a4cf65f5a18e4a3fa6ab89039dbb0bf7e6c91d83231c62e3169a8256f908020d

Sharing

Copy URL Twitter E-mail

General

Target

a4cf65f5a18e4a3fa6ab89039dbb0bf7e6c91d83231c62e3169a8256f908020d
Size

592KB
MD5

96a71844523604305f70697f68a17f10
SHA1

38b0f370323200792b75b8616a629995e5c94762
SHA256

a4cf65f5a18e4a3fa6ab89039dbb0bf7e6c91d83231c62e3169a8256f908020d
SHA512

09247cdaec01e3d91bcf30d0d358b4e2d5f237397f18a2aaf3bc11ea70ffb7c1cef0b79b7c7a671d3eeb696ce5e8302af05363f1d58712545ad77cfafa3f8379
SSDEEP

12288:1szyFvsoZ2Lxws1b+7gcNkGmAQ1tkYIvQcX+EDqOlDvvn2:KyFoz+7RNhZnYIvQcOEmOlT/

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

a4cf65f5a18e4a3fa6ab89039dbb0bf7e6c91d83231c62e3169a8256f908020d
.exe windows x86

55223bfb24d0ddccf707d3ff5a2c90ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xlbughandler

_XL_InitBugHandler@20
_XL_SetAlwaysSendReport@4
_XL_EnableReportAutoRestartApp@8
_XL_SetReportShowMode@4
_XL_SetBugReportRootDir@4

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

VirtualAllocEx
VirtualFreeEx
HeapFree
GetProcessHeap
GetTickCount
HeapAlloc
FlushInstructionCache
GetCurrentThread
Sleep
InterlockedCompareExchange
ReadFile
CreateFileW
CopyFileW
TerminateThread
WaitForSingleObject
GetCurrentProcessId
CreateProcessW
SetEvent
CreateThread
ResetEvent
CreateEventW
GetProcessId
FreeLibrary
GetLastError
GetModuleHandleW
lstrcpyW
lstrlenW
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
InterlockedDecrement
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
VirtualFree
GetModuleHandleA
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LoadResource
VirtualProtect
ResumeThread
GetThreadContext
SetThreadContext
SuspendThread
IsBadCodePtr
CreateDirectoryW
lstrcatW
CreateMutexW
OpenMutexW
DuplicateHandle
ReleaseMutex
UnmapViewOfFile
OpenFileMappingA
OpenMutexA
MapViewOfFile
CreateFileMappingA
InterlockedIncrement
GetCurrentThreadId
LeaveCriticalSection
VirtualAlloc
GlobalFree
GlobalReAlloc
GlobalAlloc
OpenThread
CloseHandle
lstrlenA
WideCharToMultiByte
lstrcpyA
InitializeCriticalSectionAndSpinCount
ExpandEnvironmentStringsW
GetShortPathNameW
LocalFree
ReadProcessMemory
WriteProcessMemory
GetPrivateProfileStringW
lstrcmpW
GlobalLock
WriteFile
GlobalUnlock
SetFileAttributesW
DeleteFileW
GetFileAttributesW
GetSystemDirectoryA
GetLogicalDrives
GetDriveTypeW
GetDiskFreeSpaceW
FindResourceExW
LockResource
GetTempPathW
LoadLibraryW
GetProcAddress
FormatMessageW
SetLastError
lstrcpynW
lstrcmpiW
LoadLibraryExW
ExitProcess
FindResourceW
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SizeofResource
VirtualQuery
MultiByteToWideChar
RemoveDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
FindFirstFileW
FindNextFileW
FindClose
CreateMutexA

user32

FindWindowW
IsWindow
SetWindowLongW
GetWindowLongW
CallWindowProcW
GetWindowRect
SendMessageW
SetFocus
AttachThreadInput
GetFocus
DispatchMessageW
UnregisterClassW
GetDesktopWindow
GetDC
TranslateMessage
RegisterClassExW
PostThreadMessageW
LoadImageW
GetSystemMetrics
DestroyIcon
GetWindowDC
FillRect
CreateWindowExW
EqualRect
PtInRect
GetLastInputInfo
UnregisterClassA
GetMessageW
InvalidateRect
MessageBoxW
MapWindowPoints
CopyImage
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IsClipboardFormatAvailable
PrintWindow
wsprintfW
SetForegroundWindow
BringWindowToTop
GetLastActivePopup
SendInput
CharUpperBuffW
WindowFromPoint
GetCursorPos
ScreenToClient
GetAsyncKeyState
CallNextHookEx
UpdateWindow
SetWindowPos
GetParent
IsIconic
GetClassNameW
PostMessageW
PeekMessageW
DestroyWindow
DefWindowProcW
CharNextW
SystemParametersInfoW
ReleaseDC
GetWindowThreadProcessId
GetForegroundWindow
SetTimer
GetWindow
OffsetRect
UnhookWindowsHookEx
SetWindowsHookExW
IsWindowVisible
ShowWindow
IsChild
SendMessageTimeoutW
KillTimer
GetClientRect
MoveWindow
GetKeyState

gdi32

StretchBlt
CreateCompatibleBitmap
CreateSolidBrush
CreateCompatibleDC
SelectObject
SetDCPenColor
SetDCBrushColor
Rectangle
DeleteObject
DeleteDC
GetStockObject
GetObjectW
CreateFontIndirectW
EnumFontFamiliesExW
GetDeviceCaps
CreateDIBSection
CreateDCW
GetDIBits
RealizePalette
SelectPalette
CreateDIBitmap
BitBlt
SetViewportOrgEx
IntersectClipRect
GetCurrentObject
SetStretchBltMode

advapi32

RegEnumValueW
GetUserNameW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue

shell32

SHCreateDirectoryExW
SHCreateDirectoryExA
ord165
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteW
SHFileOperationW
CommandLineToArgvW
ord680
SHChangeNotify

ole32

PropVariantClear
CoUnmarshalInterface
CoCreateGuid
IIDFromString
CoRevokeClassObject
CoRegisterClassObject
CoMarshalInterface
CoInitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoUninitialize
CoCreateInstance
StringFromIID
CreateStreamOnHGlobal

oleaut32

OleLoadPicture
SysStringByteLen
VarBstrCmp
VariantCopy
SysAllocStringLen
SysAllocString
SysStringLen
LoadTypeLi
LoadRegTypeLi
VariantClear
VariantInit
SysFreeString
VarUI4FromStr
DispCallFunc
SysAllocStringByteLen

msvcp71

?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?eof@ios_base@std@@QBE_NXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AVconst_iterator@12@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AVconst_iterator@12@XZ
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?width@ios_base@std@@QAEHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?width@ios_base@std@@QBEHXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
?to_char_type@?$char_traits@_W@std@@SA_WABG@Z
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?eof@?$char_traits@_W@std@@SAGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?max_size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?to_int_type@?$char_traits@_W@std@@SAGAB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AViterator@12@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?clear@ios_base@std@@QAEXH_N@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Nomemory@std@@YAXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB

shlwapi

PathRemoveFileSpecW
PathAppendA
PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathRemoveExtensionA
PathRemoveFileSpecA
PathFileExistsW
SHDeleteKeyW
PathAppendW
PathCombineW

comctl32

InitCommonControlsEx

msvcr71

ftell
fseek
wcspbrk
wcstol
strlen
_wfopen
fread
memset
_except_handler3
free
??0exception@@QAE@ABV0@@Z
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
_CxxThrowException
??3@YAXPAX@Z
??_V@YAXPAX@Z
__CxxFrameHandler
_purecall
realloc
memmove
tolower
_wtol
_wtoi
memcpy
malloc
swprintf
swscanf
wcschr
wcslen
??1exception@@UAE@XZ
??0exception@@QAE@XZ
wcscpy
wcsrchr
wcscat
sprintf
wcscmp
_wcsicmp
wcsstr
_wcslwr
memcmp
strcpy
_wtof
_wtoi64
strcat
_vscwprintf
vswprintf
iswspace
_wcsupr
_vscprintf
vsprintf
_beginthreadex
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
fclose
_strupr
_mbsnextc
_stricmp
_strnicmp
_wcsnicmp
wcstombs

atl71

ord65
ord42
ord47
ord32
ord58
ord66
ord23
ord43
ord44
ord30
ord48
ord45
ord10
ord11
ord61
ord31

wininet

InternetCrackUrlW
InternetGetCookieExW
GetUrlCacheEntryInfoExW

urlmon

CoInternetCreateSecurityManager

winmm

midiOutSetVolume
waveOutGetVolume
waveOutSetVolume
midiOutGetVolume

Sections

.text
Size: 408KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

55223bfb24d0ddccf707d3ff5a2c90ac

Headers

File Characteristics

Imports

xlbughandler

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp71

shlwapi

comctl32

msvcr71

atl71

wininet

urlmon

winmm

Sections

.text Size: 408KB - Virtual size: 405KB

.rdata Size: 88KB - Virtual size: 85KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 28KB - Virtual size: 25KB

.UPX Size: 60KB - Virtual size: 60KB

.text
Size: 408KB - Virtual size: 405KB

.rdata
Size: 88KB - Virtual size: 85KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 28KB - Virtual size: 25KB

.UPX
Size: 60KB - Virtual size: 60KB