cfacb582c90f5047f425ba5d2ce641b78789cf1e215c8e192cd856466cc122c8

Sharing

Copy URL Twitter E-mail

General

Target

cfacb582c90f5047f425ba5d2ce641b78789cf1e215c8e192cd856466cc122c8
Size

644KB
MD5

0167a9073d3ef979d3757eb45c5aa761
SHA1

c4fb7247624b06e3772356a1cdc57079bab12c25
SHA256

cfacb582c90f5047f425ba5d2ce641b78789cf1e215c8e192cd856466cc122c8
SHA512

d7bc2aa450d21a0a47199dd86f07f733dcb32cbd3c5e4369aee748dc4e726dba9189542279bc38ba88ae8ae3f5de9277de6ae17246f013b670992d171505bd8f
SSDEEP

12288:lgNRp/5cM2VPO1QSs4UbW1SBCK0GHupDSoWMSsPy:Ohqok4UbW1JK0GOp2DMSoy

Score

N/A

Malware Config

Signatures

Files

cfacb582c90f5047f425ba5d2ce641b78789cf1e215c8e192cd856466cc122c8
.exe windows x86

11d1b1d2bb0061939ac4f68da5ac5af6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

mfc42

ord674
ord366
ord3626
ord3663
ord2414
ord640
ord6172
ord5875
ord2753
ord5785
ord1641
ord1640
ord323
ord2859
ord2086
ord1200
ord4457
ord5252
ord4337
ord4427
ord5030
ord4499
ord4413
ord4981
ord3619
ord2764
ord5789
ord1175
ord6442
ord3815
ord2860
ord2452
ord686
ord2096
ord384
ord2107
ord2841
ord5450
ord5440
ord6383
ord6394
ord2405
ord773
ord501
ord1083
ord5600
ord1816
ord326
ord3797
ord4284
ord3706
ord5782
ord1567
ord2919
ord268
ord1795
ord2575
ord3574
ord4396
ord609
ord5053
ord4774
ord6270
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord6194
ord613
ord289
ord283
ord4133
ord4297
ord5788
ord472
ord2567
ord1929
ord2381
ord3138
ord6453
ord1270
ord1232
ord2450
ord6927
ord6929
ord6778
ord2614
ord6648
ord6779
ord4123
ord3693
ord6119
ord3573
ord5787
ord5510
ord703
ord5445
ord404
ord3216
ord4042
ord1652
ord429
ord3921
ord1266
ord5271
ord3957
ord6283
ord6282
ord2642
ord2645
ord3496
ord6378
ord2078
ord3317
ord3742
ord1146
ord2152
ord2380
ord816
ord562
ord5768
ord3752
ord3754
ord3756
ord6128
ord6129
ord5799
ord1945
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord4698
ord4432
ord813
ord560
ord5260
ord1265
ord4723
ord4273
ord5148
ord654
ord3571
ord4278
ord6663
ord5858
ord6662
ord6140
ord812
ord559
ord6144
ord5781
ord5862
ord940
ord2408
ord1099
ord1574
ord772
ord3701
ord500
ord1862
ord4220
ord2584
ord3654
ord2438
ord6142
ord4083
ord2863
ord5606
ord4277
ord5860
ord807
ord2920
ord2012
ord2120
ord554
ord4163
ord1644
ord5572
ord1621
ord4202
ord5856
ord536
ord1195
ord3920
ord6385
ord4267
ord6170
ord6242
ord1844
ord2580
ord3630
ord4400
ord682
ord6654
ord2862
ord2393
ord6909
ord6720
ord3692
ord2093
ord2089
ord6458
ord2714
ord5791
ord3610
ord656
ord1133
ord1576
ord4328
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord3717
ord967
ord4436
ord1665
ord2649
ord5282
ord5237
ord4077
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord5012
ord3350
ord4022
ord1792
ord6157
ord6241
ord4476
ord3873
ord6334
ord6380
ord2370
ord2449
ord5479
ord5797
ord2817
ord4411
ord1995
ord1639
ord791
ord523
ord1638
ord4034
ord6094
ord4975
ord4863
ord4335
ord4447
ord2032
ord4303
ord4467
ord5103
ord5100
ord3059
ord2390
ord2723
ord4242
ord1842
ord6605
ord2754
ord2915
ord859
ord926
ord2864
ord3089
ord4129
ord795
ord3721
ord4694
ord6880
ord790
ord3716
ord4710
ord4234
ord324
ord641
ord3597
ord5280
ord533
ord5194
ord1997
ord798
ord6407
ord354
ord5186
ord665
ord1979
ord2763
ord939
ord537
ord5683
ord5710
ord2725
ord1247
ord1134
ord2621
ord924
ord1168
ord941
ord2092
ord6215
ord1768
ord561
ord815
ord3738
ord4622
ord5714
ord5289
ord341
ord5307
ord5482
ord5811
ord4779
ord5308
ord4274
ord2135
ord470
ord755
ord4299
ord2379
ord1233
ord6379
ord6197
ord4275
ord567
ord818
ord4424
ord3402
ord5290
ord2385
ord1776
ord6055
ord1949
ord823
ord858
ord535
ord860
ord4376
ord4160
ord540
ord3092
ord3874
ord2818
ord6199
ord5981
ord800
ord2302
ord825
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord5265
ord1726

msvcrt

time
malloc
_mbsicmp
memmove
strncmp
strstr
sscanf
_ftol
_mbschr
_lseek
rename
_read
_filelength
_close
_open
_write
_chsize
_tell
isxdigit
_setmbcp
_strlwr
_stricmp
atol
__p___argv
isdigit
srand
_mbsnbcpy
_mbscmp
isprint
strchr
_strnicmp
strtoul
wcscpy
wcslen
sprintf
_mbspbrk
_mbsnbcmp
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
rand
free
atoi
__CxxFrameHandler
atof
realloc
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
__p___argc

kernel32

GetLastError
GetCPInfo
lstrlenW
GetVersion
Sleep
CreateThread
TerminateThread
lstrlenA
GetVersionExA
lstrcmpA
lstrcmpiA
lstrcpynA
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GlobalLock
GlobalSize
GlobalUnlock
_lclose
GlobalAlloc
GlobalFree
GetFileSize
WriteFile
CreateFileA
SetFilePointer
ReadFile
CloseHandle
FindResourceExA
FindResourceA
SizeofResource
LoadResource
LockResource
DeleteFileA
GetFileAttributesA
MulDiv
GetPrivateProfileIntA
lstrcpyA
WinExec
FindFirstFileA
FindNextFileA
FindClose
GetModuleHandleA
lstrcatA
FreeLibrary
GetModuleFileNameA
LoadLibraryA
GetTickCount
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetPrivateProfileStringA
IsBadWritePtr
IsBadReadPtr
ExitProcess
IsDBCSLeadByte
_lread
_llseek
_lopen
GetStartupInfoA

user32

GetDesktopWindow
GetSysColor
GetWindowDC
IntersectRect
wsprintfA
SetWindowRgn
FlashWindow
LoadCursorFromFileA
CopyRect
IsIconic
IsZoomed
SystemParametersInfoA
LoadImageA
GetDC
DrawTextA
LoadCursorA
SetCursor
ReleaseCapture
SetCapture
GetWindowTextA
EnumWindows
CloseClipboard
SendMessageA
GetWindowRect
SetRect
IsWindowVisible
KillTimer
SetTimer
GetSystemMetrics
GetClientRect
ChangeDisplaySettingsA
EnumDisplaySettingsA
ReleaseDC
PtInRect
PostMessageA
OffsetRect
InvalidateRect
UpdateWindow
IsWindow
EnableWindow
OpenClipboard
SetClipboardData
GetIconInfo
EmptyClipboard
EnumChildWindows
GetWindowLongA
GetKeyState
GetWindow
SetPropA
DestroyCursor
DestroyIcon
GetClassNameA
IsMenu
GetNextDlgTabItem
GetActiveWindow
WindowFromPoint
ClientToScreen
GetNextDlgGroupItem
DrawFocusRect
InflateRect
GetWindowRgn
DrawStateA
FillRect
FrameRect
TabbedTextOutA
GrayStringA
DrawIcon
GetCursor
MessageBeep
GetDlgCtrlID
DefWindowProcA
IsChild
SetFocus
GetClipCursor
ClipCursor
DrawFrameControl
InvertRect
SetActiveWindow
GetSubMenu
LoadBitmapA
GetSysColorBrush
GetMenuStringA
CreateMenu
CreatePopupMenu
GetMenuItemID
GetMenuState
ModifyMenuA
GetMenuItemCount
AppendMenuA
DrawIconEx
DrawEdge
GetMenuItemInfoA
ChildWindowFromPointEx
ShowScrollBar
AdjustWindowRectEx
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
CreateCursor
LoadIconA
SetWindowLongA
UnionRect
IsRectEmpty
GetFocus
SetRectEmpty
SetForegroundWindow
RegisterWindowMessageA
GetCursorPos
ScreenToClient
GetCapture
GetAsyncKeyState
GetParent
GetClassInfoA

gdi32

GetPaletteEntries
GetSystemPaletteEntries
CombineRgn
ExtCreateRegion
RealizePalette
SelectPalette
OffsetRgn
CreateRectRgn
CreateRectRgnIndirect
FillRgn
FrameRgn
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreatePen
GetTextMetricsA
GetROP2
CreateSolidBrush
GetBkMode
GetTextColor
Ellipse
SetPixel
GetPixel
GetRegionData
CreatePatternBrush
CreatePolygonRgn
CreateRoundRectRgn
GetTextExtentPoint32W
PatBlt
Rectangle
Arc
GetTextAlign
GetCurrentObject
CreateHalftonePalette
CreatePalette
GetDIBColorTable
GetBkColor
LineDDA
CreateBitmap
SetMapMode
SetDIBitsToDevice
DeleteDC
GetStockObject
GetObjectA
CreateDIBSection
GetDeviceCaps
BitBlt
SetBkColor
LPtoDP
SetTextColor
CreateFontA
CreateDIBitmap
GetRgnBox
PathToRegion
EndPath
BeginPath
SelectObject
SetStretchBltMode
StretchBlt
CreateFontIndirectA
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap

advapi32

RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

shell32

ShellExecuteExA
ShellExecuteA
SHAppBarMessage

comctl32

ImageList_ReplaceIcon
ImageList_GetImageInfo
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageCount
ImageList_GetIcon
_TrackMouseEvent

oleaut32

SystemTimeToVariantTime

ole32

CreateStreamOnHGlobal

olepro32

ord251

wsock32

closesocket
WSAGetLastError
connect
bind
htonl
socket
setsockopt
inet_ntoa
WSASetLastError
getsockname
ioctlsocket
htons
gethostbyname

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

11d1b1d2bb0061939ac4f68da5ac5af6

Headers

File Characteristics

Imports

winmm

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

oleaut32

ole32

olepro32

wsock32

Sections

.text Size: 516KB - Virtual size: 515KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 44KB - Virtual size: 41KB

.text
Size: 516KB - Virtual size: 515KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 44KB - Virtual size: 41KB