689f611865f62d8a7c7fb0c35ffa15514d5a969af011749b62b6afb3a9fb2095

Sharing

Copy URL

Twitter E-mail

General

Target

689f611865f62d8a7c7fb0c35ffa15514d5a969af011749b62b6afb3a9fb2095
Size

472KB
MD5

5b24363cedfab3dce964ce54e668648d
SHA1

3fc83f3425a8cb2e12e85413cf702908962a55e9
SHA256

689f611865f62d8a7c7fb0c35ffa15514d5a969af011749b62b6afb3a9fb2095
SHA512

093198678362b0ea3accaaf3b6e7df3094e264bc79481d8e7a6266ff0aa12cc6dda672e845e71d3b03762e8403e22c738ae95c7595fbff78d7d22d5ced772512
SSDEEP

12288:/1cZB/UVAbSvhPi+IYHSOLvkV7tyMldPUHj:/1m0vhK+IYHSODkV7tysqj

Score

N/A

Malware Config

Signatures

Files

689f611865f62d8a7c7fb0c35ffa15514d5a969af011749b62b6afb3a9fb2095
.exe windows x86

5f3bb65252b3c521829da38306a87b30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

multinets

?StartConnectThread@@YGHAAVCString@@I@Z
?InitSocket@@YGXXZ

mfc42

ord6055
ord1776
ord4396
ord5290
ord2446
ord3402
ord4424
ord3574
ord693
ord609
ord2097
ord567
ord2302
ord3996
ord2862
ord4299
ord6453
ord6907
ord3998
ord3425
ord3880
ord3810
ord3721
ord795
ord2301
ord2642
ord4204
ord6283
ord6282
ord6380
ord2379
ord1168
ord5981
ord755
ord470
ord3337
ord3811
ord6199
ord6639
ord2293
ord2366
ord922
ord835
ord1770
ord857
ord6007
ord3286
ord2448
ord5834
ord2044
ord2086
ord4275
ord3874
ord6880
ord1200
ord926
ord6662
ord3500
ord3698
ord765
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord2649
ord1665
ord4436
ord5252
ord4427
ord773
ord674
ord501
ord366
ord4457
ord2092
ord5484
ord5607
ord4160
ord4499
ord932
ord5216
ord5282
ord4590
ord4907
ord2029
ord2077
ord1083
ord6385
ord5861
ord6779
ord1106
ord5810
ord5481
ord2031
ord5796
ord5478
ord1971
ord966
ord3570
ord605
ord278
ord3780
ord5480
ord1871
ord6270
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5715
ord4622
ord817
ord565
ord2841
ord2726
ord4226
ord5289
ord1737
ord1138
ord2107
ord5821
ord3662
ord802
ord5601
ord414
ord542
ord713
ord6569
ord3319
ord5622
ord859
ord2575
ord815
ord4274
ord2820
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord561
ord6117
ord2621
ord1134
ord1247
ord2725
ord5442
ord2827
ord2566
ord3706
ord816
ord562
ord2393
ord5465
ord654
ord341
ord5858
ord6140
ord3318
ord5608
ord700
ord398
ord913
ord5594
ord4189
ord1105
ord5311
ord690
ord3215
ord389
ord2139
ord5922
ord861
ord5860
ord2408
ord2096
ord1175
ord2864
ord2405
ord5785
ord323
ord1640
ord6194
ord640
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5789
ord5873
ord6172
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord2614
ord5788
ord2567
ord5683
ord2763
ord5875
ord3693
ord3573
ord3571
ord2859
ord5606
ord2863
ord4083
ord6142
ord2438
ord3654
ord2584
ord4220
ord1862
ord500
ord3701
ord772
ord686
ord384
ord6394
ord5450
ord6383
ord5440
ord4919
ord3640
ord3370
ord4402
ord2582
ord928
ord836
ord5934
ord6215
ord6379
ord6197
ord1601
ord2814
ord920
ord6334
ord4224
ord2370
ord2289
ord2915
ord5859
ord3092
ord4376
ord4853
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord5265
ord354
ord5186
ord1979
ord665
ord924
ord5710
ord533
ord6153
ord6663
ord4278
ord6877
ord5194
ord798
ord6010
ord6407
ord1997
ord3790
ord6930
ord2781
ord4058
ord3181
ord3178
ord356
ord2770
ord1980
ord668
ord6883
ord1622
ord541
ord6143
ord801
ord1195
ord2753
ord2452
ord536
ord4202
ord4297
ord4133
ord5787
ord941
ord939
ord2919
ord5572
ord1146
ord1644
ord554
ord2120
ord4163
ord2012
ord2920
ord807
ord823
ord523
ord791
ord3717
ord967
ord1995
ord5479
ord5797
ord4975
ord4863
ord4335
ord4447
ord4411
ord2032
ord5482
ord5811
ord4779
ord5308
ord2764
ord4129
ord4277
ord2818
ord3663
ord2414
ord3626
ord1641
ord3619
ord1158
ord537
ord940
ord5856
ord858
ord535
ord825
ord860
ord800
ord540
ord6141
ord539
ord5600
ord1576

msvcrt

memcpy
_setmbcp
_controlfp
??1type_info@@UAE@XZ
__set_app_type
_stricmp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
wprintf
_strnicmp
_CxxThrowException
_endthreadex
_beginthreadex
__p__fmode
fwrite
fflush
fclose
strchr
_local_unwind2
__p___argc
__p___argv
_except_handler3
strrchr
strtoul
_mbsrchr
_strupr
_mbsstr
strstr
ceil
atof
exit
printf
sprintf
isdigit
realloc
_mbsicmp
memmove
_ftol
wcslen
wcscpy
malloc
free
atol
atoi
_mbscmp
__CxxFrameHandler
fopen

kernel32

GetStartupInfoA
InterlockedDecrement
GetLogicalDriveStringsA
GetDiskFreeSpaceA
HeapAlloc
HeapFree
GetProcessHeap
WriteFile
GlobalMemoryStatus
GetLocalTime
GetUserDefaultLangID
GetOverlappedResult
GetFileAttributesA
LoadLibraryExW
LoadLibraryW
VirtualProtectEx
WriteProcessMemory
CreateRemoteThread
GetWindowsDirectoryA
WaitForMultipleObjects
GetSystemTime
LocalAlloc
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
ProcessIdToSessionId
Module32First
Module32Next
LocalFree
EnterCriticalSection
LeaveCriticalSection
CreateFileMappingA
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
GetLongPathNameA
CreateEventA
GetShortPathNameA
GlobalDeleteAtom
CreateMutexA
GetDriveTypeA
SetCurrentDirectoryA
OpenMutexA
GetExitCodeProcess
ResumeThread
CreateProcessA
SetFileAttributesA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetCurrentThreadId
SizeofResource
GlobalFindAtomA
GlobalAddAtomA
MoveFileA
SetEvent
OpenEventA
FindNextFileA
GetModuleFileNameA
FindClose
FindFirstFileA
Beep
SetThreadPriority
OpenFileMappingA
MapViewOfFile
GetCurrentProcessId
UnmapViewOfFile
ReleaseMutex
WinExec
lstrcatA
OutputDebugStringA
SetLocalTime
LoadLibraryA
FreeLibrary
Sleep
CreateFileA
DeviceIoControl
OpenProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetProcAddress
lstrcpyA
CloseHandle
DeleteFileA
MoveFileExA
RemoveDirectoryA
GetVolumeInformationA
CreateDirectoryA
CopyFileA
GetLastError
GetSystemDirectoryA
GetPrivateProfileStringA
CreateThread
GetExitCodeThread
WaitForSingleObject
TerminateThread
lstrcmpiA
FindResourceA
LoadResource
LockResource
GetCPInfo
lstrlenW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetVersion
GetVersionExA

user32

IsWindow
SetCursor
PtInRect
ReleaseCapture
RedrawWindow
SetCapture
InvalidateRect
SetCursorPos
GetNextDlgTabItem
GetTopWindow
GetWindow
IntersectRect
RegisterHotKey
GetMessageA
DispatchMessageA
TranslateMessage
GetParent
GetClassNameA
IsIconic
DrawIcon
LoadIconA
BringWindowToTop
SetTimer
ExitWindowsEx
GetForegroundWindow
SetWindowRgn
FindWindowExA
MsgWaitForMultipleObjects
PeekMessageA
FindWindowA
UnregisterHotKey
SetForegroundWindow
PostQuitMessage
PostThreadMessageA
RegisterWindowMessageA
GetCursorPos
SetMenuDefaultItem
UpdateWindow
SetRect
DrawEdge
FillRect
CopyRect
GetSysColor
SystemParametersInfoA
DestroyIcon
DrawIconEx
ReleaseDC
DrawTextA
GetDC
GetDesktopWindow
GetSystemMetrics
AppendMenuA
GetMenuItemCount
ModifyMenuA
GetMenuState
EqualRect
CloseWindowStation
CloseDesktop
SwitchDesktop
OpenDesktopA
GetThreadDesktop
SetThreadDesktop
GetUserObjectInformationA
ClipCursor
MessageBoxA
GetClientRect
GetWindowRect
KillTimer
IsWindowVisible
GetWindowThreadProcessId
GetWindowTextA
EnumWindows
EnableWindow
SendMessageA
PostMessageA
GrayStringA
GetSubMenu
TabbedTextOutA
DeleteMenu
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuItemInfoA
OpenInputDesktop

gdi32

GetSystemPaletteEntries
CreateRoundRectRgn
CreateRectRgn
CreatePolygonRgn
CombineRgn
FillRgn
FrameRgn
GetStockObject
CreateFontIndirectA
GetObjectA
GetDeviceCaps
GetBkMode
CreatePen
CreateSolidBrush
CreateCompatibleDC
BitBlt
CreateCompatibleBitmap
GetTextExtentPoint32W
GetTextExtentPoint32A
Ellipse
DeleteDC
DeleteObject
SelectObject
CreateDIBSection
SetPixel
GetPixel
PatBlt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape

advapi32

RegUnLoadKeyA
RegQueryValueExA
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
OpenSCManagerA
StartServiceA
OpenServiceA
CreateServiceA
DeleteService
ControlService
RegQueryValueA
RegDeleteKeyA
LookupAccountSidA
GetTokenInformation
QueryServiceStatus
RegSetValueExA
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetUserNameA
RegEnumKeyExA
RegNotifyChangeKeyValue
RegDeleteValueA
RegCreateKeyExA
RegEnumValueA
RegCloseKey
RegLoadKeyA
DuplicateTokenEx
CreateProcessAsUserW
CreateProcessAsUserA

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

comctl32

ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_SetOverlayImage

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeSecurity

oleaut32

SysAllocString
VariantChangeType
VariantClear
VariantTimeToSystemTime
SysFreeString
SafeArrayGetElement
VariantInit
SafeArrayGetLBound
SafeArrayGetUBound

wsock32

WSAGetLastError
setsockopt
inet_addr
WSACleanup
gethostbyaddr
sendto
recvfrom
closesocket
WSAStartup
inet_ntoa
htons
ioctlsocket
gethostname
gethostbyname

iphlpapi

SendARP

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiOpenClassRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA
SetupDiDestroyDeviceInfoList

msvcirt

?cout@@3Vostream_withassign@@A
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@H@Z
?endl@@YAAAVostream@@AAV1@@Z

bmpdialogctrl

?DoDataExchange@CJBmpDialog@@MAEXPAVCDataExchange@@@Z
?OnSize@CJBmpDialog@@IAEXIHH@Z
?OnCtlColor@CJBmpDialog@@IAEPAUHBRUSH__@@PAVCDC@@PAVCWnd@@I@Z
?OnPaint@CJBmpDialog@@IAEXXZ
??0CFlatEdit@@QAE@XZ
??1CFlatEdit@@UAE@XZ
??0CBmpComb@@QAE@XZ
??1CBmpComb@@UAE@XZ
?OnInitDialog@CJBmpDialog@@MAEHXZ
?messageMap@CJBmpDialog@@1UAFX_MSGMAP@@B
?SetWindowTextA@CJBmpDialog@@MAEXPBD@Z
??1CJBmpDialog@@UAE@XZ
??0CJBmpDialog@@QAE@HPAVCWnd@@@Z
?DestroyWindow@CJBmpDialog@@UAEHXZ
?PreTranslateMessage@CJBmpDialog@@MAEHPAUtagMSG@@@Z
?GetWindowTextA@CJBmpDialog@@MAEHPADH@Z

winmm

mixerClose
mixerGetLineInfoA
mixerOpen
mixerGetLineControlsA
auxSetVolume
midiOutSetVolume
waveOutReset
mixerGetControlDetailsA
waveOutGetVolume
mixerSetControlDetails
waveOutSetVolume

sjdll

ord1

aszipx

AS_CompressEx

ws2_32

WSASocketA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f3bb65252b3c521829da38306a87b30

Headers

File Characteristics

Imports

multinets

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

wsock32

iphlpapi

setupapi

msvcirt

bmpdialogctrl

winmm

sjdll

aszipx

ws2_32

version

msvcp60

Sections

.text Size: 324KB - Virtual size: 320KB

.rdata Size: 64KB - Virtual size: 61KB

.data Size: 32KB - Virtual size: 36KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 324KB - Virtual size: 320KB

.rdata
Size: 64KB - Virtual size: 61KB

.data
Size: 32KB - Virtual size: 36KB

.rsrc
Size: 48KB - Virtual size: 45KB