bd0ab826efdb9f1e1327f4e366513d643511d059b919e68d76b36b7ea8fb3d64

Sharing

Copy URL Twitter E-mail

General

Target

bd0ab826efdb9f1e1327f4e366513d643511d059b919e68d76b36b7ea8fb3d64
Size

356KB
MD5

0af616587d003e8128731bcd398de7c1
SHA1

a78723e4b0186fbaa84039c75d22239626ed658c
SHA256

bd0ab826efdb9f1e1327f4e366513d643511d059b919e68d76b36b7ea8fb3d64
SHA512

7895d035c3bc41c19dcbf0ace6e42d4749af461e83b76c35c6d9d14099c9584a4b76dcd84b0355618af6ab8354609f2962ed402a5d3497c994c6a54a4f26729e
SSDEEP

6144:LUK5bJPB0SsNgt4CHY01RxJiBoev7Hbnv:LUl+xvI1z

Score

N/A

Malware Config

Signatures

Files

bd0ab826efdb9f1e1327f4e366513d643511d059b919e68d76b36b7ea8fb3d64
.dll windows x86

70a6829346178f95c53487ba4ab41d05

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

skinmagicu

ord9
ord53
ord7

mfc71u

ord4256
ord605
ord354
ord6086
ord6063
ord4574
ord266
ord265
ord3678
ord3590
ord283
ord6003
ord1176
ord6000
ord577
ord776
ord293
ord3204
ord1925
ord2362
ord3281
ord1271
ord3198
ord3155
ord1270
ord5633
ord2361
ord2366
ord1894
ord1299
ord2167
ord5392
ord2521
ord5607
ord6056
ord5604
ord6050
ord4155
ord6053
ord5884
ord6033
ord5723
ord5638
ord5643
ord5519
ord5584
ord5410
ord5397
ord5917
ord5715
ord3174
ord602
ord6058
ord347
ord3249
ord2121
ord5672
ord3248
ord443
ord676
ord1183
ord1155
ord709
ord501
ord4945
ord5755
ord3342
ord5981
ord3995
ord4117
ord4158
ord3756
ord4026
ord5727
ord1908
ord1118
ord1472
ord2340
ord2648
ord3344
ord5983
ord774
ord2311
ord4480
ord502
ord326
ord2255
ord280
ord5829
ord5618
ord1331
ord458
ord734
ord1968
ord2901
ord5398
ord6288
ord2460
ord896
ord899
ord546
ord1282
ord457
ord1571
ord5327
ord6293
ord5316
ord6282
ord6203
ord6173
ord6167
ord3990
ord4100
ord2261
ord4041
ord2781
ord3910
ord1416
ord5911
ord1393
ord5210
ord4255
ord760
ord755
ord1087
ord564
ord572
ord1545
ord2985
ord3189
ord620
ord758
ord567
ord1922
ord1474
ord4092
ord2080
ord1538
ord4228
ord3165
ord591
ord589
ord330
ord3395
ord2077
ord1536
ord4226
ord3158
ord587
ord1785
ord3448
ord3331
ord6061
ord6278
ord5609
ord2086
ord1582
ord4234
ord3311
ord741
ord2155
ord4347
ord2461
ord3755
ord356
ord2651
ord1386
ord5053
ord1636
ord1577
ord3298
ord730
ord6064
ord5987
ord1479
ord282
ord2926
ord1095
ord290
ord6232
ord3753
ord2893
ord3943
ord371
ord1093
ord1182
ord1178
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5199
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord4119
ord1079
ord762
ord764
ord3435
ord3635
ord5637
ord1168

msvcr71

_localtime64
wcsftime
time
sprintf
atoi
_itow
memmove
__RTDynamicCast
wcscpy
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
?terminate@@YAXXZ
_onexit
wcstoul
_time64
wcstok
__dllonexit
wcslen
strchr
strncmp
fclose
fwrite
fopen
strstr
strtol
fread
ftell
fseek
_purecall
swprintf
_mktime64
memset
_except_handler3
free
__security_error_handler
??1type_info@@UAE@XZ

kernel32

TerminateThread
CreateThread
CreateMutexA
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
lstrlenW
ResetEvent
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
WaitForMultipleObjects
GetLocalTime
CreateEventW
SetEvent
Sleep
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
CloseHandle
ExitProcess
GlobalUnlock
MulDiv
QueryPerformanceCounter
GlobalReAlloc
DeleteCriticalSection
GlobalLock
GlobalSize

user32

IsWindow
GetClientRect
EnableWindow
SetParent
DestroyCursor
GetWindowRect
WindowFromPoint
IsWindowVisible
ClientToScreen
PtInRect
IsRectEmpty
CopyRect
GetClipboardData
CloseClipboard
OpenClipboard
SystemParametersInfoW
GetCursorPos
IsClipboardFormatAvailable
ClipCursor
ReleaseCapture
SetCursor
GetSysColor
GetKeyState
GetClassInfoW
DefWindowProcW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetParent
GetFocus
SetCapture
GetCapture
KillTimer
SetTimer
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
PostMessageW
SendMessageW
DrawEdge
InvertRect
FillRect
IntersectRect
OffsetRect
InflateRect

gdi32

GetTextExtentPointW
DeleteObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetCurrentObject
GetTextMetricsW
GetTextExtentPoint32W
BitBlt
Rectangle
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
CreateFontW
CreateFontIndirectW
CreatePen
SelectObject

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW

comctl32

ImageList_Draw
ImageList_GetImageInfo

ole32

OleInitialize
OleUninitialize

msvcp71

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

Exports

Exports

CreatePlugin

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

70a6829346178f95c53487ba4ab41d05

Headers

File Characteristics

Imports

skinmagicu

mfc71u

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

msvcp71

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 18KB

.text Size: 168KB - Virtual size: 168KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 18KB

.text
Size: 168KB - Virtual size: 168KB