b469011bebce3bf27c4b679b6db034232fc73ea6c22e763904a8b659b5f6ecff

Sharing

Copy URL

Twitter E-mail

General

Target

b469011bebce3bf27c4b679b6db034232fc73ea6c22e763904a8b659b5f6ecff
Size

668KB
MD5

1a056449fcf1154dd77dc1e468dd1350
SHA1

c702dbb9ad516b9ec9f61d66ebb3043ed606d39c
SHA256

b469011bebce3bf27c4b679b6db034232fc73ea6c22e763904a8b659b5f6ecff
SHA512

0f338599df599e97b75b58a9b3a020e8aa26e751c5d1c38152a16fd51e86debec1f467b8f6c4fbe45ce7acef939f66272dc4a6311efb8c0bec5594505dae69d5
SSDEEP

12288:cza4uPMwNAaafimuYLQVFoYtRWnruT4EY04P8Zd+9wqAkP/6pR5jnjpFnvimOTNw:cWfCkOOFY04P8ZdAwi/6pR5jnjrv5OTm

Score

N/A

Malware Config

Signatures

Files

b469011bebce3bf27c4b679b6db034232fc73ea6c22e763904a8b659b5f6ecff
.exe windows x86

891c0dc112114bbf90fe887900f8c58b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71

ord3182
ord354
ord605
ord1395
ord3830
ord1482
ord2246
ord1913
ord2615
ord5009
ord5012
ord4309
ord4135
ord2939
ord4904
ord943
ord5356
ord2992
ord2425
ord2424
ord4019
ord1557
ord3945
ord5148
ord5205
ord2173
ord1306
ord4277
ord5165
ord4265
ord1489
ord6118
ord299
ord2933
ord4109
ord2368
ord1191
ord1187
ord4394
ord3454
ord3171
ord1425
ord4888
ord2075
ord591
ord4234
ord1547
ord2089
ord4098
ord1483
ord1931
ord3430
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord4262
ord5203
ord1908
ord1401
ord5912
ord1551
ord1670
ord1671
ord2020
ord4580
ord4890
ord4735
ord4212
ord5182
ord757
ord566
ord3333
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord4467
ord4469
ord4473
ord3641
ord297
ord4261
ord4486
ord3949
ord2644
ord3709
ord3719
ord3718
ord1230
ord783
ord2421
ord4529
ord4971
ord3229
ord3406
ord657
ord4237
ord1570
ord2091
ord4099
ord1484
ord1933
ord6266
ord1397
ord3488
ord4752
ord2441
ord4298
ord2803
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord5152
ord4244
ord4640
ord4638
ord1402
ord3946
ord4876
ord4664
ord2531
ord3378
ord2719
ord3575
ord1162
ord6142
ord6146
ord4397
ord1123
ord1736
ord552
ord740
ord3316
ord4281
ord4721
ord1590
ord1744
ord4606
ord1734
ord1946
ord6104
ord6102
ord1936
ord1921
ord2429
ord5704
ord2533
ord947
ord2017
ord2052
ord1617
ord3797
ord2832
ord2797
ord2076
ord6010
ord6108
ord6110
ord3674
ord5469
ord1159
ord1181
ord1211
ord865
ord785
ord5563
ord1917
ord908
ord5430
ord5437
ord3022
ord1003
ord531
ord723
ord6174
ord6180
ord2451
ord5710
ord2585
ord3441
ord2417
ord2418
ord2420
ord2419
ord4935
ord410
ord648
ord4273
ord2717
ord1562
ord5166
ord1360
ord3344
ord5206
ord1619
ord5914
ord3974
ord4860
ord4863
ord4379
ord4384
ord4381
ord4399
ord4401
ord4386
ord4776
ord4587
ord4178
ord4171
ord4980
ord4389
ord4781
ord4204
ord4790
ord4443
ord314
ord3255
ord2346
ord1580
ord5331
ord6297
ord5320
ord6286
ord3489
ord1641
ord1571
ord4238
ord5873
ord2882
ord2657
ord6065
ord1160
ord6090
ord3795
ord1486
ord4066
ord4081
ord1185
ord6144
ord4100
ord2094
ord3244
ord1955
ord1283
ord4125
ord3879
ord3651
ord3230
ord761
ord651
ord658
ord573
ord416
ord1564
ord1930
ord2866
ord4001
ord4123
ord3934
ord4108
ord2271
ord2264
ord2367
ord6120
ord2794
ord5866
ord4353
ord3875
ord2092
ord2958
ord572
ord2370
ord3684
ord3596
ord620
ord760
ord709
ord602
ord1929
ord5641
ord5640
ord347
ord501
ord4320
ord3401
ord4908
ord4115
ord3287
ord1279
ord5637
ord2372
ord1554
ord2991
ord3195
ord1637
ord1558
ord4236
ord3214
ord642
ord4761
ord6037
ord5642
ord2527
ord5611
ord6060
ord5608
ord6054
ord4161
ord6057
ord5888
ord5727
ord5647
ord5523
ord5588
ord5414
ord5401
ord5921
ord5719
ord3180
ord2090
ord1545
ord4232
ord5613
ord6223
ord3423
ord587
ord5403
ord2468
ord3989
ord3761
ord589
ord330
ord3302
ord2086
ord3164
ord3891
ord1728
ord2475
ord3648
ord3466
ord663
ord635
ord426
ord395
ord4299
ord3076
ord5766
ord869
ord4342
ord4675
ord4927
ord4952
ord5977
ord2164
ord907
ord4250
ord1192
ord3163
ord6168
ord5833
ord1716
ord4127
ord2234
ord3143
ord758
ord567
ord4444
ord3740
ord4914
ord4519
ord4920
ord4559
ord5049
ord4439
ord4368
ord4501
ord4846
ord4970
ord4480
ord4516
ord4673
ord4200
ord4948
ord4794
ord4287
ord4376
ord4377
ord4963
ord4796
ord4710
ord4364
ord4805
ord5053
ord4964
ord4649
ord2646
ord2540
ord2862
ord2714
ord4307
ord2835
ord2731
ord2537
ord5200
ord1599
ord1655
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord1367
ord2403
ord4946
ord4507
ord4961
ord4674
ord4131
ord1302
ord2008
ord4132
ord3477
ord3650
ord2371
ord2274
ord5445
ord1729
ord4116
ord3499
ord3952
ord2936
ord4095
ord2233
ord6017
ord5634
ord765
ord315
ord1209
ord1092
ord1167
ord581
ord1207
ord1620
ord5915
ord5529
ord3997

msvcr71

_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
?terminate@@YAXXZ
__security_error_handler
??1type_info@@UAE@XZ
memset
wcscpy
_except_handler3
_resetstkoflw
free
malloc
_purecall
_CxxThrowException
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove
toupper
_ismbcalnum
_mbsnbcpy
_ismbcdigit
_ismbcspace
_mbsnbicmp
_mbschr
_mbsstr
memcmp
_controlfp
__set_app_type
__p__fmode
_setmbcp
_strnicmp
_strupr
rand
_beginthreadex
wcslen
labs
sqrt
strchr
strlen
_mbsicmp
sscanf
strcpy
strtoul
atoi
memcpy
strcmp
atol
fclose
fseek
ftell
fwrite
fread
fopen
sprintf
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
abs
_amsg_exit

kernel32

LocalAlloc
WaitForMultipleObjects
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
OpenProcess
SetThreadPriority
TerminateThread
ResumeThread
SuspendThread
Sleep
FreeLibrary
GlobalReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
EnterCriticalSection
LeaveCriticalSection
FindClose
FindFirstFileA
FindNextFileA
CreateFileA
GetFileSize
ReadFile
LocalFree
GetCurrentThread
HeapAlloc
GetProcessHeap
HeapFree
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetModuleHandleA
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenA
lstrlenW
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcessId
CreateEventA
CreateThread
SetEvent
LoadLibraryA
GetProcAddress
GetModuleFileNameA
WaitForSingleObject
CloseHandle
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
FindResourceA
SizeofResource
LoadResource
LockResource
MulDiv
VirtualQuery
InterlockedCompareExchange
VirtualProtect
FlushInstructionCache
GetCurrentProcess
SetThreadContext
GetThreadContext
VirtualAlloc
SetLastError

user32

SetScrollPos
SetScrollInfo
GetScrollRange
MessageBoxA
KillTimer
SetTimer
DefWindowProcA
GetCursorPos
SetRect
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
CreatePopupMenu
AppendMenuA
EnableMenuItem
GetWindowRect
ClientToScreen
ScreenToClient
LoadCursorA
InflateRect
RedrawWindow
DestroyIcon
DrawIcon
IsWindowVisible
GetFocus
GetSystemMetrics
IsWindow
MessageBeep
DrawTextExA
GrayStringA
GetParent
GetWindowLongA
GetSysColor
SetPropA
FillRect
SetWindowLongW
ShowScrollBar
SetFocus
SetCapture
SendMessageW
GetWindowLongW
GetPropA
GetScrollPos
GetScrollInfo
EnableScrollBar
SetWindowLongA
GetSysColorBrush
DrawEdge
CallWindowProcA
DrawFrameControl
MapWindowPoints
FrameRect
WindowFromDC
GetMessagePos
SetCursor
IsRectEmpty
IsZoomed
TabbedTextOutA
SetScrollRange
GetNextDlgGroupItem
SetWindowRgn
GetWindowRgn
GetDC
ReleaseDC
RegisterWindowMessageA
GetWindowDC
GetAsyncKeyState
GetCapture
GetClassNameA
RemovePropA
EnumChildWindows
GetMonitorInfoA
MonitorFromWindow
MoveWindow
GetDlgItem
IsIconic
GetClassInfoA
IsWindowEnabled
EqualRect
EndDeferWindowPos
ReleaseCapture
DispatchMessageA
TranslateMessage
LoadIconA
SendMessageA
LoadBitmapA
CopyRect
UpdateWindow
GetForegroundWindow
GetWindowThreadProcessId
FlashWindowEx
wsprintfA
EnableWindow
DrawTextA
GetClientRect
PostMessageA
TrackMouseEvent
OffsetRect
PeekMessageA
GetWindow
DialogBoxIndirectParamW
DrawTextW
SystemParametersInfoW
GetPropW
SetPropW
SendDlgItemMessageW
wvsprintfA
PtInRect
InvalidateRect
SetRectEmpty
SetWindowContextHelpId
GetSystemMenu
RemoveMenu
GetWindowTextA
SetWindowTextA
EndDialog
GetWindowContextHelpId
GetDialogBaseUnits
LoadIconW
BeginDeferWindowPos
SystemParametersInfoA
DrawIconEx
SetWindowPos
AdjustWindowRectEx
GetMenu
LoadImageA

gdi32

ExtTextOutA
Escape
CreateRoundRectRgn
CreateRectRgn
SelectClipRgn
PtInRegion
GetMapMode
TextOutA
CombineRgn
ExtCreateRegion
CreateSolidBrush
CreateFontIndirectW
RectVisible
PtVisible
CreateCompatibleBitmap
GetTextExtentPoint32A
StretchBlt
SetDIBitsToDevice
Rectangle
CreatePen
SetBkMode
GetStockObject
CreateFontIndirectA
SetTextColor
CreateFontA
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
DeleteObject
DeleteDC
GetObjectA
CreateEllipticRgnIndirect
OffsetRgn
CreateRectRgnIndirect
SetBkColor
UnrealizeObject
PatBlt
SetBrushOrgEx
CreatePatternBrush
IntersectClipRect
PlayEnhMetaFile
SetWindowOrgEx
GetTextMetricsA
GetDeviceCaps
CreateBitmap
SetDIBits

msimg32

TransparentBlt
AlphaBlend

comctl32

ord17
ImageList_ReplaceIcon
ImageList_GetImageInfo
ImageList_Draw

oleaut32

VariantClear
SysAllocString
SysAllocStringLen
SysFreeString

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

winmm

PlaySoundA
mmioOpenA
mmioAscend
mmioRead
mmioDescend
mmioGetInfo
mmioCreateChunk
mmioSeek
mmioSetInfo
mmioWrite
mmioAdvance
mmioClose

shlwapi

PathFileExistsA

ole32

CreateStreamOnHGlobal
CoInitialize

gdiplus

GdipAlloc
GdipDeleteGraphics
GdipLoadImageFromFile
GdipFree
GdipCloneImage
GdipDrawImagePointRectI
GdipDrawImageRectRect
GdipDrawImageI
GdipDrawImageRect
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateHICONFromBitmap
GdipCreateBitmapFromHBITMAP
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStream

dsound

ord11

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 508KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

891c0dc112114bbf90fe887900f8c58b

Headers

File Characteristics

Imports

mfc71

msvcr71

kernel32

user32

gdi32

msimg32

comctl32

oleaut32

msvcp71

winmm

shlwapi

ole32

gdiplus

dsound

advapi32

Sections

.text Size: 508KB - Virtual size: 505KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 56KB - Virtual size: 53KB

.text
Size: 508KB - Virtual size: 505KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 56KB - Virtual size: 53KB