ada4570c6958b66df1a957a2ea60f39b46e6dfbd106127ddb4b599b1b1a25f03

Sharing

Copy URL

Twitter E-mail

General

Target

ada4570c6958b66df1a957a2ea60f39b46e6dfbd106127ddb4b599b1b1a25f03
Size

776KB
MD5

509b4bbcd2ea6a619a7bdc9021f0ac7c
SHA1

11acb155c4b677ccc3e9af6d3f520575d10fba25
SHA256

ada4570c6958b66df1a957a2ea60f39b46e6dfbd106127ddb4b599b1b1a25f03
SHA512

3456d5882c1fbdfa1467843c624f55d48ba636dbe9ab5d5f25fdb3464680d8ec39194f23e67b9f65a775d2397411551c792fff6d9edaa5b17931396ccc0ea085
SSDEEP

24576:5R2iXwSct4udqQndteo735N1fWFMLMe5O:OqJAnrem1iMLMe5O

Score

N/A

Malware Config

Signatures

Files

ada4570c6958b66df1a957a2ea60f39b46e6dfbd106127ddb4b599b1b1a25f03
.exe windows x86

ef22c3a9873ed915c9d8ebcc4e35ceb6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

cppenv25

?SetResSrc@SString@@SAXPAUHINSTANCE__@@@Z
?ThrowStormErr@SStormException@@SAXJ@Z
??1SRichException@@UAE@XZ
?SEGetErrorString@@YA?AVSString@@AAVCException@@@Z
??0SRichException@@QAE@G@Z
??YSString@@QAEAAV0@ABV0@@Z
??YSString@@QAEAAV0@PBD@Z
?GetStormCode@SStormException@@QBEJXZ
?FromID@SString@@SA?AV1@GPAUHINSTANCE__@@@Z
??H@YA?AVSString@@ABV0@PBD@Z
?FromID@SString@@SA?AV1@G@Z
??0SString@@QAE@PBDI@Z
?classSRichException@SRichException@@2UCRuntimeClass@@B
?SetOperationID@SRichException@@QAEXG@Z
?SetRemedyID@SRichException@@QAEXG@Z
??1SBaseException@@UAE@XZ
??1SResStringException@@UAE@XZ
??0SString@@QAE@ABV0@@Z
??1SStormException@@UAE@XZ
?classSStormException@SStormException@@2UCRuntimeClass@@B
?GetErrorID@SResStringException@@QBEGXZ
?SetErrorID@SResStringException@@QAEXG@Z
?classSResStringException@SResStringException@@2UCRuntimeClass@@B
?GetRuntimeClass@SStormException@@UBEPAUCRuntimeClass@@XZ
?GetErrorMessage@SBaseException@@UAEHPADIPAI@Z
?GetErrorString@SRichException@@UBE?AVSString@@XZ
??4SString@@QAEAAV0@PBD@Z
?SetChar@SString@@QAEXID@Z
??9@YAHABVSString@@0@Z
?ThrowNIL@SStormException@@SAXPAX@Z
??0SString@@QAE@ABVCString@@@Z
??H@YA?AVSString@@ABV0@0@Z
??_7SString@@6B@
??ASString@@QBEDH@Z
??8@YAHABVSString@@0@Z
??BSString@@QBEPBDXZ
?GetLength@SString@@QBEIXZ
?GetCString@SString@@QAEAAVCString@@XZ
??9@YAHABVSString@@PBD@Z
??0SString@@QAE@XZ
??1SString@@UAE@XZ
?ThrowWin32Err@SWin32Exception@@SAXK@Z
?Replace@SString@@QAEXABV1@0@Z
??0SString@@QAE@PBD@Z
??0SStormException@@QAE@J@Z
?SEGetStormCode@@YAJAAVCException@@@Z
?SetTargetName@SRichException@@QAEXABVSString@@@Z
??0Storm2IDMap@@QAE@IPAUStorm2ID@@@Z
??0Storm2StormMap@@QAE@IPAUStorm2Storm@@@Z
??ASString@@QBEDI@Z
??8@YAHABVSString@@PBD@Z
??0SString@@QAE@DI@Z
??H@YA?AVSString@@ABV0@D@Z
??YSString@@QAEAAV0@D@Z
??0SString@@QAE@ABV0@I@Z

ezimg25

??0SImageDef@@QAE@I@Z
??4SRGBTable@@QAEAAV0@ABV0@@Z
?IsEmpty@CSelection@@QAEFXZ
LoadImageFromFile
ScreenRes
GetSaveOptions
GetImageWriteFilterSpec
?SetNumEntries@SRGBTable@@QAEXI@Z
??ASRGBTable@@QAEAAURGBValue@@I@Z
EzSetPageDirty
EzUnlockPage
EzLockPage
EzFreePage
EzAllocatePage
AddToVertices
DisposeVertices
InitVertices
ProcessPrintPP
SetWidth
SetPlaneBuffers
ConstructPrintPP
InitializePrintPP
TransInitIdentity
?Activate@BrandingDeviceMenu@@QAEXABV?$RectOf@J@@@Z
??0BrandingDeviceMenu@@QAE@ABVBrandingDeviceClient@@AAVCWnd@@IIII@Z
?DoBDevCmd@BrandingDeviceMenu@@QAEXI@Z
?FileExists@@YAHPAD@Z
EzImgIdle
??1SFilterManager@@QAE@XZ
TermEzImg
InitEzImg
?SetDefaultRes@SAbstractEasyImage@@SAXJJ@Z
?CreateIvoryPalette@@YAXPAUHDC__@@AAVSRGBTable@@PAPAUHPALETTE__@@@Z
??0SFilterManager@@QAE@PAUHINSTANCE__@@@Z
?AddIvoryFilters@SFilterManager@@QAEXXZ
SetAppCallbacks
??0SRGBTable@@QAE@I@Z
SaveImageToStream
??0TranslatorParams@@QAE@XZ
LoadImageFromStream
?NewImage@SAbstractEasyImage@@SAPAV1@ABVSImageDef@@JJ@Z
TransInvert
TransApply
TransMult
?SelPtInSelection@CSelection@@QAEFPAU_PointS32@@@Z
?IsRect@CSelection@@QAEFXZ
?GetEntries@SRGBTable@@QBEXIIPAUtagRGBQUAD@@@Z
TransGetYScale
TransGetXScale
TransInitScale
TransSetScale
?GetBBox@CSelection@@QAEXPAU_RectS32@@@Z
PaletteFromCTable
??0SRGBTable@@QAE@ABV0@@Z
GetFileExtensions
ReadFromImportPlugin
?GetFreeDiskSpaceFromDriveNumber@@YAHHPAK@Z
?GetDriveTypeFromDriveNumber@@YAIH@Z
TransInitDisp
?CreatePluginPopupMenu@CPlugInMgr@@QAEPAVCMenu@@I@Z
?ArePlugins@CPlugInMgr@@QAEHXZ
GetPlugInManager
?ShowAboutPlugin@CPlugInMgr@@QAEXI@Z
??1SRGBTable@@QAE@XZ
?NewImage@SAbstractLouvreImage@@SAPAV1@ABVSImageDef@@@Z
?Init@SImgStorage@@QAEDW4ImageFormat@@JJPAX@Z
FillAbsImageFromBuffer
CanReadImage
??0SImgStorage@@QAE@H@Z
?HashBytes@@YAXPAKPAEK@Z
??1BrandingDeviceClient@@UAE@XZ
MetaFileToDIB
TimeConsumingToRead
?GetNumEntries@SRGBTable@@QBEIXZ
DestructPrintPP
WriteImageToGlobalDIB
?SetAbortProgress@SFilter@@QAEXP6ADJ@ZP6AXJJJ@ZJ@Z
GetFileTranslatorDescription
?FilterImage@SFilter@@QAEXPAVSAbstractImage@@0PAV?$RectOf@J@@AAJ@Z
??1SFilter@@QAE@XZ
?GetFilter@SFilterManager@@QAEPAVSFilter@@F@Z
GetImportPluginCount
GetImportPluginNames

mfc42

ord1746
ord472
ord4275
ord3721
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5577
ord3172
ord5653
ord2399
ord4387
ord3454
ord3198
ord4623
ord4426
ord715
ord652
ord415
ord338
ord4823
ord6175
ord537
ord283
ord323
ord3495
ord4420
ord4083
ord2970
ord2652
ord1669
ord2414
ord470
ord1081
ord1271
ord5981
ord2817
ord5856
ord535
ord924
ord926
ord4277
ord5683
ord6329
ord941
ord4129
ord5710
ord5605
ord5651
ord3521
ord3522
ord859
ord4220
ord2584
ord4858
ord4203
ord2455
ord2438
ord4202
ord5572
ord3499
ord2614
ord2764
ord2740
ord2801
ord2558
ord5495
ord4464
ord4021
ord2504
ord5903
ord5510
ord6223
ord3654
ord2379
ord1085
ord3216
ord1099
ord1269
ord1574
ord1129
ord1799
ord4989
ord4931
ord4936
ord3272
ord3353
ord4622
ord729
ord1206
ord430
ord1223
ord2809
ord2450
ord5865
ord705
ord406
ord2556
ord6194
ord786
ord603
ord1706
ord2461
ord1969
ord273
ord519
ord2386
ord4724
ord2486
ord4003
ord2723
ord2390
ord3059
ord5100
ord4303
ord3350
ord5012
ord975
ord5472
ord1644
ord1652
ord2878
ord4077
ord5282
ord2649
ord1665
ord4436
ord5252
ord4427
ord2623
ord620
ord2863
ord4151
ord4467
ord4299
ord6199
ord6378
ord6197
ord6380
ord5054
ord5871
ord5883
ord4147
ord2120
ord4457
ord2884
ord4413
ord940
ord1001
ord4224
ord818
ord1146
ord755
ord2864
ord3571
ord429
ord3403
ord1233
ord2859
ord3874
ord2152
ord2116
ord2919
ord3402
ord5620
ord5641
ord996
ord3706
ord5781
ord4695
ord2003
ord5730
ord3948
ord2184
ord3107
ord4161
ord6451
ord3605
ord4214
ord1111
ord5609
ord2763
ord1920
ord4262
ord4589
ord4588
ord4899
ord4370
ord4892
ord4341
ord4349
ord4889
ord4531
ord4545
ord4963
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord736
ord784
ord439
ord517
ord4723
ord6131
ord6216
ord6128
ord3752
ord3755
ord2747
ord613
ord289
ord5766
ord5037
ord6270
ord3258
ord614
ord290
ord4226
ord446
ord743
ord3237
ord1601
ord5265
ord4376
ord4998
ord6052
ord1775
ord5280
ord4425
ord2645
ord4853
ord2575
ord4396
ord3574
ord609
ord2302
ord4635
ord4607
ord4716
ord5016
ord4375
ord4834
ord2574
ord2879
ord1641
ord4852
ord3072
ord1660
ord3803
ord2642
ord5601
ord5953
ord6217
ord4148
ord6241
ord3092
ord801
ord6143
ord541
ord3610
ord656
ord2860
ord1834
ord4229
ord355
ord641
ord2515
ord3177
ord4750
ord5919
ord3317
ord4710
ord1816
ord4234
ord324
ord2514
ord3797
ord4442
ord4674
ord3873
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord5861
ord2086
ord5802
ord3021
ord1945
ord3174
ord4042
ord3448
ord1664
ord5875
ord6442
ord2405
ord1894
ord4254
ord3187
ord4950
ord2437
ord2171
ord5020
ord4517
ord4640
ord4916
ord4494
ord5021
ord3106
ord4605
ord5000
ord5501
ord4628
ord4657
ord2991
ord3417
ord5025
ord3514
ord6344
ord5627
ord1003
ord3449
ord3787
ord3250
ord4697
ord3060
ord3066
ord5244
ord5654
ord4860
ord2402
ord6081
ord3261
ord4430
ord5826
ord748
ord456
ord4825
ord1747
ord4423
ord3116
ord4621
ord4491
ord2505
ord2074
ord4448
ord4671
ord5103
ord796
ord1126
ord529
ord6069
ord6000
ord2117
ord800
ord5738
ord5743
ord3197
ord4956
ord4323
ord4320
ord1944
ord4826
ord4861
ord4957
ord4015
ord599
ord2727
ord1243
ord2730
ord2729
ord5664
ord4960
ord4022
ord5076
ord2535
ord3074
ord3111
ord3506
ord3078
ord5655
ord1768
ord3361
ord3597
ord763
ord1175
ord1147
ord326
ord483
ord3573
ord5787
ord4023
ord3076
ord3075
ord4692
ord5146
ord538
ord4450
ord4685
ord4681
ord1886
ord4251
ord4946
ord3254
ord2441
ord1695
ord5656
ord4469
ord5476
ord4154
ord5237
ord5285
ord747
ord739
ord450
ord442
ord2104
ord4460
ord6064
ord4995
ord5805
ord5791
ord5006
ord1234
ord1842
ord4242
ord3619
ord674
ord366
ord4981
ord4337
ord4793
ord1176
ord6458
ord5053
ord816
ord562
ord5789
ord6172
ord4451
ord4274
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord5714
ord3738
ord815
ord459
ord561
ord5503
ord2635
ord6354
ord6352
ord5500
ord2036
ord986
ord1205
ord2092
ord5484
ord5716
ord5717
ord4204
ord2725
ord5289
ord4357
ord1202
ord1218
ord665
ord1979
ord6385
ord5442

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p__acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
malloc
isdigit
fopen
fwrite
fclose
_snprintf
strstr
_CIacos
_mbsupr
_mbstok
atol
memmove
_getdrive
_chdrive
_mbsrchr
isalnum
ctime
_mkdir
_controlfp
strncmp
free
_strdup
sprintf
time
srand
rand
atoi
_mbschr
_mbsninc
_mbsnccnt
_mbsnicmp
strchr
strncpy
sscanf
_chmod
_mbsicmp
_stat
_mbstrlen
_ftol
floor
remove
_errno
_unlink
rename
_purecall
toupper
_access
_CxxThrowException
_mbscmp
_itoa
_strnicmp
_ltoa
_stricmp
_setmbcp
_mbslwr
__CxxFrameHandler

kernel32

WritePrivateProfileStringA
lstrcpyA
lstrcmpA
lstrcatA
GetVersion
GetWindowsDirectoryA
GetShortPathNameA
GlobalUnlock
GlobalLock
GlobalFree
CloseHandle
CreateFileA
GlobalAlloc
lstrlenW
lstrcpynA
GlobalSize
FindClose
FindNextFileA
IsDBCSLeadByte
GetModuleFileNameA
FreeLibrary
FindFirstFileA
_lclose
_lread
LoadLibraryExA
GetVolumeInformationA
GetLogicalDrives
_lopen
LoadLibraryA
GetCurrentThreadId
MulDiv
SetHandleCount
WriteProfileStringA
GetVersionExA
GetPrivateProfileStringA
GetTempPathA
GetProfileStringA
FindResourceA
MapViewOfFile
GetTickCount
CreateFileMappingA
UnmapViewOfFile
GetLastError
lstrcmpiA
LocalFree
GlobalMemoryStatus
LockResource
LoadResource
LocalAlloc
GetProcAddress
GlobalHandle
GetPrivateProfileIntA
GetTempFileNameA
GetFileAttributesA
OpenFile
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileSize
MoveFileA
SetFilePointer
FileTimeToDosDateTime
SetEndOfFile
WriteFile
ReadFile
GetModuleHandleA
SetFileAttributesA
GetStartupInfoA
SetErrorMode
lstrlenA

user32

BringWindowToTop
LoadStringA
IsRectEmpty
SystemParametersInfoA
CreatePopupMenu
IsIconic
PtInRect
InsertMenuA
IsWindowEnabled
GetForegroundWindow
GetMessagePos
SetRectEmpty
GetCapture
GetSubMenu
GetMenu
DeleteMenu
SetTimer
IsWindowVisible
ModifyMenuA
PostMessageA
LoadIconA
DrawIcon
GetParent
LoadBitmapA
InvalidateRect
ValidateRect
GetKeyState
ReleaseDC
GetDC
SetCapture
CopyRect
ReleaseCapture
SetRect
ShowScrollBar
EnableScrollBar
UpdateWindow
IntersectRect
OffsetRect
GetAsyncKeyState
EqualRect
MapWindowPoints
ClientToScreen
ScreenToClient
GetFocus
MapDialogRect
GetDlgItem
GetWindowLongA
SetWindowLongA
SetActiveWindow
SetCursor
LoadCursorA
KillTimer
GetSystemMetrics
GetWindowRect
LoadAcceleratorsA
PeekMessageA
InflateRect
GetSysColor
CharLowerA
GetDesktopWindow
FrameRect
GetCursorPos
UnionRect
InvertRect
EnumThreadWindows
MessageBeep
IsZoomed
DrawFrameControl
DrawIconEx
GetClassLongA
DeferWindowPos
RegisterWindowMessageA
RegisterClipboardFormatA
SetFocus
WinHelpA
GetWindow
EndDeferWindowPos
BeginDeferWindowPos
DispatchMessageA
TranslateMessage
MessageBoxA
GetMenuItemCount
DestroyWindow
DrawTextA
SetWindowTextA
CreateDialogParamA
MoveWindow
IsDialogMessageA
ShowWindow
CreateWindowExA
SetWindowPos
GetMenuStringA
WindowFromPoint
GetMessageA
CharNextA
RegisterClassA
DefWindowProcA
EndPaint
BeginPaint
UnregisterClassA
SendMessageA
EnableWindow
GetClientRect
FillRect
RedrawWindow
wsprintfA
GetActiveWindow
AppendMenuA
GetSystemMenu
TranslateAcceleratorA

gdi32

SelectObject
BitBlt
CreateCompatibleDC
CreateDCA
DeleteMetaFile
CloseMetaFile
DeleteDC
CreateMetaFileA
GetDeviceCaps
CreateRectRgnIndirect
GetViewportOrgEx
GetObjectA
CreateCompatibleBitmap
DeleteObject
CreateFontIndirectA
DPtoLP
EndDoc
EndPage
StartPage
StartDocA
SetAbortProc
LPtoDP
CreatePatternBrush
CreateBitmap
StretchBlt
CreateRectRgn
RealizePalette
CombineRgn
RectInRegion
PatBlt
CreateFontA
CreateICA
CreatePalette
StretchDIBits
GetStockObject
SetBkColor
CreateSolidBrush
AddFontResourceA
RemoveFontResourceA
GetPixel
Rectangle
RoundRect
GetClipBox
Escape
TextOutA
CreatePen
SetTextColor
GetTextColor
GetBkColor
ExtTextOutA
SelectPalette
RectVisible
Polygon
GetTextExtentPointA

comdlg32

GetFileTitleA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

DragQueryFileA
DragFinish

ole32

CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoCreateInstance
WriteClassStg
OleSetClipboard
CLSIDFromProgID
ReleaseStgMedium
OleCreateFromData

Sections

.text
Size: 532KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef22c3a9873ed915c9d8ebcc4e35ceb6

Headers

File Characteristics

Imports

version

cppenv25

ezimg25

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 532KB - Virtual size: 532KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 25KB - Virtual size: 27KB

.idata Size: 19KB - Virtual size: 18KB

.rsrc Size: 2KB - Virtual size: 1KB

.rmnet Size: 57KB - Virtual size: 60KB

.text
Size: 532KB - Virtual size: 532KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 25KB - Virtual size: 27KB

.idata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 2KB - Virtual size: 1KB

.rmnet
Size: 57KB - Virtual size: 60KB