3641b25dc936c74fc018f92999b0640791824113f2fc6143b41757a4391854dd

Sharing

Copy URL Twitter E-mail

General

Target

3641b25dc936c74fc018f92999b0640791824113f2fc6143b41757a4391854dd
Size

1.5MB
MD5

7344b1a74e04567b305aec60dc2109e0
SHA1

aef360ae54e70ab0d9acbc0624af4b9b7e4c7364
SHA256

3641b25dc936c74fc018f92999b0640791824113f2fc6143b41757a4391854dd
SHA512

356158ba8d77871eadb36dfc3d10b6b97123f7f44cd9321892aa88a3ff200bd2fa711838dd067e1361944d3a38d7b460648cef4672bdbf542ae0ac41dd4f330f
SSDEEP

24576:Kb1htK2hSW3+WlZYJYNmPa78ab0LBrNSykM441ZUueeeepeeeeeee18lr:qHvmPaH0LBrNSy54GZUueeeepeeeeeev

Score

N/A

Malware Config

Signatures

Files

3641b25dc936c74fc018f92999b0640791824113f2fc6143b41757a4391854dd
.exe windows x86

95a93c0faf5aba90473571cc27332a00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

ICClose
ICOpen
ICGetInfo
ICInfo

psapi

EnumProcesses
GetProcessMemoryInfo

comctl32

ord6

wsock32

gethostname
inet_addr
gethostbyname
WSAStartup
WSACleanup
setsockopt
select
ntohl
listen
getsockopt
bind
accept
__WSAFDIsSet
socket
send
recv
htons
connect
closesocket
ioctlsocket
htonl

mccommon

?GetString@CStringTable@@QAEPADPBDH0@Z
?getAttributeFloat@CXML@@QAEMPADMPAX@Z
?Unset@CCharset@@QAEXXZ
?Set@CCharset@@QAEXPBD0@Z
?getNodeName@CXML@@QAEPBDXZ
?setNodeValue@CXML@@QAEXPAD@Z
?addAttribute@CXML@@QAEPAXPAD0@Z
?setAttribute@CXML@@QAEPAXPADH@Z
?setAttribute@CXML@@QAEPAXPAD0@Z
?Dump@CXML@@QAEHPAPADPAD@Z
?New@CXML@@QAEXPBD00@Z
?findNextNode@CXML@@QAEPAXPAD00@Z
?findNode@CXML@@QAEPAXPAD00@Z
?addChild@CXML@@QAEPAXPADM@Z
?addChild@CXML@@QAEPAXPAD_J@Z
SaveTextFile
?goFirst@CXML@@QAEPAXXZ
?getNodeValueInt@CXML@@QAEHXZ
WriteXmlHeader
FileExist
?addChild@CXML@@QAEPAXPAD0@Z
?addChild@CXML@@QAEPAXPAD@Z
?Unlock@CXML@@QAEXXZ
?Lock@CXML@@QAEXXZ
RemoveFile
IsCapDevicePath
hex2int
?addChild@CXML@@QAEPAXPADH@Z
GetTime
Int2TimeStr
?goRoot@CXML@@QAEPAXXZ
?findChildNode@CXML@@QAEPAXPAD00@Z
?getNodeValueByName@CXML@@QAEPBDPAD0@Z
??0CCharset@@QAE@PBD0@Z
?Convert@CCharset@@QAEPADPBDH@Z
d2q
GetFraction
GetAppPath
IsDirectory
?Open@CXML@@QAEHPBD@Z
?Save@CXML@@QAEHPBDPAD@Z
IsDriveValid
GetMD5
MakeDir
??0CStringTable@@QAE@XZ
??1CStringTable@@QAE@XZ
?Load@CStringTable@@QAEHPBDPADH1H@Z
?Destroy@CStringTable@@QAEXXZ
ParseIntTokens
IsNetworkPath
GetFileBytes
strncmp2
httpClean
httpRequest
?getNodeValue@CXML@@QAEPBDH@Z
?getAttributeInt@CXML@@QAEHPADHPAX@Z
?isAttrMatched@CXML@@QAE_NPAD0@Z
?Cleanup@CXML@@SAXXZ
httpInitReq
GetFPS
??0CXML@@QAE@PBD@Z
??1CXML@@QAE@XZ
?Read@CXML@@QAEHPBDI00@Z
?goToKey@CXML@@QAEPAXPBDH@Z
?goNext@CXML@@QAEPAXXZ
?goChild@CXML@@QAEPAXXZ
?goParent@CXML@@QAEPAXXZ
?getChildCount@CXML@@QAEHXZ
?getAttribute@CXML@@QAEPBDPAD0PAX@Z
?isMatched@CXML@@QAE_NPAD@Z
?Close@CXML@@QAEXXZ
??0CCharset@@QAE@XZ
??1CCharset@@QAE@XZ
UTF8toANSI
LoadTextFile
GetMD5String
SetVolume
GetVolume
IsUnderWine
BrowseForPath
WriteXmlString

sdl

SDL_RWFromConstMem
SDL_WaitEvent
SDL_Init
SDL_GetWMInfo
SDL_SetAlpha
SDL_WM_SetCaption
SDL_PushEvent
SDL_GetError
SDL_FreeSurface
SDL_UpperBlit
SDL_FillRect
SDL_UnlockSurface
SDL_SetVideoMode
SDL_LockSurface
SDL_CreateRGBSurface
SDL_Flip
SDL_MapRGB
SDL_SetColorKey
SDL_GetRGB
SDL_Quit

jpeg

jpeg_CreateDecompress
jpeg_set_quality
jpeg_start_compress
jpeg_finish_compress
jpeg_write_raw_data
jpeg_std_error
jpeg_set_defaults
jpeg_destroy_compress
jpeg_mem_dest
jpeg_CreateCompress
jpeg_destroy_decompress
jpeg_mem_src
jpeg_read_header
jpeg_start_decompress
jpeg_read_scanlines
jpeg_finish_decompress
jpeg_calc_output_dimensions
jpeg_free_small

sdl_image

IMG_Load_RW
IMG_Load

swscale-3

sws_freeContext
sws_getContext
sws_scale

postproc-53

pp_free_context
pp_get_context
pp_postprocess

kernel32

GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetCPInfo
LoadLibraryExW
GetCurrentThreadId
GetFileInformationByHandle
RtlUnwind
RaiseException
GetCommandLineA
GetSystemTimeAsFileTime
GetConsoleCP
ReadConsoleW
GetModuleHandleW
HeapAlloc
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetFileType
SetStdHandle
HeapFree
GetStringTypeW
DecodePointer
EncodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetProcessHeap
ExitProcess
GetModuleHandleExW
HeapSize
GetConsoleMode
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
WriteConsoleW
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteFileW
FindFirstFileExW
GetDriveTypeW
OutputDebugStringW
LoadLibraryW
SetEndOfFile
GetFullPathNameW
GetCurrentDirectoryW
GetFileAttributesExW
LocalFree
CreateToolhelp32Snapshot
SuspendThread
ResumeThread
GlobalAlloc
SetFilePointerEx
FileTimeToLocalFileTime
CreateFileW
AreFileApisANSI
DeleteCriticalSection
CreateEventW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForSingleObjectEx
DuplicateHandle
GetSystemInfo
GetThreadPriority
GetExitCodeThread
SetFilePointer
GetVersionExA
GetVolumeInformationA
GetLogicalDriveStringsA
DeviceIoControl
GlobalMemoryStatusEx
MoveFileA
GetDiskFreeSpaceExA
SetFileTime
GetTempPathA
FileTimeToSystemTime
GetCurrentDirectoryA
GetFileTime
FlushFileBuffers
SetCommTimeouts
SetCommState
ClearCommBreak
EscapeCommFunction
SetCommBreak
GetCommState
ClearCommError
GetCommModemStatus
SetupComm
GetModuleHandleA
lstrlenA
lstrcmpA
DeleteFileA
SetFileAttributesA
GlobalFree
AllocConsole
GetTickCount
Sleep
SetConsoleMode
SetConsoleTitleA
GetStdHandle
GetProcAddress
LoadLibraryA
SetConsoleCtrlHandler
GetCurrentProcessId
CreateFileA
GetFileSize
ReadFile
CloseHandle
WaitForSingleObject
OutputDebugStringA
ReleaseMutex
FindResourceA
FreeLibrary
LoadResource
SizeofResource
LockResource
GetLogicalDrives
GetDriveTypeA
FindFirstFileA
FindClose
FindNextFileA
SetEvent
CreateEventA
ResetEvent
CreateMutexA
CreateThread
InterlockedIncrement
InterlockedDecrement
GlobalLock
GlobalUnlock
WriteFile
GetFileAttributesA
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationA
GetEnvironmentVariableA
GetVersion
lstrcpyA
TerminateThread
CopyFileA
FreeResource
GetLocaleInfoA
GetCurrentProcess
GetCurrentThread
WideCharToMultiByte
FreeConsole
SetSystemPowerState
SetThreadPriority
CreateDirectoryA
SetCurrentDirectoryA
GetLastError
SetEnvironmentVariableA
GetModuleFileNameA
SetProcessAffinityMask
SetPriorityClass
PeekNamedPipe
SetHandleInformation
OpenProcess
Thread32First
GetExitCodeProcess
CreateProcessA
TerminateProcess
Thread32Next
CreatePipe
MultiByteToWideChar

user32

GetDlgItem
MessageBoxA
SendMessageA
SetForegroundWindow
CheckMenuItem
FindWindowA
DestroyMenu
PostMessageA
AppendMenuA
CreatePopupMenu
GetCursorPos
SetClassLongA
GetWindowLongA
InvalidateRect
SetWindowLongA
GetMenu
GetClientRect
LoadMenuA
DeleteMenu
GetSubMenu
KillTimer
TrackPopupMenu
GetWindowRect
SetTimer
GetSystemMenu
MoveWindow
AdjustWindowRect
SystemParametersInfoA
ShowWindow
LoadBitmapA
LoadCursorA
UpdateWindow
EndDialog
SetFocus
SetCursor
GetSystemMetrics
wsprintfA
GetMenuState
SendDlgItemMessageA
PostQuitMessage
ScreenToClient
GetFocus
SetWindowPos
SetParent
CreateWindowExA
DispatchMessageA
LoadAcceleratorsA
TranslateAcceleratorA
TranslateMessage
ExitWindowsEx
LoadIconA
GetMessageA
SetMenuItemInfoA
AdjustWindowRectEx
GetMenuItemCount
EnumChildWindows
GetMenuStringA
EnableMenuItem
ReleaseDC
GetDC
GetClassNameA
GetWindowThreadProcessId
GetWindowTextA
EnumWindows
WaitForInputIdle
SetLayeredWindowAttributes
RegisterClassA
DialogBoxParamA
GetDlgCtrlID
GetClassInfoA
DefWindowProcA
GetWindowPlacement
RegisterWindowMessageA
GetParent
CreateDialogParamA
GetForegroundWindow
GetDesktopWindow
EnableWindow
DestroyWindow

gdi32

DeleteDC
CreateDCA
GetDeviceCaps
SetBkMode
DeleteObject
CreateFontIndirectA
CreateSolidBrush
GetStockObject
SetBkColor

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
OleSetContainedObject
CoInitialize
CoUninitialize
CoCreateInstance
RegisterDragDrop
ReleaseStgMedium
CoLockObjectExternal
RevokeDragDrop
OleUninitialize
OleInitialize

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantInit
OleCreatePropertyFrame

iphlpapi

GetAdaptersInfo

avifil32

AVIFileRelease
AVIFileInit
AVIFileOpenA
AVIFileInfoA
AVIFileGetStream
AVIStreamRelease
AVIStreamInfoA
AVIStreamReadFormat
AVIStreamRead
AVIStreamLength
AVIFileExit

Sections

.text
Size: 899KB - Virtual size: 899KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

95a93c0faf5aba90473571cc27332a00

Headers

DLL Characteristics

File Characteristics

Imports

msvfw32

psapi

comctl32

wsock32

mccommon

sdl

jpeg

sdl_image

swscale-3

postproc-53

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

iphlpapi

avifil32

Sections

.text Size: 899KB - Virtual size: 899KB

.rdata Size: 244KB - Virtual size: 243KB

.data Size: 23KB - Virtual size: 82KB

.rsrc Size: 360KB - Virtual size: 360KB

.text
Size: 899KB - Virtual size: 899KB

.rdata
Size: 244KB - Virtual size: 243KB

.data
Size: 23KB - Virtual size: 82KB

.rsrc
Size: 360KB - Virtual size: 360KB