6dcb72864c35b8298781bf7bfef3038d857334358b6c6bc438997959b6b891e7

Sharing

Copy URL Twitter E-mail

General

Target

6dcb72864c35b8298781bf7bfef3038d857334358b6c6bc438997959b6b891e7
Size

356KB
MD5

808c8ccbd8d8054bac4552ae205c9540
SHA1

866193d00334b7d0ac43c27c187246739e7f8bf2
SHA256

6dcb72864c35b8298781bf7bfef3038d857334358b6c6bc438997959b6b891e7
SHA512

12dc424a0922f62d3675ef7d9b67392f66c61774775848f3e5241c8e2f61f996f1cae0dc5e4ca23b8987f5d774ec4219cecbc0019407c598eb4ca80a65b0f4b8
SSDEEP

6144:e/BqgqT1OptpXm3QRfln8urLi6MZvnA93nPl1xJiXnGQhbQLVz:e/BqlT10NmARflDLiHZvnA9/l/Ji8Vz

Score

N/A

Malware Config

Signatures

Files

6dcb72864c35b8298781bf7bfef3038d857334358b6c6bc438997959b6b891e7
.exe windows x86

bfb71c44c5ab6866c22b81ea379ef14e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetCookieW

ws2_32

WSAGetLastError
htons
closesocket
inet_addr
inet_ntoa
socket
sendto
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSACloseEvent

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

iphlpapi

GetAdaptersInfo

uactool

XL_GetProgramPath
XL_GetUserProfilesPath

xlgraphic

_XL_GetBitmapBuffer@12
_XL_InitGraphicLib@4
_XL_UnInitGraphicLib@0
_XL_ReleaseBitmap@4
_XL_GetBitmapInfo@8
_XL_AlphaPaintBitmap@44
_XL_UpdateTexture@12

kernel32

GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
GetModuleHandleA
GetStartupInfoW
ExitProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
InterlockedIncrement
InterlockedDecrement
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FreeLibrary
FlushInstructionCache
GetCurrentProcess
GetProcAddress
LoadLibraryW
GetModuleHandleW
HeapAlloc
GetProcessHeap
CloseHandle
OpenMutexW
CreateEventW
WaitForSingleObject
SetEvent
WaitForMultipleObjects
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
QueryPerformanceCounter
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
GetCurrentThreadId
ResetEvent
CreateThread
CreateMutexW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
DeleteFileW
CreateDirectoryW
GetModuleFileNameW
GetFileAttributesW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExW
HeapFree
MoveFileW
WriteFile
CreateFileW
ReadFile
GetPrivateProfileIntW
GetPrivateProfileStringW
GetVolumeInformationA
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemDirectoryA
LocalFree
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

IsIconic
GetLastActivePopup
SetFocus
SetForegroundWindow
ReleaseCapture
PtInRect
SetWindowRgn
SetCapture
InvalidateRect
EndPaint
BeginPaint
GetActiveWindow
KillTimer
GetWindowThreadProcessId
BringWindowToTop
AttachThreadInput
SetClassLongW
GetClassNameW
GetClassLongW
DeleteMenu
CallWindowProcW
IsWindowEnabled
SetRectEmpty
SetWindowTextW
PostQuitMessage
LoadImageW
SetTimer
FlashWindowEx
GetForegroundWindow
GetSystemMetrics
ClientToScreen
CopyRect
SendMessageW
IsWindowVisible
MoveWindow
GetSystemMenu
RegisterWindowMessageW
DefWindowProcW
wsprintfW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CreateWindowExW
SetRect
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
IsWindow
ShowWindow
PostMessageW
GetWindowLongW
SetWindowLongW
SetActiveWindow

gdi32

DeleteObject
ExtCreateRegion
CombineRgn
CreateSolidBrush
BitBlt
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
DeleteDC

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA
RegQueryValueExW

ole32

OleInitialize
OleRun
OleUninitialize
CoCreateInstance

oleaut32

SysAllocStringByteLen
DispCallFunc
LoadTypeLi
LoadRegTypeLi
VarBstrCmp
SysAllocStringLen
SysStringLen
VariantClear
VariantChangeType
VariantCopy
VariantInit
SysStringByteLen
SysAllocString
SysFreeString
GetErrorInfo

atl71

ord11
ord10
ord42
ord61
ord23
ord31
ord45
ord64
ord44
ord43
ord65
ord66
ord32
ord58
ord54
ord30

shlwapi

PathFileExistsW

comctl32

InitCommonControlsEx

msvcp71

?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?width@ios_base@std@@QBEHXZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Nomemory@std@@YAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?eof@?$char_traits@_W@std@@SAGXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z

msvcr71

_purecall
??3@YAXPAX@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
free
??0exception@@QAE@ABV0@@Z
_CxxThrowException
tolower
_wtol
_except_handler3
malloc
??_V@YAXPAX@Z
_wcsicmp
wcslen
memmove
_vscwprintf
vswprintf
_mktime64
_localtime64
wcsncpy
wcscat
wcscpy
wcsrchr
_wtoi
time
swprintf
realloc
atoi
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
sprintf
rand
srand
strrchr
_ultoa
atol
memset
_callnewh
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_controlfp
_itoa

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

U&�SA�
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bfb71c44c5ab6866c22b81ea379ef14e

Headers

File Characteristics

Imports

wininet

ws2_32

version

iphlpapi

uactool

xlgraphic

kernel32

user32

gdi32

advapi32

ole32

oleaut32

atl71

shlwapi

comctl32

msvcp71

msvcr71

Sections

.text Size: 168KB - Virtual size: 165KB

.rdata Size: 48KB - Virtual size: 44KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 48KB - Virtual size: 47KB

U&�SA� Size: 84KB - Virtual size: 84KB

.text
Size: 168KB - Virtual size: 165KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 48KB - Virtual size: 47KB

U&�SA�
Size: 84KB - Virtual size: 84KB