a52cd357d4139fe94d4c4a866a5e0f3194e9e1c70bddb4bd74b49032095399db

Sharing

Copy URL Twitter E-mail

General

Target

a52cd357d4139fe94d4c4a866a5e0f3194e9e1c70bddb4bd74b49032095399db
Size

1012KB
MD5

01f848968d716842b97b29d575162fa0
SHA1

f50a9b84b2ed022759da50aec2104e6c6b35d69c
SHA256

a52cd357d4139fe94d4c4a866a5e0f3194e9e1c70bddb4bd74b49032095399db
SHA512

dc60b867989751a2a722ceede097cfba32d0b6024bb7a5a0f9ce8a61e87d7431cd073822d7a9c2e165526af222c95d790443f36e990e9223404bd08c63f8771a
SSDEEP

12288:epzizW9S32GgqadDSJ09hLwWmvGwQQMgEzvFUMYkCn9VMaLxmVSGWLCnFahaxssc:epzKU1tLLwxVuKaqs5jn7BXDrNm

Score

N/A

Malware Config

Signatures

Files

a52cd357d4139fe94d4c4a866a5e0f3194e9e1c70bddb4bd74b49032095399db
.exe windows x86

a0a378220e5cd71af93cd9ae291a8600

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

basic

?Base64DecodeStr@Crypt@Base@@YAHPB_WPA_WHW4CodePage@@@Z
?SetSupplyID@Misc@Utils@@YAHH@Z
?WToA@StringUtils@Base@@YAPADABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PADH@Z
?SafeLoadLibrary@Library@Base@@YAPAUHINSTANCE__@@PB_WH@Z
?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetSoftID@Misc@Utils@@YAIXZ
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?UTF8AToW@StringUtils@Base@@YAPA_WABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PA_WH@Z
?AToW@StringUtils@Base@@YAPA_WPBDIPA_WH@Z
?Is64BitsWindows@Misc@Utils@@YAHXZ
?UTF8ToA@StringUtils@Base@@YAPADABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PADH@Z
?AToUTF8@StringUtils@Base@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PADH@Z
?GetExeFolderNotWithSlash@Misc@Utils@@YAPB_WXZ
?WToA@StringUtils@Base@@YAPADPB_WPADH@Z
?ToLowerW@StringUtils@Base@@YAPA_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PA_WH@Z
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IH0ZZ
?GetSpecialPath@FileMisc@Base@@YAHPA_WH@Z
?IsDirectoryExist@FileMisc@Base@@YAHPB_W@Z
?CreateDirectoryNested@FileMisc@Base@@YAHPB_W@Z
?GetSysTempPath@FileMisc@Base@@YAHPA_WK@Z
?OutputDebugInfoEx@Log@Base@@YAXHPBD0IHPB_WZZ
?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ

comctl32

InitCommonControlsEx
_TrackMouseEvent

ws2_32

ntohl

kernel32

InterlockedCompareExchange
InterlockedExchange
InterlockedExchangeAdd
GetCurrentThreadId
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
FindFirstFileW
ExpandEnvironmentStringsW
Sleep
GetTickCount
WaitForSingleObject
GetThreadLocale
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
SetEndOfFile
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
CreateFileA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LoadLibraryA
SetConsoleCtrlHandler
FatalAppExitA
WriteFile
GetStartupInfoA
GetStdHandle
SetHandleCount
SetFilePointer
GetFileType
SetStdHandle
ReadFile
HeapSize
IsValidCodePage
GetOEMCP
GetACP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
HeapReAlloc
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
CreateThread
ExitThread
HeapFree
ExitProcess
GetModuleHandleA
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
OutputDebugStringW
IsBadReadPtr
GetFileAttributesW
GlobalFree
GetCurrentThread
GetModuleFileNameA
FindResourceExW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
GetModuleHandleW
lstrcatW
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
ResetEvent
FreeLibrary
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
FindNextFileW
FindClose
MoveFileW
GetCurrentProcessId
DeleteFileW
CopyFileW
ProcessIdToSessionId
OpenProcess
GetExitCodeProcess
CreateToolhelp32Snapshot
Process32FirstW
lstrcmpiW
Process32NextW
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
CreateFileW
DeviceIoControl
CloseHandle
CreateEventW
SetEvent
SetThreadLocale
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcpynW
lstrlenW
GetLastError

user32

EnumThreadWindows
DialogBoxParamW
LoadCursorW
DrawIcon
CreateDialogParamW
SendMessageW
GetMessageW
DispatchMessageW
TranslateMessage
UnregisterClassA
UpdateWindow
SetRect
MessageBoxW
LoadImageW
GetWindowRect
GetClassNameW
DrawAnimatedRects
EnumChildWindows
FindWindowW
PostMessageW
SetForegroundWindow
ShowWindow
PostQuitMessage
IsWindow
CallWindowProcW
DestroyWindow
FlashWindow
SetWindowPos
SetWindowTextW
RegisterWindowMessageW
EndPaint
GetClientRect
BeginPaint
EnableWindow
GetDlgItem
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextW
SetFocus
CheckDlgButton
SendDlgItemMessageW
GetDlgItemTextW
SetTimer
KillTimer
LoadIconW
DestroyMenu
TrackPopupMenu
GetCursorPos
GetSubMenu
LoadMenuW
AttachThreadInput
IsIconic
GetWindowThreadProcessId
GetForegroundWindow
FindWindowExW
PtInRect
ReleaseDC
GetDC
EndDialog
WindowFromPoint
IsZoomed
SetWindowRgn
GetActiveWindow
RedrawWindow
GetClassInfoExW
GetSystemMetrics
DrawIconEx
GetSystemMenu
GetMenuState
GetWindowTextW
SetCursor
IsWindowVisible
GetClassInfoW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetWindow
SystemParametersInfoW
MapWindowPoints
DrawFocusRect
GetParent
ClientToScreen
DefWindowProcW
RegisterClassExW
SetWindowLongW
GetWindowLongW
IntersectRect
CreateWindowExW
InvalidateRect
GetWindowDC
GetCapture
SetCapture
ScreenToClient
ReleaseCapture
InflateRect
OffsetRect
DrawTextW

gdi32

CreateFontIndirectW
CreateSolidBrush
CombineRgn
CreateRoundRectRgn
CreateRectRgn
ExcludeClipRect
CreateDIBSection
GetClipBox
CreateCompatibleBitmap
StretchBlt
CreateCompatibleDC
BitBlt
DeleteDC
Rectangle
SetBkColor
ExtTextOutW
CreateRectRgnIndirect
SelectClipRgn
RoundRect
MoveToEx
CreatePen
LineTo
SelectObject
GetTextExtentPoint32W
GetStockObject
DeleteObject
SetTextColor
SetBkMode

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
CreateProcessAsUserW
DuplicateTokenEx
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
ImpersonateSelf
MapGenericMask
OpenThreadToken
AccessCheck
GetFileSecurityW
RevertToSelf
RegOpenKeyW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

shell32

Shell_NotifyIconW
ExtractIconExW
SHGetMalloc
ShellExecuteW
SHBrowseForFolderW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CreateStreamOnHGlobal
CLSIDFromProgID
CoInitializeEx
CoUninitialize
CoLoadLibrary
CoFreeLibrary

oleaut32

SysAllocString
SysStringLen
SysFreeString

report

?ReleaseReportMgr@Report@@YAXPAVIReportMgr@1@@Z
?GetReportMgr@Report@@YAPAVIReportMgr@1@XZ

shlwapi

wnsprintfW

psapi

GetProcessImageFileNameW

wtsapi32

WTSFreeMemory
WTSQueryUserToken
WTSEnumerateSessionsW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

gdiplus

GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipCloneImage
GdipCloneBrush
GdipCloneBitmapAreaI
GdipCreateFont
GdipDrawImageRectRectI
GdipDrawString
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetPropertyItemSize
GdipCreateBitmapFromHICON
GdipCreateBitmapFromFileICM
GdipImageGetFrameDimensionsCount
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetPropertyItem
GdipDrawImageRectI
GdipLoadImageFromStreamICM
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipCreateBitmapFromFile
GdipImageSelectActiveFrame
GdipCreateHBITMAPFromBitmap

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 748KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0a378220e5cd71af93cd9ae291a8600

Headers

File Characteristics

Imports

basic

comctl32

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

report

shlwapi

psapi

wtsapi32

userenv

gdiplus

version

Sections

.text Size: 748KB - Virtual size: 744KB

.rdata Size: 116KB - Virtual size: 112KB

.data Size: 16KB - Virtual size: 27KB

.tls Size: 4KB - Virtual size: 13B

.rsrc Size: 116KB - Virtual size: 116KB

.text
Size: 748KB - Virtual size: 744KB

.rdata
Size: 116KB - Virtual size: 112KB

.data
Size: 16KB - Virtual size: 27KB

.tls
Size: 4KB - Virtual size: 13B

.rsrc
Size: 116KB - Virtual size: 116KB