a0d1f8391b270a6590fea88266c5e025833fcf223a291d79b572070f3754d782

Sharing

Copy URL Twitter E-mail

General

Target

a0d1f8391b270a6590fea88266c5e025833fcf223a291d79b572070f3754d782
Size

859KB
MD5

4aa657c365a7d730fe1e75a8eab6b8b0
SHA1

72cfb9a7b38392bf1ac2541c12cf225c3d3f9b77
SHA256

a0d1f8391b270a6590fea88266c5e025833fcf223a291d79b572070f3754d782
SHA512

16ce6f83e05b48fe44705d3cfe9fbfb5af90bade8cd62d638c33f0265e62d98a907d35803fd7b85ab8f241d8e17816f61fbe0b6705da70a86d1bf7bdb142f05d
SSDEEP

24576:x8TbrcT+PeAkB51FwQGoy0dTUzHKuE77YtF:xArckRk9FwQdy0dTmHMw

Score

N/A

Malware Config

Signatures

Files

a0d1f8391b270a6590fea88266c5e025833fcf223a291d79b572070f3754d782
.exe windows x86

78861d422db45655599cc348c5f25c14

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
HeapDestroy
LeaveCriticalSection
RaiseException
GetLastError
HeapSize
EnterCriticalSection
DecodePointer
DeleteCriticalSection
GlobalAddAtomW
InterlockedIncrement
InterlockedDecrement
GlobalLock
GlobalAlloc
MulDiv
GlobalUnlock
FlushInstructionCache
GetCurrentThreadId
WinExec
GetCurrentProcessId
SearchPathW
SetEvent
TerminateThread
CreateEventW
SetFilePointer
lstrlenA
SetEndOfFile
WriteFile
lstrcpyA
GetDriveTypeW
OutputDebugStringW
IsBadReadPtr
GetSystemDirectoryW
SetProcessWorkingSetSize
lstrcmpiW
DuplicateHandle
ResumeThread
CreateFileW
GlobalDeleteAtom
DeviceIoControl
IsBadStringPtrW
TlsGetValue
QueryPerformanceCounter
GetModuleHandleExW
InitializeCriticalSection
GetProcessTimes
TlsSetValue
TlsAlloc
TlsFree
OutputDebugStringA
lstrcpynW
HeapReAlloc
FindResourceW
ReadFile
GetFileSizeEx
CreateDirectoryA
GetSystemInfo
GetFileAttributesExW
SetFileAttributesW
SetUnhandledExceptionFilter
FlushFileBuffers
ReleaseMutex
GetExitCodeThread
ExitProcess
GetFileSize
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WaitForMultipleObjects
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
DosDateTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
GetSystemPowerStatus
IsBadWritePtr
LoadLibraryExW
WaitForMultipleObjectsEx
CopyFileW
SetThreadPriority
ReleaseSemaphore
CreateSemaphoreW
MoveFileW
GetUserDefaultUILanguage
EndUpdateResourceW
MoveFileExW
BeginUpdateResourceW
RemoveDirectoryW
UpdateResourceW
VirtualFree
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
SetLastError
GetProcAddress
GetTempPathW
MultiByteToWideChar
TerminateProcess
SizeofResource
LoadLibraryW
WideCharToMultiByte
OpenProcess
CreateDirectoryW
GetCurrentProcess
CreateProcessW
LoadResource
FreeLibrary
FreeResource
FindResourceA
lstrlenW
GetModuleHandleW
DeleteFileW
GetLocalTime
GetPrivateProfileIntW
GetTickCount
CreateThread
CloseHandle
Sleep
WaitForSingleObject
ExpandEnvironmentStringsW
lstrcpyW
LocalFree
GetWindowsDirectoryW
FindNextFileW
lstrcatW
FindClose
WritePrivateProfileStringW
lstrcmpW
GetModuleFileNameW
GetFileAttributesW
GetVersionExW
GetPrivateProfileStringW
FindFirstFileW
GetCommandLineW

user32

BeginPaint
SetFocus
CreateAcceleratorTableW
GetClientRect
LoadCursorW
InvalidateRgn
GetParent
GetFocus
SetCapture
IsChild
FillRect
RegisterWindowMessageW
CharNextW
ScreenToClient
DestroyAcceleratorTable
GetWindowTextLengthW
ClientToScreen
EndPaint
DestroyIcon
AllowSetForegroundWindow
GetClassInfoExW
DisableProcessWindowsGhosting
ReplyMessage
SetForegroundWindow
GetDC
IsIconic
PostQuitMessage
GetWindowRect
CopyIcon
MessageBeep
SetCursor
UpdateWindow
MapWindowPoints
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
TrackMouseEvent
DialogBoxIndirectParamW
IsZoomed
UpdateLayeredWindow
PtInRect
ScrollWindowEx
ShowScrollBar
EnableScrollBar
SetScrollPos
SetScrollRange
GetLastInputInfo
DrawTextW
PeekMessageW
GetForegroundWindow
AttachThreadInput
PostThreadMessageW
SetLayeredWindowAttributes
LockWorkStation
RegisterClassExW
InvalidateRect
GetWindowTextW
ReleaseDC
IsWindowVisible
MessageBoxW
GetClassNameW
FindWindowW
WindowFromPoint
UnregisterClassW
DefWindowProcW
GetPropW
CreateWindowExW
SetWindowPos
SetWindowLongW
SetPropW
RemovePropW
ShowWindow
EndDialog
GetDlgItem
SystemParametersInfoW
PostMessageW
SetWindowRgn
DestroyWindow
MoveWindow
GetWindow
DispatchMessageW
GetWindowLongW
TranslateMessage
KillTimer
GetMessageW
SetTimer
GetDesktopWindow
IsWindow
CallWindowProcW
SetWindowTextW
GetShellWindow
GetWindowThreadProcessId
SendMessageW
GetSystemMetrics
ReleaseCapture
FindWindowExW
SendMessageTimeoutW
GetCursorPos
GetSysColor
BroadcastSystemMessageW
RedrawWindow
LoadImageW

gdi32

SetTextColor
CreateDIBSection
SetBkColor
SetBkMode
GetObjectType
CreateFontW
GdiAlphaBlend
BitBlt
GetDeviceCaps
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush
DeleteObject
CreateRoundRectRgn
DeleteDC

advapi32

QueryServiceStatus
StartServiceW
RegOpenKeyW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyW
RegCreateKeyExW
ControlService

shell32

SHGetDesktopFolder
ord190
SHGetFolderPathA
SHChangeNotify
SHBrowseForFolderW
ShellExecuteW
ShellExecuteExW
SHAppBarMessage
ord680
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHCreateDirectoryExW
Shell_NotifyIconW
SHGetSpecialFolderPathW
CommandLineToArgvW
SHGetFolderPathW
ord68
SHFileOperationW

ole32

CreateStreamOnHGlobal
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
OleUninitialize
OleInitialize
StringFromGUID2
CoSetProxyBlanket
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoCreateInstance

oleaut32

VarUI4FromStr
VariantChangeType
DispCallFunc
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantInit
SysAllocString
SysFreeString
LoadTypeLi
VariantClear
SysStringLen

ws2_32

recv
gethostbyname
htons
bind
closesocket
send
accept
listen
WSAStartup
inet_addr
connect
socket

msvcp120

?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?uncaught_exception@std@@YA_NXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_BADOFF@std@@3_JB
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z

shlwapi

SHSetValueW
wnsprintfA
SHGetValueW
wnsprintfW
PathStripToRootW
StrToIntA
PathAppendA
StrCmpNIA
StrStrIW
PathIsRootA
PathIsRootW
StrCmpNIW
StrToIntExW
StrCmpW
PathUnExpandEnvStringsW
StrNCatW
StrStrIA
StrCmpIW
PathFileExistsW
PathAppendW
StrToIntW
StrCpyNW

dbghelp

MakeSureDirectoryPathExists

msvcr120

wcstoul
memcpy
_CxxThrowException
memset
_unlink
_memicmp
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
__CxxFrameHandler3
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_wfopen
wcsncpy_s
iswspace
exit
atol
sscanf_s
strpbrk
sprintf_s
sscanf
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
fseek
ferror
_ftelli64
_waccess
_vsnwprintf
fread
fopen
printf
fopen_s
_endthreadex
realloc
strncpy
_vswprintf_c_l
_getdrives
_vscwprintf
isdigit
sprintf
fclose
fwrite
memcpy_s
_lock_file
setvbuf
_recalloc
fsetpos
fgetc
fflush
_fseeki64
fgetpos
ungetc
_unlock_file
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
fputc
??_V@YAXPAX@Z
wcstok_s
_wtoi
_wcsicmp
swprintf_s
strncpy_s
_itow_s
strcpy_s
wcsstr
vsprintf_s
atoi
strchr
strstr
_except1
_stricmp
wcschr
wcscpy_s
wcscat_s
vswprintf_s
_time64
srand
rand
_beginthreadex
malloc
free
_snwprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
memmove

ztzjui

ord1

iphlpapi

GetAdaptersInfo

mdeskms

curl_easy_init
curl_easy_getinfo
curl_easy_cleanup
curl_easy_perform
curl_easy_setopt

gdiplus

GdipLoadImageFromFile
GdipImageGetFrameDimensionsList
GdipGetPropertyItem
GdipAlloc
GdipDisposeImage
GdipGetPropertyItemSize
GdipImageGetFrameDimensionsCount
GdipCloneImage
GdipImageGetFrameCount
GdipDrawImageRectRectI
GdipFree
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipCreateFromHDC
GdipImageSelectActiveFrame
GdipGraphicsClear
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageEncoders
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromScan0
GdipGetImageWidth
GdipGetImageEncodersSize

winmm

timeGetTime
timeKillEvent
timeSetEvent

imm32

ImmGetContext
ImmReleaseContext

winhttp

WinHttpQueryDataAvailable
WinHttpOpen
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpCloseHandle
WinHttpConnect
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryHeaders

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

DeleteUrlCacheEntryW

urlmon

URLDownloadToFileW

Sections

.text
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

bqcpbhs
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

78861d422db45655599cc348c5f25c14

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

msvcp120

shlwapi

dbghelp

msvcr120

ztzjui

iphlpapi

mdeskms

gdiplus

winmm

imm32

winhttp

version

wininet

urlmon

Sections

.text Size: 546KB - Virtual size: 546KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 11KB - Virtual size: 48KB

.rsrc Size: 114KB - Virtual size: 114KB

.reloc Size: 63KB - Virtual size: 64KB

bqcpbhs Size: - Virtual size: 4KB

.text
Size: 546KB - Virtual size: 546KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 11KB - Virtual size: 48KB

.rsrc
Size: 114KB - Virtual size: 114KB

.reloc
Size: 63KB - Virtual size: 64KB

bqcpbhs
Size: - Virtual size: 4KB