d1b4278be473a7ffb2325e0b45b3ea93bb4bfcef533db2bd14cc4fbb0842c386

Sharing

Copy URL Twitter E-mail

General

Target

d1b4278be473a7ffb2325e0b45b3ea93bb4bfcef533db2bd14cc4fbb0842c386
Size

209KB
MD5

93d37c8fc412124b68709db3270901af
SHA1

cc97b8a249cdb92fa7daaca0dc57784b4aa7c570
SHA256

d1b4278be473a7ffb2325e0b45b3ea93bb4bfcef533db2bd14cc4fbb0842c386
SHA512

197b57189d67bfa4236101d561e2a0119e3ed25d120b79ed81b628be76fcc9d43fad2d51cabb2342cfdb2cc97f14989d47d7b2ba2309fd92638dce3705679ce0
SSDEEP

3072:atHF79SbIPbfj9Ye9289hfH9K0HLPHhhp7pp9DWhynWClapCWUODZ1vGHp:AHFEk9BZ9hfd7rZhbDWhyuCWUOv+Hp

Score

N/A

Malware Config

Signatures

Files

d1b4278be473a7ffb2325e0b45b3ea93bb4bfcef533db2bd14cc4fbb0842c386
.exe windows x86

cf5180f0c321f4520768ed5c0587eee2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord303
ord538
ord3998
ord5228
ord1173
ord1561
ord5264
ord2719
ord2722
ord2721
ord1127
ord6238
ord1897
ord4215
ord2576
ord3649
ord2430
ord2858
ord1637
ord2854
ord2371
ord2857
ord6466
ord6896
ord6688
ord3991
ord6898
ord2520
ord3281
ord609
ord692
ord6882
ord3516
ord2810
ord6398
ord1144
ord6266
ord1635
ord2445
ord5706
ord5679
ord1651
ord4369
ord4846
ord3379
ord482
ord2397
ord2519
ord3296
ord384
ord686
ord1863
ord548
ord2385
ord1934
ord4267
ord5255
ord3995
ord6004
ord3394
ord3729
ord3298
ord3909
ord1834
ord4237
ord620
ord2715
ord2382
ord3054
ord5094
ord5097
ord4298
ord3345
ord5006
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord674
ord794
ord796
ord807
ord3476
ord795
ord2970
ord3865
ord4407
ord6191
ord5906
ord975
ord6456
ord3133
ord4158
ord6487
ord554
ord529
ord527
ord366
ord5867
ord6063
ord5996
ord6616
ord1089
ord6611
ord3636
ord4451
ord2244
ord5248
ord5848
ord2606
ord2225
ord942
ord693
ord3289
ord897
ord6865
ord4394
ord3625
ord682
ord2455
ord4270
ord3621
ord2406
ord3688
ord3568
ord3701
ord5298
ord2572
ord3397
ord567
ord640
ord2442
ord5674
ord4128
ord4292
ord5784
ord472
ord283
ord5782
ord5732
ord1633
ord323
ord535
ord1197
ord1196
ord4155
ord1226
ord6330
ord3716
ord2293
ord2294
ord6193
ord3087
ord1263
ord1264
ord6665
ord4078
ord6770
ord2567
ord4390
ord3569
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord2637
ord6195
ord1900
ord4709
ord1683
ord5284
ord4433
ord2046
ord4425
ord496
ord771
ord4254
ord1008
ord4282
ord5155
ord5156
ord5154
ord4899
ord4736
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord4970
ord491
ord2638
ord656
ord3870
ord3605
ord1899
ord489
ord768
ord4253
ord2574
ord4396
ord3365
ord3635
ord3993
ord547
ord3297
ord3366
ord4717
ord4279
ord4426
ord1719
ord3743
ord5286
ord5236
ord4397
ord1768
ord6051
ord4103
ord4955
ord4958
ord4518
ord4523
ord4520
ord4537
ord4539
ord4525
ord4884
ord4343
ord4335
ord5070
ord4886
ord4364
ord4893
ord4582
ord4583
ord2575
ord813
ord4526
ord5249
ord4239
ord1841
ord338
ord652
ord4420
ord4617
ord6171
ord6076
ord3193
ord3449
ord3917
ord5727
ord2504
ord2546
ord4480
ord4381
ord2391
ord4852
ord4947
ord5649
ord3167
ord5573
ord1739
ord5736
ord5239
ord2534
ord2502
ord6332
ord3060
ord3053
ord4690
ord4817
ord858
ord4414
ord4233
ord1817
ord5208
ord861
ord940
ord1229
ord2613
ord6113
ord520
ord986
ord6211
ord1145
ord2362
ord956
ord5977
ord2621
ord2634
ord2717
ord561
ord815
ord3733
ord4418
ord4616
ord5285
ord5710
ord5303
ord4692
ord6617
ord4074
ord6371
ord296
ord617
ord3658
ord5214
ord2644
ord1662
ord1143
ord2859
ord1172
ord1165
ord823
ord825
ord4229
ord800
ord324
ord540
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord1569
ord5059
ord3744
ord6372
ord5296
ord3341
ord2388
ord1634
ord5193
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord4269
ord4604
ord6561
ord4606

msvcrt

_wsplitpath
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_vsnwprintf
exit
_cexit
_XcptFilter
_exit
_c_exit
_wcsicmp
swscanf
wcsstr
wcscat
rand
wcsrchr
wcscpy
swprintf
wcsncpy
_purecall
wcslen
wcsncmp
wcschr
wcscmp
time
srand
free
_wcsdup
_snwprintf
__CxxFrameHandler
_wcsnset
iswalpha
_wcmdln

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
RegCloseKey
CopySid
GetLengthSid
IsValidSid
GetTokenInformation
OpenProcessToken
OpenThreadToken

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
CopyFileW
FindFirstFileW
FindNextFileW
FindClose
WaitForSingleObject
MoveFileW
GetFileAttributesW
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SetLastError
GetNumberFormatW
GetLocaleInfoW
GetTempPathW
GetCurrentProcessId
CreateFileW
GetTickCount
GetModuleFileNameW
LocalFree
DeleteFileW
FormatMessageW
GetModuleHandleA
CreateThread
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
CreateEventW
LeaveCriticalSection
EnterCriticalSection
SetEvent
GetProfileIntW
GetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
LoadLibraryA
GetVersion
GetVersionExW
MoveFileExW
GetFileType
GetTempFileNameW
GetSystemTime
GetFileInformationByHandle
GetStringTypeExW
GetTimeFormatW
ReadFile
ExpandEnvironmentStringsW
lstrlenW
GetProcessHeap
HeapAlloc
HeapFree
GetDateFormatW
GetComputerNameW
CreateDirectoryW
GetCurrentThread
GetStartupInfoW

gdi32

CreateRectRgnIndirect
GetTextExtentPoint32W
DeleteObject

user32

ShowWindow
WinHelpW
FillRect
DrawTextW
GetMessageW
MsgWaitForMultipleObjects
GetParent
MessageBeep
GetWindowContextHelpId
EndDialog
DialogBoxParamW
FindWindowW
IsIconic
CopyRect
GetCursorPos
GetWindowRect
PostMessageW
UpdateWindow
SetActiveWindow
SetCapture
GetLastActivePopup
GetMenuItemCount
SetForegroundWindow
EnableWindow
LoadCursorW
LoadIconW
UnregisterClassW
SetFocus
SetWindowPos
ReleaseCapture
DeleteMenu
PtInRect
LoadImageW
GetWindowLongW
SetWindowLongW
GetSysColor
GetMessagePos
SetCursor
InvalidateRect
GetDC
ScreenToClient
ClientToScreen
LoadMenuW
GetSubMenu
DestroyWindow
PeekMessageW
TranslateMessage
DispatchMessageW
CreateDialogParamW
LoadStringW
SetDlgItemTextW
SendDlgItemMessageW
GetDlgItem
SendMessageW
DefWindowProcW

fxsapi

FaxGetArchiveConfigurationW
FaxRefreshArchive
FaxGetSenderInformation
FaxFreeSenderInformation
FaxSetJobW
FaxFreeBuffer
FaxRemoveMessage
FaxEndMessagesEnum
FaxEnumMessagesW
FaxStartMessagesEnum
FaxGetMessageW
FaxEnumJobsExW
FaxGetJobExW
FaxConnectFaxServerW
FaxClose
FaxUnregisterForServerEvents
FaxRegisterForServerEvents
FaxAccessCheckEx
FaxGetQueueStates
FaxGetMessageTiffW
FaxGetSenderInfoW
FaxSetSenderInformation
FaxGetRecipientInfoW

fxstiff

TiffPrintDC
TiffAddMsTags
GetW2kMsTiffTags
FreeMsTagInfo

comdlg32

GetOpenFileNameW
GetSaveFileNameW

ole32

OleInitialize
OleUninitialize

shell32

ord258
ShellExecuteExW
SHBrowseForFolderW
SHGetMalloc
SHGetPathFromIDListW
ShellExecuteW
SHFileOperationW
ShellAboutW
ord259

winspool.drv

EnumPrintersW

comctl32

ImageList_Destroy
ImageList_LoadImageW

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf5180f0c321f4520768ed5c0587eee2

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

msvcp60

advapi32

kernel32

gdi32

user32

fxsapi

fxstiff

comdlg32

ole32

shell32

winspool.drv

comctl32

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 67KB - Virtual size: 69KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 67KB - Virtual size: 69KB

.rsrc
Size: 12KB - Virtual size: 12KB