fc7d48714e04cd8db00926436f7b242eb364c7933e8d5b2b56a692941fed1f52

Sharing

Copy URL Twitter E-mail

General

Target

fc7d48714e04cd8db00926436f7b242eb364c7933e8d5b2b56a692941fed1f52
Size

996KB
MD5

0abd638e2b0f4393145159801a84daa0
SHA1

7ca93284e8defe94202833820c79cf72700ad3b9
SHA256

fc7d48714e04cd8db00926436f7b242eb364c7933e8d5b2b56a692941fed1f52
SHA512

163b78f8e7f141069ea8aa67cbc0402d83ece5bba6bfe2504829427c672eec3212fd48080778dabf77ff6199628a9a0b3a266d781339e7a146e74b7bc9078c57
SSDEEP

24576:1qLBYpDUH8RXdTFU4/skT1/wCMlOW4Dk:Xy4bThwEXDk

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Files

fc7d48714e04cd8db00926436f7b242eb364c7933e8d5b2b56a692941fed1f52
.exe windows x86

e855cfc4e823206d1c99bddfc0bfe94b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

htons
htonl
ntohl
inet_addr
ntohs
gethostbyname
inet_ntoa

shlwapi

PathFindFileNameW
PathAddBackslashW
PathIsDirectoryW
SHGetValueW
SHDeleteValueW
SHSetValueW
PathAppendW
PathRemoveFileSpecW
StrStrIW
PathFileExistsW
wnsprintfW

kernel32

Sleep
ReadFile
GetFileSize
CreateFileW
GetFileAttributesW
GetLocalTime
lstrlenW
lstrlenA
GetTickCount
OpenMutexW
GetCurrentProcess
GetModuleHandleW
LocalFree
TlsGetValue
InterlockedExchange
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
TlsSetValue
TlsAlloc
InterlockedIncrement
InterlockedDecrement
RaiseException
GetCurrentThreadId
IsDebuggerPresent
InitializeCriticalSection
DeleteCriticalSection
WriteFile
WaitNamedPipeW
CancelIo
GetOverlappedResult
DisconnectNamedPipe
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeW
OpenFileMappingW
lstrcatW
GetModuleFileNameW
IsBadWritePtr
GetSystemDirectoryW
TerminateThread
MultiByteToWideChar
lstrcmpiW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
ResetEvent
GetSystemTime
GetDiskFreeSpaceExW
lstrcpynW
GetCommandLineW
DuplicateHandle
FormatMessageW
GetACP
GetSystemInfo
OpenFileMappingA
MapViewOfFileEx
CreateTimerQueueTimer
InitializeCriticalSectionAndSpinCount
GetFileSizeEx
FormatMessageA
ChangeTimerQueueTimer
WaitForMultipleObjects
DeleteTimerQueueTimer
CreateFileMappingA
DeleteFileW
GetTempPathW
TryEnterCriticalSection
InterlockedCompareExchange
SetLastError
GetModuleFileNameA
FindFirstFileW
FindNextFileW
WideCharToMultiByte
lstrcpynA
SetFileAttributesW
GetFileTime
SetFilePointer
HeapFree
GetProcessHeap
HeapAlloc
MoveFileExW
RemoveDirectoryW
GetDriveTypeW
GetCurrentProcessId
ProcessIdToSessionId
CreateProcessW
OpenProcess
GetExitCodeProcess
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentDirectoryW
Process32NextW
ExpandEnvironmentStringsW
GlobalAlloc
GlobalLock
GlobalUnlock
GetComputerNameW
Thread32First
Thread32Next
VirtualQuery
LoadLibraryA
GetSystemDefaultLangID
GetCPInfo
IsDBCSLeadByte
LeaveCriticalSection
CopyFileW
DeviceIoControl
IsBadReadPtr
CreatePipe
GetStdHandle
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
OpenEventW
SetEvent
UnmapViewOfFile
CreateFileMappingW
ReleaseMutex
WaitForSingleObject
GetProcAddress
LoadLibraryW
FreeLibrary
EnterCriticalSection
MapViewOfFile
CreateEventW
CreateMutexW
GetLastError
CloseHandle
SwitchToThread
GetVersionExW
FindClose

user32

CloseClipboard
EmptyClipboard
OpenClipboard
DestroyIcon
SetWindowPos
MessageBoxW
GetClientRect
GetWindowTextW
GetWindowRect
SystemParametersInfoW
SetActiveWindow
SetForegroundWindow
ShowWindow
IsWindowVisible
WindowFromPoint
EnumThreadWindows
GetParent
GetWindowThreadProcessId
SetClipboardData
GetSystemMetrics
GetDesktopWindow
GetClassNameW
IsIconic
GetForegroundWindow
SetWindowLongW
GetWindowLongW
EnableWindow
FindWindowExW
SetWindowTextW
SendMessageW
ExitWindowsEx
FindWindowA
SendMessageTimeoutW
IsWindow
EnumWindows
PostQuitMessage
PostMessageW
GetMessageW
DispatchMessageW
TranslateMessage
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
SetTimer
UnregisterClassA
DefWindowProcW
EqualRect

gdi32

CreateDCW
CreateFontIndirectW
DeleteDC
GetDeviceCaps
GetObjectW
GetStockObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

GetSecurityDescriptorSacl
RegQueryInfoKeyW
RegSetKeySecurity
RegGetKeySecurity
RegNotifyChangeKeyValue
RegEnumKeyExW
RegFlushKey
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegEnumValueW
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetLengthSid
AllocateAndInitializeSid
SetFileSecurityW
FreeSid
AddAccessAllowedAce
InitializeAcl
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExA
SetSecurityDescriptorSacl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetDesktopFolder
SHGetFileInfoW
SHGetSpecialFolderLocation

ole32

StgOpenStorage
CoTaskMemFree
StgIsStorageFile
CoCreateInstance
CoFreeUnusedLibrariesEx
StgCreateDocfile
CoInitialize
CoUninitialize
CoCreateGuid

oleaut32

VariantCopy
SysFreeString
SysAllocString
VariantInit
VariantClear
VariantChangeType
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData

msvcr80

_snwprintf_s
memcpy_s
_itow
_vscwprintf
vswprintf_s
wprintf
calloc
_wtol
_snwprintf
_itow_s
towlower
swscanf_s
_wtoi64
_ui64tow_s
_wcsnicmp
swprintf_s
wcstol
wcsncmp
fwrite
fclose
wcsstr
fflush
fread
ftell
fseek
_wfopen_s
memmove
_snwscanf
_vsnprintf
strchr
_memicmp
setlocale
_snprintf_s
fopen_s
_vsnprintf_s
_wcsicmp
wcstoul
tolower
_localtime64
_mktime64
wcsftime
wcscpy_s
swscanf
_wcslwr_s
strstr
_localtime64_s
_wsplitpath_s
_recalloc
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
wcsrchr
strrchr
strncpy
_snprintf
wcsncat_s
memmove_s
wcsncpy_s
_endthreadex
srand
rand
_time64
_mbsnbcpy_s
strncpy_s
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
_purecall
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_except_handler3
_beginthreadex
??_U@YAPAXI@Z
??2@YAPAXI@Z
memcpy
__CxxFrameHandler3
_wtoi
malloc
free
memset
wcsncpy
wcsncat
??_V@YAXPAX@Z
wcschr
??3@YAXPAX@Z
_stricmp
isalnum
_wstat64
_wmkdir
_mbscmp
_mbschr
_mbslwr_s
_mbsstr
strtoul
isspace
isprint
strncmp
_vsnwprintf_s

msvcp80

?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?copy@?$char_traits@_W@std@@SAPA_WPA_WPB_WI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?compare@?$char_traits@D@std@@SAHPBD0I@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
?max@?$numeric_limits@I@std@@SAIXZ
?compare@?$char_traits@_W@std@@SAHPB_W0I@Z
?length@?$char_traits@_W@std@@SAIPB_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?setf@ios_base@std@@QAEHHH@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?allocate@?$allocator@D@std@@QAEPADI@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?_Xran@_String_base@std@@SAXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

imm32

ImmDisableIME

wininet

InternetConnectW
HttpOpenRequestA
HttpSendRequestW
InternetCloseHandle
InternetOpenW
InternetCrackUrlA

iphlpapi

GetIpForwardTable

psapi

GetProcessImageFileNameW
GetModuleFileNameExW
EnumProcessModules
GetModuleBaseNameW
EnumProcesses

common

?SetBugReportUin@TXBugReport@@YAXKPB_W@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?ValidateBugReport@TXBugReport@@YAXXZ

netapi32

Netbios
NetApiBufferFree
NetWkstaTransportEnum

Sections

.text
Size: 556KB - Virtual size: 554KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e855cfc4e823206d1c99bddfc0bfe94b

Headers

DLL Characteristics

File Characteristics

Imports

version

ws2_32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcr80

msvcp80

imm32

wininet

iphlpapi

psapi

common

netapi32

Sections

.text Size: 556KB - Virtual size: 554KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 32KB - Virtual size: 45KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 32KB - Virtual size: 31KB

.UPX Size: 240KB - Virtual size: 240KB

.text
Size: 556KB - Virtual size: 554KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 32KB - Virtual size: 45KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 31KB

.UPX
Size: 240KB - Virtual size: 240KB