c37f5581b03fbbc6625bb7a841c78a716ad2d712a2dd7a5ed949bf82d54396bb

Sharing

Copy URL

Twitter E-mail

General

Target

c37f5581b03fbbc6625bb7a841c78a716ad2d712a2dd7a5ed949bf82d54396bb
Size

412KB
MD5

6691a221ce87f22fc47fce74c2cbdd04
SHA1

e15d642a7e9b135cfaf8180c590fd5cac61d75ae
SHA256

c37f5581b03fbbc6625bb7a841c78a716ad2d712a2dd7a5ed949bf82d54396bb
SHA512

04a91fb127022c512ccfbfb0ea0366ccbe98a335a2f96f7b76026c462ee8926d2009c5d9662900e8a6202e3ffe0c6ebedb896f48c16b804845a5d4f60de072d9
SSDEEP

6144:HgyONcVXHas/ya4XNqMTBq4kWOPo1ZUtiwI4ACRZnTW:HTX6sjoVTs4kRkeRZTW

Score

N/A

Malware Config

Signatures

Files

c37f5581b03fbbc6625bb7a841c78a716ad2d712a2dd7a5ed949bf82d54396bb
.exe windows x86

b285137e2fe81da896747aa4275e62f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetQueryOptionW
InternetAttemptConnect
InternetCloseHandle
HttpSendRequestW
InternetOpenW
InternetSetOptionW
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetAutodial

mfc90u

ord367
ord636
ord2694
ord5851
ord4442
ord290
ord6091
ord1353
ord899
ord2551
ord1169
ord6577
ord280
ord813
ord1064
ord1599
ord811
ord4741
ord5653
ord374
ord639
ord3794
ord4131
ord5939
ord5167
ord4631
ord3515
ord5008
ord4026
ord538
ord6760
ord5509
ord753
ord3907
ord4027
ord6187
ord4740
ord2654
ord1096
ord1018
ord5011
ord6065
ord756
ord549
ord1405
ord2224
ord1709
ord5662
ord4700
ord1640
ord4692
ord3908
ord2069
ord3488
ord1248
ord3621
ord6098
ord6527
ord1108
ord1354
ord337
ord613
ord404
ord5535
ord663
ord2597
ord3486
ord5231
ord1222
ord3220
ord285
ord1607
ord5508
ord615
ord2103
ord1601
ord4510
ord2277
ord1667
ord4654
ord3496
ord2356
ord6604
ord5301
ord4000
ord3374
ord5511
ord2360
ord2901
ord4739
ord2904
ord6311
ord286
ord938
ord6635
ord6579
ord4130
ord2365
ord1938
ord5510
ord5047
ord5277
ord4608
ord5632
ord4632
ord5168
ord5324
ord2208
ord1810
ord1809
ord1675
ord3353
ord6408
ord1492
ord5661
ord5152
ord4682
ord3445
ord1868
ord654
ord4664
ord3528
ord611
ord3185
ord3741
ord1533
ord6096
ord909
ord4044
ord3674
ord4518
ord4405
ord2504
ord2326
ord795
ord6493
ord590
ord6074
ord6494
ord3685
ord744
ord4410
ord4541
ord2469
ord6095
ord525
ord524
ord3622
ord4398
ord5778
ord6822
ord1250
ord6811
ord1243
ord5767
ord3953
ord1262
ord6636
ord1149
ord1383
ord2372
ord3768
ord333
ord5867
ord4324
ord6094
ord4527
ord6109
ord2274
ord1665
ord4652
ord3489
ord778
ord2283
ord1719
ord3355
ord6411
ord1754
ord1751
ord4345
ord1493
ord4660
ord5602
ord2074
ord5512
ord6800
ord4603
ord5664
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord3140
ord3286
ord4910
ord3654
ord2592
ord4543
ord3537
ord2593
ord2106
ord296
ord2537
ord3543
ord4211
ord5567
ord1183
ord2447
ord600
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord3285
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3670
ord589
ord595
ord794
ord797
ord1137
ord799
ord265
ord266
ord5572
ord5573
ord3589
ord341
ord617
ord801
ord1272

msvcr90

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_errno
calloc
wcsncmp
wcscpy_s
swscanf_s
wcscat_s
swprintf_s
_wfopen_s
vswprintf_s
_wmakepath
_wcsdup
ftell
fseek
ferror
fprintf
_decode_pointer
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
memcpy_s
fputws
fflush
fputc
wcsncat
exit
printf
wcsncpy
malloc
free
_time64
wcschr
_fdopen
atoi
strtok_s
strnlen
_filelength
_read
_close
_lseek
_wsopen
strtoul
realloc
wcsrchr
wcscpy
_wcsupr
wcscmp
iswalnum
iswspace
_invalid_parameter_noinfo
fopen
_onexit
__CxxFrameHandler3
towupper
memset
_snwprintf
wcsncpy_s
_snwprintf_s
_waccess
_wrename
wcsncat_s
_wtoi
_itow
wcslen
_wfopen
fclose
fwrite
strncpy
strncat
strlen
_snprintf
_purecall
wcstombs
wcsstr
mbstowcs
memcpy
_wcsicmp
rand
srand
clock
_wsplitpath
_wsplitpath_s
fread
_stricmp
_CxxThrowException
tolower

kernel32

GetCurrentThread
GetDateFormatW
RaiseException
LoadLibraryA
ExpandEnvironmentStringsA
GetFileSize
ReadFile
OpenMutexW
ReleaseMutex
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
GetCurrentProcess
lstrcmpiW
GetFullPathNameW
lstrlenA
lstrlenW
WideCharToMultiByte
WriteFile
SetFileAttributesW
CreateFileW
LoadLibraryExW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
LocalAlloc
HeapDestroy
CreateMutexW
GetModuleHandleW
VerSetConditionMask
VerifyVersionInfoW
GetProcAddress
GetTimeFormatW
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
LocalFree
CreateDirectoryW
GetLastError
GetLocalTime
MultiByteToWideChar
DeleteFileW
GetVersionExW
GetLocaleInfoW
SetEvent
ResetEvent
WritePrivateProfileStringW
GetPrivateProfileStringW
OutputDebugStringW
FreeLibrary
GetTempPathW
Sleep
LoadLibraryW
CreateEventW
CloseHandle
QueryPerformanceCounter
GetExitCodeProcess
GetSystemTime
GetCurrentProcessId
CreateProcessW
HeapAlloc
CopyFileW
GetFileAttributesW
CreateThread
WaitForSingleObject
MulDiv
GetModuleFileNameW
LockResource
LoadResource
FindResourceW
SetFileTime

user32

GetSystemMetrics
SetForegroundWindow
BringWindowToTop
PostMessageW
FindWindowW
SendMessageW
GetWindowDC
ReleaseDC
EnableWindow
UpdateWindow
InvalidateRect
EnableScrollBar
ShowScrollBar
GetDesktopWindow
LoadImageW
LoadCursorW
GetWindowRect
SetWindowLongW
IsChild
SetClassLongW
GetClassLongW
GetClassNameW
GetParent
PeekMessageW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
GetDC
DestroyIcon
LoadIconW
SetTimer
SetRect
MapDialogRect
TranslateAcceleratorW
OffsetRect
SetCursor
GetForegroundWindow
LoadStringW
GetFocus
GetClientRect
SetRectEmpty
GetCursorPos
PtInRect
ScreenToClient
SystemParametersInfoW
SendNotifyMessageW
IsRectEmpty
MessageBoxW
GetLastActivePopup
GetActiveWindow
ReleaseCapture
SetCapture
FillRect
DrawIconEx
CopyRect
InflateRect
DrawStateW
IsWindow
KillTimer

gdi32

SetPixel
CreatePen
BitBlt
CreateFontIndirectW
RoundRect
GetPixel
CreateCompatibleDC
GetDeviceCaps
CreateSolidBrush
GetStockObject
CreatePalette
SetDIBitsToDevice
StretchDIBits
GetDIBits
RealizePalette
GetObjectW
GetTextExtentPoint32W
DeleteObject
CreateCompatibleBitmap

comdlg32

GetOpenFileNameW

advapi32

IsValidSecurityDescriptor
ImpersonateSelf
OpenThreadToken
OpenProcessToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
AccessCheck
RevertToSelf
FreeSid
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
FileEncryptionStatusW
DecryptFileW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

msvcp90

?open@?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXPB_WHH@Z
?getline@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_WH@Z
?peek@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?close@?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z

oleaut32

SysFreeString

shell32

ShellExecuteW

comctl32

_TrackMouseEvent

Sections

.text
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b285137e2fe81da896747aa4275e62f6

Headers

DLL Characteristics

File Characteristics

Imports

wininet

mfc90u

msvcr90

kernel32

user32

gdi32

comdlg32

advapi32

msvcp90

oleaut32

shell32

comctl32

Sections

.text Size: 219KB - Virtual size: 218KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 219KB - Virtual size: 218KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 100KB - Virtual size: 100KB