ecfa904ce9f32d6e7d441dc483cfa19f8fdcba4f551da6e2e823b1c07b0e63e3

Sharing

Copy URL

Twitter E-mail

General

Target

ecfa904ce9f32d6e7d441dc483cfa19f8fdcba4f551da6e2e823b1c07b0e63e3
Size

250KB
MD5

1c2fe634b2feaefb73f96c0a6fd92da3
SHA1

1e21c262a2947a7ef2d8e738282cf22d5d73256a
SHA256

ecfa904ce9f32d6e7d441dc483cfa19f8fdcba4f551da6e2e823b1c07b0e63e3
SHA512

d7756a76148156497d90d2076baed60353c3aa61b3cfa725a5598e7ee7647771f54ba6f1b25d366b87fb3ac87a3298f0bd1acae4245fe740c0530ff178d01104
SSDEEP

3072:WMdUQGp4lA6Ce3PVd0zA+NzWfhYxMyIxZ2D6YmxX7hNKQ+Gr3:Wl4lrHdcFzWJYxMVZ2D6YmxXdL+63

Score

N/A

Malware Config

Signatures

Files

ecfa904ce9f32d6e7d441dc483cfa19f8fdcba4f551da6e2e823b1c07b0e63e3
.exe windows x86

2d5eb3318716f6f5924e38fcde089028

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dbghelp

MiniDumpReadDumpStream

ws2_32

connect
socket
setsockopt
WSAAsyncGetHostByName
WSAGetLastError
getpeername
ntohs
getsockname
WSACancelAsyncRequest
WSAAsyncSelect
htons
gethostbyname
inet_addr
WSACleanup
closesocket
recv
WSAStartup
send

minizip

zipOpen
zipWriteInFileInZip
zipOpenNewFileInZip
zipCloseFileInZip
zipClose

kernel32

GetThreadLocale
GetVersionExW
WideCharToMultiByte
RaiseException
MultiByteToWideChar
lstrlenW
CloseHandle
MapViewOfFile
CreateFileMappingW
CreateFileW
InterlockedDecrement
lstrlenA
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
GetLastError
CopyFileW
FindClose
FindNextFileW
FindFirstFileW
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
InterlockedIncrement
OutputDebugStringW
SetErrorMode
GlobalUnlock
GlobalLock
GlobalAlloc
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
FileTimeToLocalFileTime
ReadFile
FileTimeToDosDateTime
IsBadCodePtr
SetFileTime
SystemTimeToFileTime
WriteFile
MoveFileW
GetFileSizeEx
GetFileAttributesExW
SetLastError
FormatMessageW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
ExitProcess
GetVersionExA
InterlockedExchange
GetACP
GetSystemTimeAsFileTime
GetLocaleInfoA

user32

LoadStringW
wsprintfW
UnregisterClassA
DispatchMessageW
GetDesktopWindow
CreateWindowExW
PostMessageW
GetWindowTextLengthW
GetWindowTextW
SetTimer
GetWindow
MessageBeep
GetSystemMetrics
LoadImageW
LoadBitmapW
GetDlgItem
SetWindowTextW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
MessageBoxW
KillTimer
SetDlgItemTextW
EndDialog
GetActiveWindow
IsWindowEnabled
LoadCursorW
SetCursor
ShowCursor
GetParent
MapWindowPoints
SendMessageW
GetCursorPos
GetWindowRect
SystemParametersInfoW
SetWindowPos
ShowWindow
EndPaint
BeginPaint
GetDC
InflateRect
DrawTextW
ReleaseDC
GetClientRect
CallWindowProcW
GetWindowLongW
GetSysColor
DestroyWindow
DialogBoxParamW
DefWindowProcW
IsWindow
InvalidateRect
SetWindowLongW
PostQuitMessage
GetMessageW
TranslateMessage

gdi32

CreateCompatibleDC
Rectangle
BitBlt
CreateRectRgnIndirect
ExtSelectClipRgn
GetWindowOrgEx
OffsetWindowOrgEx
SetWindowOrgEx
SetBkMode
GetStockObject
SelectObject
SetBkColor
ExtTextOutW
GetObjectW
DeleteObject
CreateFontIndirectW
SetTextColor

shell32

ShellExecuteExW
ord165
ShellExecuteW
SHCreateDirectoryExW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
VariantClear
SysAllocStringLen
SysFreeString

atl71

ord23
ord65
ord43
ord45
ord61
ord66
ord64
ord44

shlwapi

PathFileExistsW
PathAppendW

comctl32

_TrackMouseEvent
InitCommonControlsEx

msvcp71

?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AViterator@12@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@ios_base@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@strstreambuf@std@@MAEHH@Z
?overflow@strstreambuf@std@@MAEHH@Z
??1_Lockit@std@@QAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1strstreambuf@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?_Nomemory@std@@YAXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??1ios_base@std@@UAE@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
??1istrstream@std@@UAE@XZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JHH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

msvcr71

free
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??3@YAXPAX@Z
memset
_snwprintf
wcslen
wcscpy
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
??_V@YAXPAX@Z
__CxxFrameHandler
strlen
tolower
wcsftime
localtime
fclose
_atoi64
fread
_wfopen
_purecall
sprintf
atoi
strncmp
memcpy
_wstat
swprintf
_except_handler3
fwrite
time
wcsrchr
_strnicmp
_stricmp
strftime
gmtime
strcmp
sscanf
atol
_ultoa
_ultow
_ltoa
_ltow
_ui64toa
_ui64tow
_i64toa
_i64tow
_wtoi64
_wtol
swscanf
_wcsicmp
wcschr
memmove
realloc
malloc
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_strupr

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

secccm
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2d5eb3318716f6f5924e38fcde089028

Headers

File Characteristics

Imports

dbghelp

ws2_32

minizip

kernel32

user32

gdi32

shell32

ole32

oleaut32

atl71

shlwapi

comctl32

msvcp71

msvcr71

Sections

.text Size: 96KB - Virtual size: 93KB

.rdata Size: 40KB - Virtual size: 36KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 92KB - Virtual size: 88KB

secccm Size: 8KB - Virtual size: 4KB

.text
Size: 96KB - Virtual size: 93KB

.rdata
Size: 40KB - Virtual size: 36KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 92KB - Virtual size: 88KB

secccm
Size: 8KB - Virtual size: 4KB