54fa8035b3c289502aa3453def9f14dc8173060ee8d6609573c7f231d983787d

Sharing

Copy URL Twitter E-mail

General

Target

54fa8035b3c289502aa3453def9f14dc8173060ee8d6609573c7f231d983787d
Size

1.2MB
MD5

0c4d5aca7af058557a26012b0aca38e0
SHA1

059d3eea6edb158eb7734b05c3bf400f0dd7942a
SHA256

54fa8035b3c289502aa3453def9f14dc8173060ee8d6609573c7f231d983787d
SHA512

384c967d2713c107e0cad155598e1b09c041d20746f1843055865e2280f9196df804186c8cc32768247b9ac98f1a1523996a6f83f576d6ce9dd289aad5a22a1d
SSDEEP

24576:Rm2ebeitjkmlTu97Ja9WnwA2lk2JMFTrf3XlcEB5No0TZD:Qb1WnwnwFTTnqqoI

Score

N/A

Malware Config

Signatures

Files

54fa8035b3c289502aa3453def9f14dc8173060ee8d6609573c7f231d983787d
.exe windows x86

4c2b0289fb06bede3a65b08b88fd32f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msimg32

AlphaBlend
GradientFill

comctl32

_TrackMouseEvent

riched20

ord4

dbghelp

ImageDirectoryEntryToData

wininet

InternetOpenW
InternetCloseHandle
InternetSetOptionW
HttpQueryInfoW
InternetOpenUrlW
InternetReadFile

ws2_32

inet_ntoa
WSAStartup
send
gethostbyname
connect
closesocket
socket
inet_addr
recv
setsockopt
htons

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

Sleep
GetCurrentThreadId
ResumeThread
SetFileAttributesW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
CreateDirectoryW
GetLongPathNameW
GetTempFileNameW
RemoveDirectoryW
CreateFileW
MoveFileW
lstrlenW
DeviceIoControl
GetTempPathW
GetWindowsDirectoryW
DeleteFileW
GetFileInformationByHandle
MoveFileExW
SetFileTime
GetFullPathNameW
GetFileSizeEx
GetLogicalDriveStringsW
GetDiskFreeSpaceW
GetDriveTypeW
GetVolumeInformationW
GlobalUnlock
GetTickCount
GetProcAddress
LoadLibraryW
GetCurrentProcess
GetVersionExW
FreeLibrary
GetSystemInfo
ExpandEnvironmentStringsW
WriteFile
ReadFile
SetFilePointer
GetFileSize
SetEndOfFile
CreateEventW
SetEvent
ResetEvent
TerminateProcess
SuspendThread
CreateProcessW
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
VirtualProtectEx
FindFirstFileW
FindClose
FindNextFileW
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetModuleFileNameW
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
ReleaseMutex
CreateMutexW
GlobalAlloc
GlobalFree
TerminateThread
GetExitCodeThread
CreateThread
InterlockedExchange
GetCurrentProcessId
WriteProcessMemory
VirtualQuery
VirtualProtect
ReleaseSemaphore
CreateSemaphoreW
FreeResource
FindResourceW
LockResource
LoadResource
SizeofResource
MulDiv
WaitForMultipleObjects
WritePrivateProfileStringW
GetModuleHandleW
GlobalLock
GetLastError
InterlockedDecrement
ExitThread
CloseHandle
GetPrivateProfileStringW
GetCommandLineW
WaitForSingleObject
GetExitCodeProcess
GetProcessHeap
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapFree

user32

MapWindowPoints
GetWindowTextW
LoadStringW
ShowWindow
GetActiveWindow
GetDlgItem
PostMessageW
SetForegroundWindow
GetWindow
GetWindowTextLengthW
SystemParametersInfoW
SetWindowTextW
LoadBitmapW
ScreenToClient
IsWindow
ReleaseDC
SetCapture
SetWindowRgn
IsChild
UpdateLayeredWindow
TranslateAcceleratorW
TranslateMessage
GetDC
GetUpdateRect
GetFocus
GetMessageW
DestroyWindow
ReleaseCapture
GetCursorPos
EndPaint
InvalidateRect
GetWindowThreadProcessId
GetClientRect
IsZoomed
EnableWindow
FindWindowW
IsIconic
MessageBoxW
MonitorFromWindow
DefWindowProcW
CallWindowProcW
GetMonitorInfoW
KillTimer
GetWindowRect
GetWindowLongW
PostQuitMessage
SetWindowLongW
SendMessageW
IsWindowEnabled
MoveWindow
SetWindowPos
EqualRect
GetKeyState
SetFocus
ClientToScreen
SetTimer
GetSystemMetrics
DestroyAcceleratorTable
CreateAcceleratorTableW
InvalidateRgn
CreateCaret
HideCaret
ShowCaret
GetSysColor
SetCaretPos
FillRect
DrawTextW
CharPrevW
DrawIconEx
GetAsyncKeyState
TrackMouseEvent
OffsetRect
RedrawWindow
IntersectRect
SetCursor
DrawFocusRect
IsRectEmpty
CharNextW
CharNextA
LoadCursorW
GetPropW
SetPropW
LoadImageW
DestroyIcon
RegisterClassExW
RegisterClassW
GetClassInfoExW
BeginPaint
CreateWindowExW
PtInRect
DispatchMessageW
GetParent

gdi32

CombineRgn
GetObjectW
CreateRoundRectRgn
CreateDIBSection
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
GetBitmapBits
StretchBlt
SetBitmapBits
GetClipBox
SetBkMode
SetBkColor
ExtTextOutW
GetCharABCWidthsW
BitBlt
CreateFontIndirectW
DeleteDC
CreatePen
GetTextMetricsW
Rectangle
TextOutW
CreateEllipticRgn
CreateRectRgn
GetStockObject
CreateRectRgnIndirect
SetTextColor
GetDeviceCaps
ExtSelectClipRgn
GetTextExtentPoint32W
RoundRect
SelectClipRgn
SetStretchBltMode
SelectObject

comdlg32

GetOpenFileNameW

advapi32

RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegSetValueExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFileInfoW
ShellExecuteW
DragQueryFileW

ole32

OleUninitialize
OleInitialize
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitializeEx
CLSIDFromString
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
OleLockRunning

oleaut32

OleLoadPicture
VariantClear
SysFreeString
SysAllocString

msvcp80

?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IABV12@@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_WABV10@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$reverse_iterator@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
?uncaught_exception@std@@YA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0I_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z

msvcr80

memmove_s
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_time64
memmove
_wtoi
wcscpy_s
??_V@YAXPAX@Z
_beginthreadex
wcschr
_errno
towlower
towupper
_vsnwprintf_s
_swprintf
tolower
wcstoul
wcspbrk
wcsncmp
__RTDynamicCast
strncmp
free
malloc
strncpy
sprintf
_snwprintf
_atoi64
strstr
wcsstr
wcsncpy
strchr
??4exception@std@@QAEAAV01@ABV01@@Z
_vsnprintf_s
fread
fprintf
ferror
atoi
ftell
fseek
fclose
fopen_s
fputc
isspace
isalnum
isalpha
memcpy_s
sscanf
strtoul
wcstol
strtol
wcstod
realloc
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_CIsin
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_strnicmp
__CxxFrameHandler3
_CxxThrowException
memset
memcpy
floor
_CIacos
_CIcos
_invalid_parameter_noinfo

Sections

.text
Size: 752KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c2b0289fb06bede3a65b08b88fd32f5

Headers

File Characteristics

Imports

msimg32

comctl32

riched20

dbghelp

wininet

ws2_32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp80

msvcr80

Sections

.text Size: 752KB - Virtual size: 748KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 8KB - Virtual size: 10KB

.tls Size: 4KB - Virtual size: 9B

.rsrc Size: 288KB - Virtual size: 288KB

.text
Size: 752KB - Virtual size: 748KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 8KB - Virtual size: 10KB

.tls
Size: 4KB - Virtual size: 9B

.rsrc
Size: 288KB - Virtual size: 288KB