d1b25de4b554e55f08a639c6a7b48be62da623c1a8c902fad17a85d6574dea99

Sharing

Copy URL

Twitter E-mail

General

Target

d1b25de4b554e55f08a639c6a7b48be62da623c1a8c902fad17a85d6574dea99
Size

909KB
MD5

47ac6a258783665f7ef718adb0461740
SHA1

32110ec171bbdf9a2f92f5b2f405c0c8fa65befb
SHA256

d1b25de4b554e55f08a639c6a7b48be62da623c1a8c902fad17a85d6574dea99
SHA512

90a8266a91fc45c33da2b05500973d9d75ad5e92f2ef74c4afe512c17c443f5c5ee2526d800b48893df945e56fe45251640dffcd6b1a91cede22fdb2176ab38d
SSDEEP

24576:oeXvIg/EcZ6nM22/TMcIJ7pMUbvX3MfzZpH1YsOLN:oeXjtflveN

Score

N/A

Malware Config

Signatures

Files

d1b25de4b554e55f08a639c6a7b48be62da623c1a8c902fad17a85d6574dea99
.exe windows x86

3e9c3430421df83703d8443bd41a0687

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

i18nu

?GetItem@CUResBundle@I18N@@QAE_NPB_WAAV?$TUString@_W@2@@Z
?Open@CUResBundle@I18N@@QAE_NPB_W0ABULOCALE@2@@Z
?GetResFilePath@CUResBundle@I18N@@QAE?BV?$TUString@_W@2@XZ
?_free_memory@I18N@@YAXPAX@Z
??0CUResBundle@I18N@@QAE@XZ
??1CUResBundle@I18N@@QAE@XZ

mfc80u

ord2534
ord3940
ord5705
ord2856
ord1608
ord1586
ord2708
ord1611
ord530
ord4301
ord5911
ord722
ord2829
ord6721
ord1086
ord6293
ord2725
ord5633
ord502
ord5327
ord2531
ord3497
ord5196
ord1590
ord6700
ord6058
ord1646
ord2366
ord1461
ord1647
ord2471
ord1176
ord4094
ord4035
ord2085
ord1353
ord3339
ord6275
ord3238
ord1925
ord3796
ord6273
ord416
ord1513
ord3281
ord2163
ord562
ord2169
ord751
ord2399
ord3174
ord651
ord2381
ord1178
ord2379
ord5715
ord762
ord1058
ord5917
ord2397
ord6140
ord6271
ord5148
ord4226
ord5210
ord1536
ord4945
ord4642
ord2077
ord3756
ord2985
ord5829
ord326
ord760
ord572
ord330
ord589
ord587
ord563
ord5609
ord753
ord1894
ord3678
ord3158
ord1955
ord5171
ord4109
ord4961
ord2460
ord5398
ord282
ord1479
ord3176
ord4256
ord5199
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord354
ord605
ord2086
ord1582
ord4234
ord3311
ord1785
ord3635
ord4574
ord6063
ord741
ord715
ord1388
ord6262
ord1924
ord1475
ord4093
ord2082
ord4119
ord1561
ord4231
ord3223
ord287
ord657
ord6086
ord2155
ord3435
ord1634
ord1572
ord3286
ord6161
ord578
ord5399
ord2463
ord3826
ord5378
ord6215
ord3824
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord1117
ord1096
ord1049
ord4535
ord3677
ord566
ord757
ord730
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord2239
ord5222
ord5220
ord2925
ord1911
ord4101
ord3298
ord6232
ord1883
ord4098
ord5558
ord900
ord501
ord709
ord2651
ord4743
ord5987
ord3995
ord297
ord2462
ord310
ord1476
ord3590
ord1156
ord2461
ord5484
ord3842
ord1906
ord777
ord860
ord631
ord386
ord2279
ord2271
ord1431
ord3925
ord2742
ord1908
ord5485
ord6015
ord1920
ord1393
ord2640
ord4117
ord280
ord277
ord4238
ord2527
ord283
ord896
ord1899
ord3712
ord2066
ord5067
ord3713
ord3198
ord776
ord1270
ord899
ord3703
ord1244
ord5636
ord4179
ord2638
ord1472
ord3943
ord894
ord4480
ord5710
ord5637
ord2260
ord4255
ord5316
ord1172
ord6749
ord2121
ord577
ord2261
ord6282
ord3157
ord293
ord5524
ord1113
ord3204
ord774
ord4074
ord3397
ord6033
ord4100
ord4716
ord2254
ord4276
ord3289
ord5723
ord2932
ord3990
ord1591
ord5956
ord5231
ord2361
ord5229
ord920
ord2311
ord1946
ord2521
ord925
ord5607
ord929
ord3249
ord1274
ord6056
ord927
ord6001
ord5604
ord931
ord3946
ord3155
ord6050
ord2384
ord2365
ord4155
ord2404
ord1959
ord5440
ord6053
ord2388
ord1271
ord1118
ord5884
ord2394
ord6751
ord5638
ord2392
ord265
ord5643
ord2390
ord266
ord5519
ord2407
ord1079
ord5584
ord2402
ord602
ord5410
ord2386
ord1555
ord347
ord5397
ord2409
ord5727
ord764
ord1198
ord5989
ord909

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_getpid
strncpy_s
fwrite
calloc
_recalloc
_wtoi
wcsftime
_vsnwprintf_s
isprint
_wsplitpath_s
_wmkdir
_wstat64
wcsrchr
vswprintf_s
wcsncat
_vscwprintf
iswspace
wcsstr
_wfopen_s
rand
feof
_CxxThrowException
_errno
memmove
_beginthreadex
_strnicmp
memset
memcpy
strstr
strchr
strncmp
isalnum
isalpha
tolower
isspace
fclose
_vsnprintf_s
atoi
fprintf
fputc
ferror
fseek
ftell
fread
_wfopen
__CxxFrameHandler3
_purecall
swscanf_s
wcscat_s
wcsncpy_s
wcscpy_s
sprintf_s
__iob_func
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
_time64
wcsncpy
memcpy_s
__RTDynamicCast
memmove_s
free
malloc
_localtime64_s

kernel32

ReleaseMutex
LCMapStringW
GetCurrentProcessId
QueryPerformanceFrequency
ReadFile
FindClose
DeleteCriticalSection
FindFirstFileW
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryW
GetProcessTimes
GetCurrentProcess
VirtualQuery
SetFilePointer
GetSystemTimeAsFileTime
EnterCriticalSection
InterlockedExchange
CopyFileW
GetTempPathW
CreateDirectoryW
CreateFileW
Sleep
WaitForSingleObject
CloseHandle
CreateMutexW
GetCommandLineW
WideCharToMultiByte
MoveFileW
DeleteFileW
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetModuleFileNameW
GetVersion
GetCPInfo
FindResourceW
MultiByteToWideChar
LoadResource
SetLastError
GetVersionExW
GetLastError
LockResource
GetModuleHandleW
GetProcAddress
lstrlenA
lstrlenW
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
WriteFile
GetFileSize
DeviceIoControl
FreeLibrary
GetFileAttributesExW
GetFileAttributesW
ExpandEnvironmentStringsW
MoveFileExW
TerminateThread
GetProcessHeap
lstrcmpiW
InterlockedIncrement
CreateThread
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedDecrement

user32

DrawIconEx
GetSubMenu
DrawTextW
DestroyIcon
DrawTextExW
CopyRect
GetSystemMetrics
GetMenuState
GetDesktopWindow
TabbedTextOutW
GrayStringW
FillRect
DrawEdge
GetSysColorBrush
GetDC
GetMenuItemInfoW
SystemParametersInfoW
GetMenuItemID
ReleaseDC
SetRect
EnableWindow
ModifyMenuW
CreatePopupMenu
LoadBitmapW
GetMenuItemCount
CreateMenu
AppendMenuW
GetSysColor
GetClassInfoExW
RegisterClassExW
DefWindowProcW
CreateWindowExW
IsWindowVisible
IsWindow
DrawIcon
FlashWindow
SetTimer
KillTimer
ShowWindow
IsIconic
SetForegroundWindow
SendMessageTimeoutW
FindWindowW
TranslateMessage
DispatchMessageW
GetMessageW
SetWindowPos
GetSystemMenu
RegisterWindowMessageW
EnableMenuItem
SendMessageW
DrawStateW
GetWindowRect
GetWindowLongW
GetActiveWindow
OffsetRect
WindowFromPoint
ClientToScreen
DestroyCursor
InvalidateRect
SetCursor
GetClientRect
FrameRect
DrawFocusRect
GetParent
LoadImageW
InflateRect
CreateIconIndirect
GetNextDlgTabItem
GetIconInfo
IsMenu
PostMessageW

gdi32

SetBkColor
CreateBitmap
GetStockObject
GetPixel
CreateFontIndirectW
GetBkMode
GetObjectW
DeleteDC
GetTextExtentPoint32W
DeleteObject
CreateSolidBrush
Escape
BitBlt
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
Ellipse
ExtTextOutW
TextOutW
RectVisible
GetDeviceCaps
PatBlt
PtVisible
CreatePen
SetPixel

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExA
RegQueryValueExA
RegSetValueExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHCreateDirectoryExW
SHGetFolderPathW
ShellExecuteExW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFileExistsW
wnsprintfW

ole32

CoFreeLibrary
CLSIDFromProgID
CoInitializeEx
CoLoadLibrary
CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringByteLen

ws2_32

inet_addr
htons
connect
send
gethostname
getsockopt
closesocket
setsockopt
socket
recv
select
shutdown
WSAStartup
WSAGetLastError
ioctlsocket
__WSAFDIsSet
ntohl
htonl
ntohs
gethostbyname

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Xran@_String_base@std@@SAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z

winmm

PlaySoundW

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

wininet

InternetQueryOptionA

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 576KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3e9c3430421df83703d8443bd41a0687

Headers

File Characteristics

Imports

i18nu

mfc80u

msvcr80

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

msvcp80

winmm

netapi32

wininet

Sections

.text Size: 220KB - Virtual size: 218KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 576KB - Virtual size: 576KB

.text
Size: 220KB - Virtual size: 218KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 576KB - Virtual size: 576KB