5b59cd44abe59cf3bb065246a335fc681a48bafadebdc508eec46a1385507f67

Sharing

Copy URL Twitter E-mail

General

Target

5b59cd44abe59cf3bb065246a335fc681a48bafadebdc508eec46a1385507f67
Size

244KB
MD5

80d4620374e3dcea4602ac949d4fdb3b
SHA1

176b2ad9def56c588ea62ad823916495940b381a
SHA256

5b59cd44abe59cf3bb065246a335fc681a48bafadebdc508eec46a1385507f67
SHA512

a19ce2cc2ce94cd9d9b2581d083b8e50321bf907cc55e7d72907177cb9cf1f10d356133ae6d6d87b85d62e72bc3954f60566bc44e97bdffdcb328dd1b0350a23
SSDEEP

6144:ZcbwtBhSCTo/5ORdfeXOulA8laDXM3EtSUJ4HY9MG:fREJlJCSk4s

Score

N/A

Malware Config

Signatures

Files

5b59cd44abe59cf3bb065246a335fc681a48bafadebdc508eec46a1385507f67
.exe windows x86

159e17bbd2b0622cf4de889391fe2740

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

emodelview

ord5
ord6

comctl32

InitCommonControlsEx

kernel32

DeleteCriticalSection
MulDiv
FlushInstructionCache
WriteFile
InterlockedIncrement
CloseHandle
InterlockedDecrement
CreateProcessW
GetCommandLineW
InitializeCriticalSection
SetThreadPriority
GetCurrentThread
GetCurrentThreadId
SetPriorityClass
GetCurrentProcess
ResumeThread
GetModuleHandleW
GlobalUnlock
GlobalLock
GetTempPathW
lstrlenA
lstrcpyW
lstrcatW
CreateEventW
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
WaitForSingleObject
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
FindNextFileW
Sleep
OutputDebugStringW
FreeLibrary
SizeofResource
LoadResource
GetLastError
GetModuleFileNameW
FindResourceW
LoadLibraryExW
lstrcmpiW
RaiseException
lstrlenW
FindFirstFileW
DebugBreak
LeaveCriticalSection
lstrcmpW
FindClose
EnterCriticalSection
SetLastError
GlobalAlloc
SetEvent
QueryPerformanceCounter
CreateFileW

user32

CharNextW
UnregisterClassA
GetClassInfoExW
GetWindowLongW
GetDesktopWindow
SetWindowTextW
ReleaseCapture
GetWindowTextW
DefWindowProcW
SetCapture
GetParent
wvsprintfW
CallWindowProcW
GetSysColor
PostThreadMessageW
BeginPaint
RegisterClassExW
CreateWindowExW
IsChild
GetClientRect
GetFocus
InvalidateRect
DestroyAcceleratorTable
SetFocus
GetWindow
CreateAcceleratorTableW
InvalidateRgn
FillRect
RedrawWindow
EndPaint
IsWindow
LoadStringW
ClientToScreen
GetDC
GetDlgItem
ScreenToClient
SendMessageW
ReleaseDC
MoveWindow
RegisterWindowMessageW
SetWindowPos
DestroyWindow
SetWindowLongW
GetWindowTextLengthW
LoadCursorW
GetClassNameW

gdi32

GetDeviceCaps
GetObjectW
DeleteObject
DeleteDC
SelectObject
BitBlt
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoRevokeClassObject
OleLockRunning
CoResumeClassObjects
OleInitialize
CoGetClassObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
OleUninitialize
CoRegisterClassObject

oleaut32

VariantClear
RegisterTypeLi
SysAllocStringLen
SysStringByteLen
UnRegisterTypeLi
SysAllocString
VariantInit
LoadTypeLi
SysStringLen
OleCreateFontIndirect
LoadRegTypeLi
VarUI4FromStr
SysFreeString

hoopsmanager

??0EString@@QAE@ABV0@H@Z
??BEString@@QBEPB_WXZ
??1EString@@QAE@XZ

emodelutils

?GetViewerDir@LocalUtils@@SA?AVEString@@XZ

msvcr80

_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__set_app_type
_except_handler4_common
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_CxxThrowException
?terminate@@YAXXZ
memcmp
wcsstr
??2@YAPAXI@Z
_purecall
memcpy
_resetstkoflw
wcscpy_s
wcscat_s
_wtoi
_beginthreadex
iswdigit
_wfullpath
wcsncmp
swprintf_s
wcslen
wcsrchr
_recalloc
free
wcsncpy_s
memset
malloc
memcpy_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
__p__fmode
??3@YAXPAX@Z
??_V@YAXPAX@Z

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 155KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

159e17bbd2b0622cf4de889391fe2740

Headers

File Characteristics

Imports

emodelview

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

hoopsmanager

emodelutils

msvcr80

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 26KB - Virtual size: 25KB

.text Size: 155KB - Virtual size: 156KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 26KB - Virtual size: 25KB

.text
Size: 155KB - Virtual size: 156KB