2b7d14413d678659a166956de63ec9440cc28c24503ebd51da8a7e3e76e87da4

Sharing

Copy URL Twitter E-mail

General

Target

2b7d14413d678659a166956de63ec9440cc28c24503ebd51da8a7e3e76e87da4
Size

516KB
MD5

5e4f13fe28669934358cc2d905f525c6
SHA1

6628539ac67d30281598a1cd81a833163444d2c3
SHA256

2b7d14413d678659a166956de63ec9440cc28c24503ebd51da8a7e3e76e87da4
SHA512

ce6641db971ab09061fcfcc870896714a9c38f848d00a6a187d21299e7c56795754e72f1dcb20c3529563e2bf07cf77c0e1e4b4d03cdf0cd4f072dd0b657907a
SSDEEP

6144:X71MiKVl00XIprsEUjf6EF82D+tWednOGBV7oaK9dSKkKr/8e3:L1F38Wodj6U+tWijV7oREaZ

Score

N/A

Malware Config

Signatures

Files

2b7d14413d678659a166956de63ec9440cc28c24503ebd51da8a7e3e76e87da4
.exe windows x86

0f8ccd22252669f7c0411207b5a7ea32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord818
ord4424
ord1776
ord713
ord5290
ord3721
ord795
ord609
ord6241
ord4055
ord2642
ord2652
ord823
ord1669
ord6199
ord5951
ord5981
ord1779
ord3098
ord2765
ord858
ord860
ord1085
ord5609
ord4275
ord2379
ord567
ord2301
ord4229
ord4852
ord6334
ord4375
ord3620
ord2516
ord361
ord924
ord923
ord3095
ord1199
ord1168
ord5710
ord537
ord5683
ord3402
ord2370
ord2302
ord3742
ord755
ord5789
ord6172
ord470
ord3619
ord2405
ord1859
ord4246
ord3869
ord2127
ord2723
ord2391
ord3059
ord5102
ord5105
ord4468
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2880
ord2878
ord4153
ord4077
ord5237
ord2383
ord5284
ord2649
ord535
ord4437
ord4428
ord807
ord529
ord554
ord402
ord674
ord1665
ord5255
ord6000
ord2117
ord5883
ord4147
ord2120
ord4457
ord4413
ord4083
ord2884
ord4216
ord3870
ord5943
ord5053
ord1858
ord5101
ord2101
ord2390
ord5100
ord5104
ord4467
ord3351
ord976
ord2879
ord4152
ord2382
ord5283
ord4436
ord5254
ord2445
ord4427
ord401
ord4245
ord5031
ord1825
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord338
ord4823
ord4238
ord5882
ord2920
ord2012
ord6453
ord3573
ord5873
ord6129
ord6128
ord796
ord3756
ord3752
ord6130
ord2450
ord4220
ord2584
ord3654
ord6270
ord2438
ord1644
ord1945
ord4589
ord4588
ord4899
ord4370
ord2919
ord6055
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord5260
ord4432
ord813
ord560
ord4273
ord2860
ord2452
ord4464
ord4299
ord539
ord2575
ord4396
ord3574
ord802
ord542
ord5601
ord2764
ord861
ord2116
ord2078
ord914
ord4190
ord415
ord1081
ord2915
ord909
ord4185
ord1871
ord715
ord5597
ord6329
ord2614
ord696
ord394
ord4673
ord4684
ord4680
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord5289
ord5714
ord4622
ord3738
ord5265
ord561
ord6195
ord986
ord411
ord4159
ord2621
ord2725
ord3949
ord4698
ord816
ord562
ord1783
ord5820
ord3648
ord399
ord701
ord3440
ord1816
ord326
ord6197
ord6379
ord3797
ord414
ord6141
ord3984
ord5859
ord3693
ord4133
ord4297
ord5788
ord2753
ord1949
ord3089
ord2763
ord3874
ord2761
ord2629
ord2152
ord1233
ord6240
ord4284
ord2863
ord5875
ord4442
ord3815
ord613
ord1768
ord3138
ord289
ord6377
ord4881
ord5143
ord692
ord2099
ord3754
ord3495
ord4129
ord536
ord283
ord5787
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4998
ord4376
ord5572
ord4234
ord3956
ord2514
ord2169
ord324
ord2864
ord325
ord3663
ord3092
ord6215
ord4853
ord1146
ord1641
ord323
ord2859
ord1640
ord5785
ord640
ord2414
ord3626
ord3571
ord4710
ord540
ord4160
ord941
ord5953
ord939
ord5802
ord800
ord641
ord825
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord4892
ord5076
ord5768
ord815
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_controlfp
_initterm
__getmainargs
_acmdln
exit
__setusermatherr
_setmbcp
_mbsicmp
__CxxFrameHandler
memmove
_splitpath
_itoa
_mbscmp
strtoul
_getmbcp
_mbsnbcpy
_access
_mbsinc
_purecall
sprintf
_beginthread
_endthread
free
_XcptFilter
sscanf
malloc
_mbschr
_ftol
_wcsupr
wcsrchr
__p___argv
__p___argc
toupper
iscntrl
time
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit

msvcirt

??6ostream@@QAEAAV0@H@Z
?str@strstreambuf@@QAEPADXZ
?freeze@strstreambuf@@QAEXH@Z
?seekp@ostream@@QAEAAV1@J@Z
??6ostream@@QAEAAV0@K@Z
??6ostream@@QAEAAV0@G@Z
??1ostrstream@@UAE@XZ
??0ios@@IAE@XZ
??0ostrstream@@QAE@XZ
_mtlock
_mtunlock
??1ios@@UAE@XZ
??6ostream@@QAEAAV0@J@Z
??6ostream@@QAEAAV0@I@Z
?ends@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@E@Z
??6ostream@@QAEAAV0@PBD@Z

kernel32

SetEvent
GetProfileStringA
GetModuleFileNameA
CreateFileA
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
FindResourceA
SizeofResource
GlobalAlloc
GlobalLock
LoadResource
LockResource
GlobalUnlock
GlobalFree
MulDiv
GetLastError
SetFilePointer
CreateEventA
ReleaseMutex
ResetEvent
CreateMutexA
Sleep
GetModuleHandleA
WriteFile
lstrlenA
HeapReAlloc
HeapSize
HeapAlloc
GetProcessHeap
HeapFree
InterlockedIncrement
InterlockedDecrement
SetLastError
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersion
lstrcpyA
lstrcmpiA
IsDBCSLeadByte
GlobalGetAtomNameA
GetStartupInfoA
WaitForSingleObject

user32

FillRect
wsprintfA
OffsetRect
IsIconic
InflateRect
GetWindowWord
GetClassLongW
IsWindowUnicode
EnumChildWindows
SetActiveWindow
GetDesktopWindow
SetWindowPlacement
BringWindowToTop
SetForegroundWindow
EnumWindows
SetRectEmpty
ShowWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
DeleteMenu
GetSystemMenu
PeekMessageA
GetLastActivePopup
AdjustWindowRectEx
EqualRect
MapWindowPoints
AdjustWindowRect
MessageBeep
UnionRect
AppendMenuA
CreatePopupMenu
SetWindowLongA
GetClientRect
LoadCursorA
LoadIconA
WinHelpA
GetSystemMetrics
GetWindowDC
IsZoomed
GetSysColor
ReleaseDC
ReleaseCapture
GetCapture
ClientToScreen
WindowFromPoint
SetCapture
SetCursor
UpdateWindow
GetWindow
GetWindowRgn
PtInRect
InvalidateRect
SendMessageA
SetDlgItemTextW
IsWindow
GetWindowTextA
GetClassNameA
GetWindowLongA
GetWindowRect
GetWindowThreadProcessId
GetParent
EnableWindow
GetKeyState
IsWindowVisible
GetFocus
FrameRect
DrawFocusRect
GetClassInfoA
PostMessageA
MessageBoxA
SetWindowsHookExA
UnhookWindowsHookEx
DefWindowProcA
GetClassWord
DestroyWindow
RegisterClipboardFormatA
RegisterClassA
CreateWindowExA
GetClipboardFormatNameA
IsChild
GetDC
UnpackDDElParam
IsRectEmpty
LoadBitmapA
SetRect
GetClassLongA
GetWindowPlacement

gdi32

Rectangle
GetStockObject
SelectObject
CreatePen
SetROP2
CreateFontIndirectA
CreateHatchBrush
CreateRectRgn
FrameRgn
CreateBitmap
GetDeviceCaps
GetTextMetricsA
GetTextExtentPoint32A
CreatePatternBrush
PatBlt
PtInRegion
CreateSolidBrush
DeleteObject
GetObjectA
CreateCompatibleDC
BitBlt
GetPixel
ExtTextOutA

advapi32

RegCreateKeyA
RegOpenKeyA
RegQueryInfoKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

spyhk55

gfOnWindows9x
gfOnWindows5x
gopd
gmsgOtherProcessData
_SpyxxGetMsgProc@12
ghhkMsgHook
_SpyxxCallWndProc@12
ghhkCallHook
_SpyxxCallWndRetProc@12
ghhkRetHook
gcSubclass
goffRead
goffWrite
gcMsgPackets
gpidSpyxx
gtidSpyxx
gaaClasses
gabMsgBuf
gfEnableSubclass
gfOnWindows4x
gfHookEnabled

Sections

.text
Size: 300KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f8ccd22252669f7c0411207b5a7ea32

Headers

File Characteristics

Imports

mfc42

msvcrt

msvcirt

kernel32

user32

gdi32

advapi32

spyhk55

Sections

.text Size: 300KB - Virtual size: 296KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 80KB - Virtual size: 89KB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 300KB - Virtual size: 296KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 80KB - Virtual size: 89KB

.rsrc
Size: 92KB - Virtual size: 92KB