f5d21c53b66d6c10c74ce692ab289bcba96d77bb8a19fcf0c39685ae3c5e8fc5

Sharing

Copy URL

Twitter E-mail

General

Target

f5d21c53b66d6c10c74ce692ab289bcba96d77bb8a19fcf0c39685ae3c5e8fc5
Size

828KB
MD5

748ffe1890fa8cc24ab2420e363be2ce
SHA1

8c56d28f28175c96ce933f36324b583e3873b919
SHA256

f5d21c53b66d6c10c74ce692ab289bcba96d77bb8a19fcf0c39685ae3c5e8fc5
SHA512

884d89a3f755298836fcfc092125aaa92e24d9d2fbd3f3ed827af8ea888db1c23bb66642778c4b828df1f4894b3b3de47ed6bff8ecfb8b3ed5210bc9091d7766
SSDEEP

12288:yk+GTt4HH8E7QGKMK66w5Wk0y0ROHiPvrmNI7g:yk+RHHyWfFVHi7mNI7

Score

N/A

Malware Config

Signatures

Files

f5d21c53b66d6c10c74ce692ab289bcba96d77bb8a19fcf0c39685ae3c5e8fc5
.exe windows x86

441bbfed3fb5bd9e298ba7b12f9abecc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

bdlogicutils

?GetBDCrashCatcher@BDLogicUtils@@YAPAVIBDCrashCatcher@1@XZ

bdmframework

?CallFunctionAsync@@YGHP6GXPAX@Z0@Z
_TQueryByCreateObj@16
?UnhookEvent@@YGHPAX@Z
?SetHookDefaultForHookableEvent@@YGHPAXP6GHIJ@Z@Z
?ServiceExists@@YGHPB_W@Z
?CallHookSubscribers@@YGHPAXIJ@Z
?NotifyEventHooks@@YGHPAXIJ@Z
?KillObjectServices@@YGXPAX@Z
?KillObjectEventHooks@@YGXPAX@Z
?HookEventParam@@YGPAXPB_WP6GHIJJ@ZJ@Z
?HookEventObjParam@@YGPAXPB_WP6GHPAXIJJ@Z1J@Z
?HookEventObj@@YGPAXPB_WP6GHPAXIJ@Z1@Z
?HookEventMessage@@YGPAXPB_WPAUHWND__@@I@Z
?HookEvent@@YGPAXPB_WP6GHIJ@Z@Z
?DestroyServiceFunction@@YGHPAX@Z
?DestroyHookableEvent@@YGHPAX@Z
?CreateServiceFunctionParam@@YGPAXPB_WP6GHIJJ@ZJ@Z
?CreateServiceFunctionObjParam@@YGPAXPB_WP6GHPAXIJJ@Z1J@Z
?CreateServiceFunctionObj@@YGPAXPB_WP6GHPAXIJ@Z1@Z
?CreateServiceFunction@@YGPAXPB_WP6GHIJ@Z@Z
?CreateHookableEvent@@YGPAXPB_W@Z
?SetAPCParam@CServiceManager@@QAEXKPAXPAUHWND__@@@Z
?Init@TComFactory@@QAEHXZ
?Instance@?$CSingleton@VTComFactory@@@utils@@SAPAVTComFactory@@XZ
?Start@TComFactory@@QAEHXZ
?Stop@TComFactory@@QAEHXZ
?Stop@CServiceManager@@QAEHXZ
?Stop@CEventHookManager@@QAEHXZ
?Instance@?$CSingleton@VCIpcClient@IPC@@@utils@@SAPAVCIpcClient@IPC@@XZ
?SetAPCParam@CIpcClient@IPC@@QAEXKPAXPAUHWND__@@@Z
?SetIpcNodeType@CIpcClient@IPC@@QAEXK@Z
?Init@CIpcClient@IPC@@QAEHXZ
?Start@CIpcClient@IPC@@QAEHH@Z
?Stop@CIpcClient@IPC@@QAEHXZ
?Init@CEventHookManager@@QAEHXZ
?Instance@?$CSingleton@VCEventHookManager@@@utils@@SAPAVCEventHookManager@@XZ
?_b_SetIpcNodeServerName@CIpcClient@IPC@@QAEXPB_W@Z
?SetAPCParam@CEventHookManager@@QAEXKPAXPAUHWND__@@@Z
?Init@CServiceManager@@QAEHXZ
?Instance@?$CSingleton@VCServiceManager@@@utils@@SAPAVCServiceManager@@XZ
?CallServiceSync@@YGHPB_WIJ@Z
?CallService@@YGHPB_WIJ@Z
_TQueryObj@8

shlwapi

PathFileExistsW
wnsprintfW
PathCombineW
PathAddBackslashW
PathAppendW
PathRemoveFileSpecW

kernel32

Sleep
GetCurrentThreadId
GetCurrentThread
InterlockedIncrement
InterlockedDecrement
CreateSemaphoreW
CreateThread
GetTickCount
LocalAlloc
GetFileSizeEx
DeleteFileW
DebugBreak
GetSystemWow64DirectoryW
IsBadReadPtr
GetBinaryTypeW
MoveFileW
GetWindowsDirectoryW
CreateFileW
ReadFile
GetFileSize
GetSystemDirectoryW
ExpandEnvironmentStringsW
MoveFileExW
GetModuleHandleW
GetVersionExW
ProcessIdToSessionId
GetCurrentProcessId
HeapAlloc
InitializeCriticalSection
CreateMutexW
HeapFree
UnmapViewOfFile
OpenMutexW
WaitForMultipleObjects
CreateEventW
MapViewOfFile
ReleaseMutex
LeaveCriticalSection
CreateFileMappingW
EnterCriticalSection
DeleteCriticalSection
OpenFileMappingW
GetProcessHeap
OpenEventW
FormatMessageA
LocalFree
CreateWaitableTimerA
SetWaitableTimer
GetLastError
LoadResource
MultiByteToWideChar
WideCharToMultiByte
FindResourceW
FindResourceExW
SizeofResource
lstrlenA
LockResource
LoadLibraryW
GetModuleFileNameW
SetEvent
WaitForSingleObject
CreateSemaphoreA
FreeLibrary
GetCurrentProcess
CloseHandle
CreateEventA
DuplicateHandle
ReleaseSemaphore
GetProcAddress
GetSystemWindowsDirectoryW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
TlsAlloc
TlsFree
TlsGetValue
OpenEventA
ResetEvent
TlsSetValue
SystemTimeToFileTime

user32

SendMessageW
GetWindowLongW
DefWindowProcW
RegisterClassExW
CreateWindowExW
SetWindowLongW
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassW
IsWindow
DestroyIcon
PostMessageW
UnregisterClassA
ShowWindow
KillTimer

advapi32

InitializeAcl
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW
RegCloseKey
RegOpenKeyExW
CheckTokenMembership
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
RegCreateKeyExW
RegDeleteKeyW
AddAccessAllowedAce
GetLengthSid

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

msvcp80

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

msvcr80

_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
memcpy
_snwprintf
malloc
_snwprintf_s
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
strstr
_mktime64
__RTDynamicCast
atoi
swprintf_s
_time64
vswprintf_s
wcsncat_s
isalpha
tolower
_wcsicmp
_wtoi
swscanf_s
_wcsnicmp
_beginthreadex
??_V@YAXPAX@Z
printf
wcsstr
memcpy_s
calloc
memmove_s
free
wcsncpy_s
_recalloc
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
_invalid_parameter_noinfo
_purecall
wcscpy_s
??3@YAXPAX@Z
isalnum
strchr
isspace
strncmp
memmove
fread
fseek
fputc
_except_handler3
ftell
ferror
_wfopen_s
fprintf
fclose
_vsnprintf_s
strerror
_CxxThrowException
__CxxFrameHandler3
_gmtime64
??0exception@std@@QAE@ABQBDH@Z
_stricmp

imagehlp

MapAndLoad
UnMapAndLoad

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 316KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

441bbfed3fb5bd9e298ba7b12f9abecc

Headers

File Characteristics

Imports

bdlogicutils

bdmframework

shlwapi

kernel32

user32

advapi32

shell32

msvcp80

msvcr80

imagehlp

Exports

Exports

Sections

.text Size: 316KB - Virtual size: 312KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 12KB - Virtual size: 17KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 412KB - Virtual size: 412KB

.text
Size: 316KB - Virtual size: 312KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 12KB - Virtual size: 17KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 412KB - Virtual size: 412KB