5520d37166247a0ac88092e8c22581559a6dea9155df908642185a103084deb5

Sharing

Copy URL Twitter E-mail

General

Target

5520d37166247a0ac88092e8c22581559a6dea9155df908642185a103084deb5
Size

802KB
MD5

83f83e2b68e8547d8c0cfd03e4f82a61
SHA1

ce882a5d9afdd86f0d801fa7d0d5a3d54538955e
SHA256

5520d37166247a0ac88092e8c22581559a6dea9155df908642185a103084deb5
SHA512

8be6d135aa95647c5dde1e6b2aee4f0b835e064a90e7f9f550247e75f98b2f8d1daa76f8087174e5aee11429c89208d72437babae2844a3f3f160a3d823366e4
SSDEEP

12288:l9s08B1RP0TRczpNQe5dq0zk2pgXOBsmfAq/6cS6NFwm:tMPvz4e5dq0zpp4+AqS6zL

Score

N/A

Malware Config

Signatures

Files

5520d37166247a0ac88092e8c22581559a6dea9155df908642185a103084deb5
.exe windows x86

da4fd8caaf0b72a924c491eab1a5abba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ngscm

?SetLayout@CNbuuLib@@SAKK@Z
?TranslateMenuAccelerator@CNbuuWindowBackgroundCtrl@@QAEHPAUtagMSG@@@Z
?SetResourceInstance@CNbuuLib@@SAXPAUHINSTANCE__@@@Z
?SetTooltip@?$CNbuuButtonImpl@VCNbuuCommonButtonSkin@@@@QAEXPAG@Z
?SetSkinDef@?$CNbuuBaseSkinImpl@VCNbuuStaticBitmapSkin@@VCNbuuStaticBitmapSkinDef@@@@UAEXVCNbuuStaticBitmapSkinDef@@@Z
?IsValid@?$CNbuuBaseSkinImpl@VCNbuuStaticBitmapSkin@@VCNbuuStaticBitmapSkinDef@@@@UAE_NXZ
?SetTextColor@CNbuuStaticCtrl@@QAEXK@Z
??0CNbuuStaticCtrl@@QAE@XZ
??1CNbuuStaticCtrl@@UAE@XZ
??0CNbuuWindowBackgroundSkin@@QAE@XZ
??1CNbuuWindowBackgroundSkin@@UAE@XZ
??0CNbuuCommonButtonCtrl@@QAE@XZ
??1CNbuuCommonButtonCtrl@@UAE@XZ
??0CNbuuCheckButtonCtrl@@QAE@XZ
??1CNbuuCheckButtonCtrl@@UAE@XZ
?NGSCM_GetCommonNGR@@YAPAUHINSTANCE__@@XZ
?CreateBackBuffer@CNbuuBackBuffer@@UAEXHHPAVCNbuuGraphics@@@Z
?DeleteBackBuffer@CNbuuBackBuffer@@UAEXXZ
?DrawBackBuffer@CNbuuBackBuffer@@UAEXPAUHDC__@@UtagRECT@@1@Z
?DrawBackBufferPart@CNbuuBackBuffer@@UAEXPAUHDC__@@UtagRECT@@11@Z
?DrawParentBackBuffer@CNbuuBackBuffer@@UAEXPAUHDC__@@UtagRECT@@@Z
??0CNbuuStaticBitmapSkin@@QAE@XZ
??1CNbuuStaticBitmapSkin@@UAE@XZ
?Load@CNbuuStaticBitmapSkin@@UAEXXZ
?Unload@CNbuuStaticBitmapSkin@@UAEXXZ
?Validate@CNbuuStaticBitmapSkin@@UAEXXZ
?Draw@CNbuuStaticBitmapSkin@@UAEXPAVCNbuuWindow@@PAVCNbuuGraphics@@HH@Z
?Init@CNbuuLib@@SAXPAUHINSTANCE__@@0@Z
??0CNbuuComboBoxCtrl@@QAE@XZ
??1CNbuuComboBoxCtrl@@UAE@XZ
?PcsLoadFont@@YAXPAUtagLOGFONTW@@@Z
??0CNbuuWindowBackgroundCtrl@@QAE@XZ
??1CNbuuWindowBackgroundCtrl@@UAE@XZ
?GetMenuHandle@CNbuuWindowBackgroundCtrl@@QAEPAUHMENU__@@XZ
?DoModal@CCommonAboutDlg@@QAEHXZ
?SetAboutBoxParams@CCommonAboutDlg@@QAEXPAUtagABOUTBOXPARAMS@@@Z
??1CCommonAboutDlg@@UAE@XZ
??0CCommonAboutDlg@@QAE@XZ
?PcsInitializeWER@@YAHXZ
??0CPCSL2InfoReader@@QAE@XZ
??1CPCSL2InfoReader@@QAE@XZ
?ReadPCSL@CPCSL2InfoReader@@QAEHPAG@Z
?GetUIManufacturer@CPCSL2InfoReader@@QAEPBGXZ
?Show@CNbuuCommonMessageBox@@SAHPAUHWND__@@PBG1I@Z

msimg32

TransparentBlt
AlphaBlend

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

gdiplus

GdiplusStartup
GdipFree
GdipCreateBitmapFromFileICM
GdipGetImageHeight
GdipGetImagePalette
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipDrawImageI
GdipAlloc
GdipDisposeImage
GdipCreateBitmapFromFile
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdiplusShutdown

mfc90u

ord5510
ord5509
ord5511
ord5508
ord5231
ord5047
ord5301
ord4632
ord5168
ord5277
ord4608
ord3628
ord4815
ord5194
ord6022
ord1486
ord6112
ord4527
ord6183
ord4248
ord783
ord581
ord6822
ord5778
ord6811
ord5767
ord5535
ord933
ord936
ord938
ord794
ord600
ord291
ord287
ord286
ord280
ord296
ord5851
ord4324
ord3185
ord2702
ord2676
ord909
ord2537
ord6171
ord6170
ord4519
ord5979
ord2504
ord813
ord2326
ord1183
ord1599
ord4442
ord1298
ord4405
ord6013
ord6692
ord6698
ord4490
ord4494
ord2479
ord5939
ord935
ord2057
ord1727
ord1791
ord1792
ord2628
ord2640
ord2617
ord2621
ord2623
ord2625
ord2615
ord5683
ord5685
ord1675
ord4131
ord6579
ord2478
ord4235
ord277
ord2490
ord4251
ord589
ord5548
ord1048
ord2206
ord4747
ord6691
ord6697
ord6630
ord3736
ord520
ord1745
ord4270
ord6349
ord405
ord3399
ord3167
ord3220
ord285
ord1607
ord899
ord6693
ord6699
ord2695
ord2572
ord293
ord4518
ord1222
ord4268
ord1665
ord1719
ord3231
ord1108
ord290
ord5867
ord2694
ord1043
ord5931
ord1243
ord294
ord4043
ord3217
ord4250
ord6515
ord5897
ord5895
ord2525
ord3868
ord6096
ord665
ord1070
ord2901
ord6172
ord1250
ord1254
ord3355
ord6411
ord1493
ord5664
ord3674
ord4044
ord792
ord587
ord3741
ord2971
ord6311
ord5632
ord5167
ord5324
ord2208
ord1810
ord1809
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord5602
ord2074
ord5512
ord6800
ord4603
ord3743
ord5154
ord4702
ord1728
ord753
ord960
ord965
ord969
ord967
ord971
ord2635
ord2619
ord2638
ord2633
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord5650
ord3140
ord4910
ord4682
ord3515
ord2364
ord6760
ord1937
ord6577
ord6065
ord1137
ord3494
ord338
ord4681
ord4905
ord4348
ord2891
ord4071
ord4081
ord4080
ord614
ord3235
ord2764
ord2893
ord2774
ord3115
ord2966
ord4728
ord3112
ord2983
ord2771
ord3588
ord463
ord6512
ord6168
ord5891
ord711
ord6130
ord580
ord6514
ord782
ord2597
ord2904
ord4543
ord4127
ord6604
ord3630
ord553
ord6513
ord6169
ord5893
ord757
ord3589
ord6166
ord1319
ord1646
ord6187
ord6547
ord2431
ord2470
ord2263
ord636
ord6091
ord524
ord744
ord3489
ord2274
ord611
ord4652
ord3661
ord1722
ord1786
ord2286
ord785
ord4663
ord4036
ord374
ord5008
ord4631
ord639
ord5653
ord4000
ord4530
ord3286
ord3577
ord2130
ord1357
ord2146
ord2282
ord4512
ord3543
ord1354
ord2106
ord3537
ord6511
ord6167
ord3146
ord5890
ord2209
ord664
ord4400
ord2595
ord1063
ord1088
ord1688
ord436
ord2800
ord6575
ord2372
ord1383
ord2596
ord4741
ord1938
ord2100
ord791
ord595
ord797
ord3665
ord3282
ord835
ord652
ord390
ord1268
ord6813
ord2069
ord4448
ord4423
ord6801
ord4173
ord6803
ord2251
ord6035
ord4179
ord6741
ord404
ord3187
ord5770
ord1552
ord663
ord799
ord1248
ord3490
ord335
ord6510
ord2574
ord612
ord6121
ord1261
ord266
ord320
ord265
ord801
ord5152
ord5661
ord4026
ord3488
ord2593
ord3486
ord3654
ord2283
ord778
ord4660
ord4216
ord3637
ord2592
ord1353
ord367
ord6466
ord5830
ord4213
ord2097
ord2087
ord1272
ord5674
ord4347
ord5676
ord4996
ord5680
ord5663
ord6018
ord3670
ord2447
ord406
ord1098
ord811

msvcr90

__wgetmainargs
_amsg_exit
_time64
_localtime64
_wtol
_tzset
_gmtime64
_gmtime64_s
__CxxFrameHandler3
_mktime64
wcschr
strtoul
strcpy
strlen
sprintf
fabs
floor
ceil
memcmp
abs
_cexit
_recalloc
_resetstkoflw
malloc
calloc
wcsncpy
_purecall
_wtoi64
_wtoi
_wcsdup
free
_wsetlocale
wcscmp
wcsftime
iswpunct
iswascii
towupper
iswspace
wcscpy
_wsplitpath
wcslen
_wmakepath
wcstol
wcstoul
memset
div
memcpy_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
memcpy

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
WideCharToMultiByte
GetLongPathNameW
Sleep
SystemTimeToFileTime
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
DeleteCriticalSection
InitializeCriticalSection
LocalFree
LocalAlloc
EnterCriticalSection
LocalLock
InterlockedExchange
lstrlenW
MultiByteToWideChar
LeaveCriticalSection
LocalUnlock
GetUserDefaultLangID
WriteFile
CreateFileW
GetTickCount
GetTempFileNameW
GetTempPathW
GetModuleHandleW
SetLastError
FreeResource
LoadResource
LockResource
SizeofResource
DeleteFileW
GetTimeZoneInformation
MoveFileW
GetVersionExW
CloseHandle
GetProcAddress
GetLastError
GetModuleFileNameW
LoadLibraryW
LoadLibraryExW
FreeLibrary
LoadLibraryA
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
FindResourceW

user32

EnumChildWindows
MoveWindow
SetWindowTextW
GetMenuDefaultItem
LoadMenuW
GetMenuState
SetWindowRgn
RegisterWindowMessageW
DrawTextW
GetKeyState
DrawIconEx
AnimateWindow
WindowFromPoint
PtInRect
GetDC
GetCapture
InflateRect
SystemParametersInfoW
ReleaseDC
GetSysColor
SetLayeredWindowAttributes
ClipCursor
IsIconic
GetMenuItemID
PostMessageW
IsZoomed
GetClientRect
GetWindowLongW
GetMenuItemCount
GetDlgItem
ShowWindow
MapWindowPoints
GetWindowRect
TranslateAcceleratorW
GetFocus
SetForegroundWindow
GetForegroundWindow
PostQuitMessage
ReleaseCapture
LoadCursorW
SetCursor
GetSystemMetrics
InsertMenuW
InsertMenuItemW
LoadAcceleratorsW
CopyRect
EnableMenuItem
SetMenuDefaultItem
GetSubMenu
EndMenu
LoadIconW
ChildWindowFromPoint
SetCapture
LockWindowUpdate
ClientToScreen
SetWindowPos
LoadStringW
SendMessageW
GetNextDlgTabItem
GetClassNameW
GetCursorPos
GetDesktopWindow
WinHelpW
EnableWindow
SetTimer
MessageBoxW
ScreenToClient
KillTimer
GetParent
InvalidateRect

gdi32

DeleteObject
StretchBlt
CreateDIBSection
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
BitBlt
Ellipse
CreateCompatibleDC
CreateRectRgnIndirect
CombineRgn
CreateCompatibleBitmap
GetDIBColorTable
GetObjectW
CreateRectRgn
CreatePatternBrush
GetPixel
TextOutW
CreateSolidBrush
DeleteDC
SetDIBColorTable
CreateFontIndirectW

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW

comctl32

InitCommonControlsEx

ole32

CreateStreamOnHGlobal

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
SysFreeString
VarUdateFromDate

Sections

.text
Size: 558KB - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vrdata
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

da4fd8caaf0b72a924c491eab1a5abba

Headers

DLL Characteristics

File Characteristics

Imports

ngscm

msimg32

version

gdiplus

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

Sections

.text Size: 558KB - Virtual size: 557KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 17KB - Virtual size: 16KB

.vrdata Size: 76KB - Virtual size: 76KB

.text
Size: 558KB - Virtual size: 557KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 17KB - Virtual size: 16KB

.vrdata
Size: 76KB - Virtual size: 76KB