAE@XZ

hpqchmsr

?SetSearchCHMSet@CCHMSearch@@QAE_NAAUCHM_PATH_INFO@@PAUCHM_INFO@@@Z
?GetCHMTitle@CCHMSearch@@QAEXAAUCHMTitleInformation@@@Z
?Search@CCHMSearch@@QAE_NUSEARCH_ATTRIBUTES@@AAV?$vector@URESULTS_SET@@V?$allocator@URESULTS_SET@@@std@@@std@@@Z
??1CCHMSearch@@QAE@XZ
??0CCHMSearch@@QAE@XZ

comctl32

ImageList_GetImageCount
ImageList_Add
ImageList_GetIcon
InitCommonControlsEx
ImageList_Destroy
ImageList_Create
ImageList_Draw
_TrackMouseEvent
ImageList_GetIconSize
ImageList_LoadImageW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

atl90

ord47
ord48
ord54
ord10
ord11
ord31
ord37
ord58
ord60
ord64
ord61
ord23
ord44
ord43
ord42
ord49
ord56
ord68
ord30

kernel32

InitializeCriticalSection
DeleteCriticalSection
GetWindowsDirectoryW
GetTempPathW
FreeLibrary
GetProcAddress
LoadLibraryW
CreateFileW
FindResourceExW
lstrlenA
GetLocalTime
GetUserDefaultLangID
GetSystemDefaultLangID
GetVersionExW
MultiByteToWideChar
LeaveCriticalSection
WriteFile
SetFilePointer
EnterCriticalSection
lstrlenW
GetModuleHandleW
RaiseException
lstrcpyW
ReadFile
GetFileSize
WideCharToMultiByte
FindNextFileW
CreateThread
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetModuleFileNameW
GetTempFileNameW
Sleep
MulDiv
lstrcpynW
FlushInstructionCache
GetCurrentProcess
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeW
SetNamedPipeHandleState
WaitNamedPipeW
CreateEventW
ExitProcess
GetCurrentThreadId
lstrcpynA
GetCurrentProcessId
lstrcmpW
InterlockedIncrement
InterlockedDecrement
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
GetPrivateProfileIntW
WritePrivateProfileStringW
GlobalFree
TerminateThread
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
LoadResource
LockResource
SizeofResource
FindResourceW
FindClose
CreateDirectoryW
CreateProcessW
WaitForSingleObject
CloseHandle
FindFirstFileW
DeleteFileW
InterlockedExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetLastError
IsDebuggerPresent

user32

SetForegroundWindow
TranslateAcceleratorW
IsIconic
UnregisterClassA
SetScrollPos
DrawFocusRect
GetMenu
DialogBoxParamW
KillTimer
GetDlgCtrlID
SetTimer
GetDlgItem
GetDlgItemTextW
EnableWindow
SetWindowTextW
SetWindowContextHelpId
SetDlgItemTextW
IsZoomed
LoadBitmapW
WindowFromDC
LoadIconW
SetWindowRgn
GetMenuState
CheckMenuItem
MessageBoxW
EndDialog
SendDlgItemMessageW
EnableMenuItem
AppendMenuW
TrackPopupMenu
MonitorFromWindow
OpenClipboard
SetParent
GetCursorPos
GetClipboardData
CloseClipboard
SetRect
AdjustWindowRectEx
SetScrollRange
DestroyWindow
MapDialogRect
GetWindow
GetClassNameW
DrawFrameControl
ModifyMenuW
MonitorFromPoint
GetMonitorInfoW
TrackPopupMenuEx
DrawEdge
SetRectEmpty
MapWindowPoints
GetSubMenu
CallNextHookEx
IsMenu
RegisterWindowMessageW
GetSysColorBrush
FrameRect
GetKeyState
GetWindowThreadProcessId
GetMenuItemCount
CharLowerW
IsWindowVisible
IsWindowEnabled
GetFocus
MessageBeep
PostMessageW
UnhookWindowsHookEx
SetWindowsHookExW
LoadStringA
PostQuitMessage
DestroyMenu
DrawIconEx
GetSystemMetrics
SystemParametersInfoW
PtInRect
UpdateWindow
GetMessagePos
EndPaint
BeginPaint
wvsprintfW
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
LoadStringW
LoadMenuW
LoadAcceleratorsW
SetFocus
ShowWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DrawTextW
FillRect
CreateWindowExW
CallWindowProcW
DefWindowProcW
OffsetRect
CopyRect
ReleaseDC
SetWindowPos
IsWindow
GetParent
SetCapture
RedrawWindow
InvalidateRect
ScreenToClient
ClientToScreen
GetClientRect
GetWindowTextLengthW
GetWindowTextW
DrawStateW
SendMessageW
InflateRect
IntersectRect
SetWindowLongW
GetWindowRect
MoveWindow
WindowFromPoint
GetWindowLongW
GetDC
GetActiveWindow
GetCapture
ReleaseCapture
SetCursor
GetIconInfo
LoadImageW
GetSysColor
DestroyCursor
LoadCursorW
GetClassInfoExW
LoadCursorA
GetClassInfoExA
RegisterClassExW
RegisterClassExA
CharNextW
UnregisterClassW
GetWindowDC

advapi32

RegCloseKey
RegOpenKeyW
IsTextUnicode
RegOpenKeyExW
RegQueryValueExW

ole32

CoCreateInstance
StringFromCLSID
CoUninitialize
CLSIDFromProgID
CreateStreamOnHGlobal
CoInitialize

shell32

ShellExecuteW
SHGetFolderPathW

oleaut32

SysAllocStringByteLen
DispCallFunc
LoadTypeLi
LoadRegTypeLi
VariantCopy
RegisterTypeLi
UnRegisterTypeLi
VarBstrCat
SysStringByteLen
SysFreeString
SysStringLen
SysAllocStringLen
VariantChangeType
VariantInit
VariantClear
SysAllocString

shlwapi

PathFileExistsW

gdi32

CreateRectRgn
GetClipBox
CreateRectRgnIndirect
SetRectRgn
CombineRgn
ExtTextOutW
SetTextColor
CreateBitmap
CreateCompatibleDC
SetBkColor
BitBlt
DeleteDC
GetObjectW
GetStockObject
GetDeviceCaps
SelectObject
DeleteObject
MoveToEx
LineTo
RoundRect
AddFontResourceExW
RemoveFontResourceExW
TextOutW
CreateRoundRectRgn
EnumFontFamiliesW
SelectClipRgn
Rectangle
CreateFontW
CreatePen
CreateDIBSection
SetBrushOrgEx
CreateFontIndirectW
PatBlt
CreatePatternBrush
CreateSolidBrush
SetBkMode
CreateCompatibleBitmap

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr90

??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_wassert
??2@YAPAXI@Z
_purecall
swprintf_s
sprintf_s
_recalloc
??_V@YAXPAX@Z
memcmp
wcsncpy_s
_vscwprintf
wcsstr
__RTtypeid
_ltow_s
wcscat_s
wcscpy_s
wcslen
memcpy_s
memmove_s
calloc
free
wcsrchr
_wcsicmp
_CxxThrowException
memset
__CxxFrameHandler3
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBDH@Z
??8type_info@@QBE_NABV0@@Z
malloc
vswprintf_s
fclose
fprintf
_wfopen_s
_swprintf
??0exception@std@@QAE@ABQBD@Z
isalnum
iswspace
_wcslwr_s
wcscmp
wcschr
_wtoi
isdigit
_wtol
_stat64i32
fread
printf
labs
wcsnlen
wcstok_s
wcsncpy
wcscat
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
_except_handler4_common
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invalid_parameter_noinfo

Exports

Exports

??4CCHMSearch@@QAEAAV0@ABV0@@Z
??4CLiveSearch@@QAEAAV0@ABV0@@Z

Sections

.text
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

70ecafd034130e62507df5b85e5b5814

Headers

DLL Characteristics

File Characteristics

Imports

gdiplus

hpqlvsr

hpqchmsr

comctl32

version

atl90

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

msvcp90

msvcr90

Exports

Exports

Sections

.text Size: 550KB - Virtual size: 550KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 9KB - Virtual size: 10KB

.rsrc Size: 133KB - Virtual size: 132KB

.rrdata Size: 28KB - Virtual size: 28KB

.text
Size: 550KB - Virtual size: 550KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 9KB - Virtual size: 10KB

.rsrc
Size: 133KB - Virtual size: 132KB

.rrdata
Size: 28KB - Virtual size: 28KB