52f8ca6c4a627a55063fa69f9275e31a953175430801c23e1344895ff149dc1b

Sharing

Copy URL

Twitter E-mail

General

Target

52f8ca6c4a627a55063fa69f9275e31a953175430801c23e1344895ff149dc1b
Size

829KB
MD5

416a550c838890175c2a6f92608141c0
SHA1

363cf323556af224e42f9da10fa02f9165bcea6e
SHA256

52f8ca6c4a627a55063fa69f9275e31a953175430801c23e1344895ff149dc1b
SHA512

0d29fb9cebe9697f113018c735a12527ae26ef27eded7ff3c3034444cd9c8f30777ba720bcbc4b10ffb4dd8b33282f5f3f29cefb77266aef5c68167bdc99666f
SSDEEP

24576:v4XE5QBiHIeHnZI0kdWre3MQO+xjOlNJJVvu:AXEvIe5BkuJI

Score

N/A

Malware Config

Signatures

Files

52f8ca6c4a627a55063fa69f9275e31a953175430801c23e1344895ff149dc1b
.exe windows x86

cd956e9039e11068775fa28853684330

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
lstrlenW
GetProcAddress
FreeLibrary
LoadLibraryExW
GetFileAttributesW
CloseHandle
CreateFileW
GetFileSize
CopyFileW
MoveFileExW
GetTempFileNameW
SetFileAttributesW
FindNextFileW
FindFirstFileW
GetPrivateProfileSectionW
FindClose
Sleep
MultiByteToWideChar
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
FindFirstFileA
GetCurrentProcess
LoadLibraryA
LoadLibraryW
GetVersionExA
LocalFree
LocalAlloc
lstrlenA
FormatMessageA
ReadFile
CreateFileA
GetTickCount
QueryPerformanceCounter
GetLocalTime
GetProcessTimes
GetThreadTimes
GetCurrentThread
GlobalMemoryStatus
GetProcessWorkingSetSize
GetModuleHandleA
GetCurrentThreadId
GetCurrentProcessId
GetStartupInfoA
DeviceIoControl
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetSystemTimeAsFileTime
GetStartupInfoW
ExitProcess
GetModuleHandleW
SetUnhandledExceptionFilter
lstrcpyW
lstrcatW
GetThreadContext
OpenProcess
TerminateProcess
GetSystemInfo
VirtualFree
GetShortPathNameW
GetLongPathNameW
GetSystemDirectoryW
OpenMutexW
CreateEventW
ResetEvent
SetEvent
WaitForMultipleObjectsEx
WaitForMultipleObjects
OutputDebugStringW
GetModuleFileNameW
WriteFile
SetFilePointer
TerminateThread
CreateThread
ExitThread
EnterCriticalSection
FormatMessageW
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ResumeThread

user32

CharNextA
CharPrevA
wsprintfW
GetMessageA
IsWindowUnicode
DispatchMessageA
TranslateMessage
GetMessageW
PeekMessageW
MsgWaitForMultipleObjectsEx
wsprintfA
GetActiveWindow
GetMessageTime
GetQueueStatus
GetCursorPos
GetCaretPos
GetMessagePos
GetOpenClipboardWindow
GetFocus
GetClipboardViewer
GetClipboardOwner
GetCapture
DispatchMessageW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CLSIDFromProgID
CoInitializeEx
OleRun
CoUninitialize

oleaut32

SafeArrayPutElement
GetErrorInfo
VariantChangeType
VariantClear
VariantInit
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
SysAllocString
SafeArrayUnlock
SafeArrayCreate

shlwapi

PathAddBackslashW
PathRemoveBackslashW
PathAppendW

msvcp71

?id@?$ctype@G@std@@2V0locale@2@A
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?clear@ios_base@std@@QAEXH_N@Z
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?eof@?$char_traits@G@std@@SAGXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?str@?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@H@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?widen@?$ctype@G@std@@QBEGD@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?_Nomemory@std@@YAXXZ
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z

msvcr71

??1exception@@UAE@XZ
??0exception@@QAE@XZ
wcscat
??_V@YAXPAX@Z
wcslen
wcsncmp
_wcsnicmp
_wcslwr
wcstol
iswdigit
wcschr
iswspace
wcscmp
wcsrchr
wcsspn
wcscspn
_vscwprintf
vswprintf
_errno
_purecall
wcsncpy
_wtoi
wcscpy
_except_handler3
mbstowcs
wcstoul
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
wcstombs
__mb_cur_max
isspace
mblen
strncmp
realloc
time
memset
_callnewh
_endthreadex
_beginthreadex
_wsplitpath
swscanf
_wcsicmp
?_set_new_mode@@YAHH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_set_purecall_handler
_set_security_error_handler
__security_error_handler
_resetstkoflw
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_stricmp
_strnicmp
_lseek
_open
_eof
_read
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
memmove
malloc
_mbsrchr
free
__CxxFrameHandler
??3@YAXPAX@Z
sprintf
_CxxThrowException
strncpy
_close
_stat

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

userenv

UnloadUserProfile

Exports

Exports

IsdGetCapability
IsdGetRandomNumber
IsdGetStatistic
IsdTestRandomGenerator

Sections

.text
Size: 556KB - Virtual size: 555KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cd956e9039e11068775fa28853684330

Headers

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

version

userenv

Exports

Exports

Sections

.text Size: 556KB - Virtual size: 555KB

.rdata Size: 152KB - Virtual size: 148KB

.data Size: 32KB - Virtual size: 32KB

.data1 Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1KB

.rrdata Size: 72KB - Virtual size: 72KB

.text
Size: 556KB - Virtual size: 555KB

.rdata
Size: 152KB - Virtual size: 148KB

.data
Size: 32KB - Virtual size: 32KB

.data1
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1KB

.rrdata
Size: 72KB - Virtual size: 72KB