36286a141a9a81419cb1c73dffe185d14453985bb0f74ecb8501ab09a18ba228

Sharing

Copy URL Twitter E-mail

General

Target

36286a141a9a81419cb1c73dffe185d14453985bb0f74ecb8501ab09a18ba228
Size

1.5MB
MD5

74e20e925edd95863d15dbb4e146da50
SHA1

eda745ee1bb6494daefc4c7ee1a93e17e0e639fe
SHA256

36286a141a9a81419cb1c73dffe185d14453985bb0f74ecb8501ab09a18ba228
SHA512

3f754fb132ac0a9b745f6850371dc196c2d055682c8f7397f9fbe0c02f0057fce35498cfcd6d0049608f6ca8cec00217c0bc6dba3881ceb9e5ac44f3ec1234c5
SSDEEP

24576:OCwjh3j13RG6CgvMI/dt8zMC1Csa+EakmBalOTzfIm2AzmPPoMYYt:mp+I/e1CxqJgOT8HAzmP7YYt

Score

N/A

Malware Config

Signatures

Files

36286a141a9a81419cb1c73dffe185d14453985bb0f74ecb8501ab09a18ba228
.exe windows x86

8935cf762bbdf969d3545c1f5976c9a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libjpegdll

ord53
ord42
ord52
ord43
ord41
ord51
ord4
ord21
ord23
ord2
ord5
ord30
ord1
ord29
ord28
ord38
ord27
ord39
ord48
ord3

mfc90u

ord6411
ord3355
ord639
ord374
ord3794
ord2597
ord2360
ord4518
ord6614
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord1754
ord1751
ord4345
ord1493
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord5664
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord3140
ord3280
ord4910
ord3663
ord797
ord595
ord789
ord436
ord686
ord2283
ord1719
ord4660
ord3286
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3670
ord5573
ord3589
ord2447
ord2208
ord280
ord2537
ord296
ord1183
ord5567
ord1137
ord1098
ord4211
ord794
ord589
ord4043
ord4967
ord5572
ord811
ord3654
ord778
ord3488
ord2106
ord3543
ord1938
ord4000
ord5008
ord2356
ord1354
ord2100
ord6577
ord799
ord600
ord6065
ord6604
ord6476
ord1724
ord1688
ord2595
ord1088
ord1248
ord5387
ord1109
ord1272
ord5322
ord611
ord3768
ord2470
ord1063
ord2593
ord6579
ord2904
ord4442
ord286
ord341
ord617
ord801
ord5653
ord2901
ord4992
ord4682
ord1492
ord6408
ord3353
ord1675
ord1809
ord1810
ord5324
ord5632
ord4527
ord4774
ord4631
ord4127
ord6575
ord2971
ord3741
ord813
ord2069
ord524
ord744
ord367
ord636
ord1353
ord3486
ord6091
ord6527
ord1715
ord1782
ord3953
ord4044
ord2430
ord4528
ord265
ord266
ord3927
ord772
ord4351
ord3941
ord4398
ord5194
ord3457
ord1108
ord4652
ord1665
ord2274
ord3921
ord1714
ord767

msvcr90

_wtof
wcsspn
_wtoi64
localeconv
wcspbrk
_CxxThrowException
memset
__CxxFrameHandler3
floor
_initterm_e
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
__RTDynamicCast
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
modf
isleadbyte
_snwprintf_s
toupper
islower
_wstat64
ceil
_localtime64_s
strcpy_s
_strnicmp
_wtol
_wunlink
strncmp
_close
_wsopen_s
isalpha
_errno
_wmkdir
_beginthreadex
calloc
_time64
realloc
_vsnwprintf_s
_wcsicmp
wcsrchr
wcschr
wcsncpy_s
_mbsicmp
_mbscmp
_mbsnbcpy_s
wcscpy_s
_set_sbh_threshold
_get_heap_handle
setlocale
malloc
??0exception@std@@QAE@XZ
memmove_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
_invalid_parameter_noinfo
_wsplitpath_s
wcsstr
_wtoi
free
_wcsdup
_purecall
memcpy_s

kernel32

LoadLibraryA
VirtualAlloc
GetSystemTimeAsFileTime
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
lstrcpynW
LoadResource
LockResource
WideCharToMultiByte
GetProcAddress
GetModuleHandleW
LoadLibraryW
FormatMessageW
GetLogicalDrives
GetDriveTypeW
GetVolumeInformationW
CreatePipe
GetStdHandle
GlobalLock
GlobalUnlock
GlobalAlloc
HeapFree
GetProcessHeap
GetLastError
SetLastError
SetThreadExecutionState
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
lstrcmpW
lstrlenW
GetCurrentProcess
DuplicateHandle
GetACP
GetModuleFileNameW
MulDiv
OutputDebugStringW
GetDiskFreeSpaceW
DeviceIoControl
CreateFileA
GetVersion
GetDiskFreeSpaceExW
LoadLibraryExW
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
SetEndOfFile
SetFileTime
SetFilePointer
WriteFile
ReadFile
CreateFileW
GetFileSize
Sleep
GetExitCodeThread
ReleaseMutex
CreateMutexW
GetCurrentThreadId
SetEvent
PulseEvent
ResetEvent
CreateEventW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeProcess
WaitForSingleObject
DeleteFileW
SetFileAttributesW
GetFileAttributesW
CopyFileW
MoveFileWithProgressW
MoveFileW
MoveFileExW
FindNextFileW
FindClose
FindFirstFileW
SetErrorMode
CreateProcessW
CloseHandle
GetCurrentThread
SizeofResource

user32

EndDeferWindowPos
GetSysColor
GetDlgCtrlID
TranslateAcceleratorW
GetCapture
RegisterWindowMessageW
LoadImageW
CopyRect
AdjustWindowRectEx
IsRectEmpty
PostMessageW
SetTimer
GetActiveWindow
RedrawWindow
IsWindow
ReleaseCapture
BeginDeferWindowPos
IntersectRect
CharLowerW
wsprintfA
TranslateMessage
DispatchMessageW
SetRect
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
EmptyClipboard
SetClipboardData
GetClientRect
GetSystemMetrics
OffsetRect
GetParent
InvalidateRect
UpdateWindow
GetWindowRect
RegisterClassExW
CreateWindowExW
DeferWindowPos
SetWindowLongW
DefWindowProcW
UnregisterClassW
PostQuitMessage
RegisterDeviceNotificationW
UnregisterDeviceNotification
GetMessageW
LoadAcceleratorsW
EnableWindow
KillTimer
GetWindowLongW
SetWindowPos
DestroyWindow
MapWindowPoints
SetCursor
LoadCursorW
SetCapture
LoadBitmapW
PtInRect
FillRect
RemovePropW
SetPropW
GetLastActivePopup
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
ShowWindow
IsIconic
GetPropW
GetDesktopWindow
GetWindow
SystemParametersInfoW
GetMonitorInfoW
EnumDisplayMonitors
SendMessageW

gdi32

DeleteDC
ExtTextOutW
SetBkColor
BitBlt
StretchBlt
GetObjectW
DeleteObject
CreateDIBSection
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
CreateCompatibleDC

msimg32

GradientFill

advapi32

RegOpenCurrentUser
SetSecurityDescriptorDacl
CreateProcessAsUserW
DuplicateTokenEx
OpenThreadToken
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
InitializeSecurityDescriptor

shell32

SHGetFolderPathW
SHGetMalloc
SHFileOperationW
ord2
ord4
SHGetPathFromIDListW
SHGetFolderLocation
DragQueryFileW

comctl32

_TrackMouseEvent
ord17

shlwapi

PathIsDirectoryW
PathFindFileNameW
PathRemoveExtensionW

ole32

CoCreateInstance
CoInitializeEx
StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitialize

oleaut32

SysStringLen
VariantInit
SysStringByteLen
SysFreeString
SysAllocString
VariantClear

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

d3d9

Direct3DCreate9

winmm

mixerGetControlDetailsW
mixerSetControlDetails
mixerGetLineControlsW
mixerOpen
mixerGetDevCapsW
mixerClose
mixerGetLineInfoW

Sections

.text
Size: 371KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 460KB - Virtual size: 459KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8935cf762bbdf969d3545c1f5976c9a0

Headers

DLL Characteristics

File Characteristics

Imports

libjpegdll

mfc90u

msvcr90

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp90

version

d3d9

winmm

Sections

.text Size: 371KB - Virtual size: 370KB

.rdata Size: 608KB - Virtual size: 608KB

.data Size: 9KB - Virtual size: 11KB

.rsrc Size: 460KB - Virtual size: 459KB

.reloc Size: 35KB - Virtual size: 34KB

.text
Size: 371KB - Virtual size: 370KB

.rdata
Size: 608KB - Virtual size: 608KB

.data
Size: 9KB - Virtual size: 11KB

.rsrc
Size: 460KB - Virtual size: 459KB

.reloc
Size: 35KB - Virtual size: 34KB