da57f8d6d9d7dd541bc22f7e7d041f1db18605db171d0cc2dc97f5c94687d927

Sharing

Copy URL Twitter E-mail

General

Target

da57f8d6d9d7dd541bc22f7e7d041f1db18605db171d0cc2dc97f5c94687d927
Size

810KB
MD5

93758a1392bb13e9f1a4625c9ddc6450
SHA1

66ea789cd9c605ad3335929b66ecdaeb9e240ac4
SHA256

da57f8d6d9d7dd541bc22f7e7d041f1db18605db171d0cc2dc97f5c94687d927
SHA512

9a218a8bff4e74da59e5d3c52b2f0d641b27b5a225ca624446fb4965f6d83bd66abb803ce5daf19332ef0497d154e4174845f79daadc01024bf96b0b39e04757
SSDEEP

12288:693lM0BdN/mVQOmxXkQtFAvGsmi/PcT+xt4vFejhUj3akIG777777Q:693lxV/mVQOSfAvGYcTvFe6qJ

Score

N/A

Malware Config

Signatures

Files

da57f8d6d9d7dd541bc22f7e7d041f1db18605db171d0cc2dc97f5c94687d927
.exe windows x86

5855422e819db6bf2078d5b8c8e93496

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RevertToSelf
RegQueryValueW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
LogonUserW
DuplicateToken
ImpersonateLoggedOnUser

kernel32

MoveFileW
CreateProcessW
SetFileTime
CreateThread
CreateEventW
SetEvent
GetNumberFormatW
FormatMessageW
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
ReadFile
WriteFile
OutputDebugStringW
GetFileTime
InterlockedDecrement
CreateDirectoryW
GetComputerNameW
GetLocaleInfoW
GetDateFormatW
WideCharToMultiByte
MultiByteToWideChar
GetTimeFormatW
GetStringTypeExW
CopyFileW
GetSystemTime
GetTempPathW
FindNextFileW
SystemTimeToFileTime
FileTimeToSystemTime
GetFileAttributesW
FileTimeToLocalFileTime
FindFirstFileW
FindClose
QueueUserWorkItem
CreateFileW
GetFileType
CloseHandle
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
SetLastError
GetVersionExW
GetVersion
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
MulDiv
GetFileAttributesExW
CopyFileExW
lstrlenA
FlushFileBuffers
RaiseException
ResumeThread
WaitForMultipleObjects
GetModuleFileNameW
GetFullPathNameW
ExpandEnvironmentStringsW
lstrlenW
GetModuleHandleW
GetProcAddress
GetEnvironmentVariableW
GetCommandLineW
LocalAlloc
InitializeCriticalSection
DeleteCriticalSection
HeapSetInformation
lstrcmpW
DeleteFileW
LoadLibraryA
GetTempFileNameW
LoadLibraryW
LocalFree
FreeLibrary
GetLastError
InterlockedIncrement

gdi32

GetCurrentObject
DeleteObject
CreateFontIndirectW
GetViewportOrgEx
GetDeviceCaps
GetObjectW
GetTextExtentPoint32W

user32

SetDlgItemTextW
GetMenuItemCount
GetMenuStringW
GetSubMenu
GetDlgItemTextW
GetWindowLongW
SetWindowLongW
GetDlgItem
MessageBoxW
LoadStringW
WinHelpW
ShowWindow
DeleteMenu
GetSysColor
DispatchMessageW
TranslateMessage
GetMessageW
InsertMenuW
LoadMenuW
GetMenu
DefWindowProcW
SetMenu
SetWindowPos
SetFocus
MsgWaitForMultipleObjects
LoadImageW
SendDlgItemMessageW
DrawMenuBar
UnregisterClassW
CreateDialogParamW
PeekMessageW
DestroyWindow
GetDC
ReleaseDC
EnableMenuItem
GetSystemMenu
GetWindowContextHelpId
LoadIconW
SetForegroundWindow
GetLastActivePopup
SetCapture
SetActiveWindow
IsWindowVisible
UpdateWindow
IsIconic
CheckDlgButton
IsDlgButtonChecked
CheckRadioButton
DialogBoxParamW
GetSystemMetrics
EndDialog
GetActiveWindow
DestroyMenu
InSendMessage
GetCursorPos
ClientToScreen
ReleaseCapture
GetWindowRect
FindWindowW
DestroyIcon
GetMessagePos
SetCursor
LoadCursorW
GetParent
IsWindow
DrawTextW
CharNextW
InvalidateRect
ScreenToClient
PostMessageW
SendMessageW
SetRect
PtInRect
GetClientRect
EnableWindow
GetFocus
RedrawWindow
PostThreadMessageW

mfc42u

ord5276
ord1767
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord4229
ord6139
ord1172
ord617
ord541
ord296
ord3658
ord5214
ord801
ord861
ord815
ord561
ord3733
ord4616
ord5710
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord2717
ord1216
ord2634
ord2621
ord5977
ord2362
ord1145
ord6191
ord3865
ord2910
ord986
ord520
ord6113
ord2613
ord1229
ord940
ord5208
ord1131
ord1202
ord3948
ord1817
ord4233
ord338
ord4420
ord4617
ord6171
ord6076
ord3193
ord3449
ord4381
ord2391
ord4852
ord4947
ord5649
ord3167
ord5573
ord1739
ord5736
ord5239
ord2534
ord2502
ord6332
ord3060
ord3053
ord4690
ord652
ord4414
ord4817
ord1841
ord4239
ord5249
ord4526
ord813
ord4426
ord1719
ord3743
ord5236
ord4397
ord4103
ord4955
ord4958
ord4518
ord4523
ord4520
ord4537
ord4539
ord4525
ord4884
ord4343
ord4335
ord5070
ord4886
ord4364
ord4893
ord4582
ord4583
ord2575
ord4279
ord4717
ord303
ord3636
ord3366
ord1834
ord4260
ord4237
ord529
ord3717
ord2436
ord5254
ord5275
ord6365
ord5230
ord4398
ord1707
ord1702
ord5079
ord2381
ord4116
ord5467
ord4051
ord4359
ord2522
ord6150
ord2577
ord796
ord620
ord674
ord686
ord807
ord4421
ord4430
ord1658
ord2641
ord5278
ord5233
ord4072
ord2873
ord2874
ord3398
ord5006
ord3345
ord4298
ord5097
ord5094
ord3054
ord2382
ord2715
ord3516
ord5906
ord4219
ord3649
ord2576
ord4215
ord2430
ord2858
ord1637
ord4294
ord3133
ord4158
ord6487
ord554
ord384
ord366
ord4146
ord5881
ord5880
ord2916
ord3284
ord535
ord2244
ord5248
ord2606
ord3289
ord2810
ord537
ord6398
ord3561
ord2970
ord6266
ord5867
ord6063
ord5996
ord6616
ord6561
ord6611
ord6617
ord4451
ord5468
ord975
ord2447
ord4140
ord6928
ord5857
ord858
ord4272
ord6654
ord6655
ord538
ord817
ord765
ord1940
ord4221
ord1106
ord860
ord642
ord4358
ord5076
ord1705
ord6049
ord5244
ord327
ord2079
ord4230
ord1809
ord2572
ord4394
ord3625
ord682
ord323
ord1633
ord5785
ord2442
ord640
ord1634
ord2855
ord4267
ord2144
ord560
ord4530
ord4268
ord1937
ord289
ord613
ord3750
ord1230
ord5140
ord4686
ord3092
ord4124
ord925
ord1972
ord2914
ord5947
ord3090
ord3871
ord1808
ord2115
ord6212
ord6127
ord6438
ord5031
ord5256
ord4883
ord4957
ord4954
ord1718
ord517
ord784
ord4257
ord1912
ord3314
ord355
ord2507
ord6390
ord5446
ord2099
ord2836
ord5210
ord920
ord837
ord3494
ord3170
ord2756
ord3905
ord2615
ord6003
ord6379
ord5436
ord1569
ord5949
ord3693
ord565
ord2718
ord4419
ord3592
ord324
ord641
ord5285
ord4458
ord3792
ord6278
ord5299
ord4693
ord4269
ord4604
ord4606
ord6279
ord3176
ord3291
ord4120
ord2755
ord2809
ord6437
ord540
ord4155
ord2070
ord800
ord6193
ord1143
ord2567
ord4390
ord3397
ord3569
ord567
ord2371
ord1165
ord4270
ord4831
ord4435
ord609
ord818
ord1941
ord6116
ord5032
ord4259
ord527
ord6228
ord6226
ord6144
ord2560
ord6264
ord6267
ord3220
ord3252
ord3907
ord2536
ord2535
ord2503
ord978
ord1724
ord2390
ord2410
ord6220
ord6222
ord2421
ord2242
ord4726
ord4535
ord5473
ord2251
ord6051
ord4073
ord1768
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5286
ord3793
ord4830
ord4434
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3386
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4418
ord3715
ord794
ord3490
ord2879
ord823
ord2859
ord825
ord2878
ord5847
ord3087
ord6211
ord3476
ord3911
ord5945
ord5568
ord3292
ord4273
ord4199
ord922
ord6920
ord356
ord2762
ord2773
ord4053
ord668
ord536
ord5852
ord3393
ord5825
ord3721
ord4266
ord3728
ord810
ord4253
ord768
ord489
ord1899
ord2638
ord4970
ord491
ord5155
ord5156
ord5154
ord4899
ord4736
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord1008
ord4254
ord771
ord4709
ord1683
ord795
ord6456
ord693
ord4407
ord942
ord1144
ord941
ord3517
ord1635
ord1197
ord1196
ord2385
ord1226
ord1934
ord5255
ord1560
ord3621
ord2406
ord268
ord3614
ord3995
ord6004
ord3729
ord3394
ord3298
ord3909
ord2857
ord2445
ord2854
ord1662
ord2644
ord6896
ord6688
ord3991
ord6898

msvcrt

_controlfp
_wsplitpath_s
memcpy_s
memmove_s
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
__CxxFrameHandler3
??0exception@@QAE@XZ
memset
_vsnwprintf
_wcsdup
free
srand
time
__RTDynamicCast
_ftol2
_errno
realloc
_wcsicoll
_wcsupr
wcscat_s
wcscpy_s
_vscwprintf
strchr
wcsstr
rand
_purecall
_wtoi
iswalpha
wcsncmp
wcsspn
wcschr
_wcsnset
wcsrchr
_wcstoui64
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
wcstok
_wcsnicmp
_exit
_cexit
__wgetmainargs
malloc
_callnewh
_itow
_wcsicmp
memcpy
swscanf
_ftol2_sse
_except_handler4_common

ntdll

WinSqmIncrementDWORD
WinSqmAddToStream

shlwapi

PathIsContentTypeW
StrTrimW
PathIsUNCServerShareW
PathAppendW
PathRemoveFileSpecW
SHSetValueW
SHGetValueW
ord487
PathFileExistsW

ole32

CoGetObject
CoCreateInstance
CoInitialize
CoUninitialize
OleUninitialize
StringFromGUID2
CoTaskMemFree
PropVariantClear
FreePropVariantArray
StgOpenStorageEx
CoInitializeEx
OleRun
OleInitialize

shell32

SHBrowseForFolderW
SHGetMalloc
ShellExecuteW
SHGetFolderPathW
SHSetLocalizedName
SHGetFolderPathAndSubDirW
SHChangeNotify
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
CommandLineToArgvW
ShellAboutW
SHFileOperationW
SHGetFileInfoW
ord165
SHGetDesktopFolder

winspool.drv

AddPrinterW
SetPrinterW
DeletePrinterConnectionW
AddPrinterConnectionW
DeletePrinter
DeletePrinterDriverExW
AddMonitorW
InstallPrinterDriverFromPackageW
EnumPrinterDriversW
ClosePrinter
DeleteMonitorW
OpenPrinterW
GetPrinterW
EnumPrintersW

comctl32

CreatePropertySheetPageW
PropertySheetW
ord17
InitCommonControlsEx
ImageList_LoadImageW
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_GetIcon

oleaut32

SysFreeString
VariantClear
VariantChangeType
VariantInit
GetErrorInfo
SysAllocStringByteLen
SysAllocStringLen
SysStringLen
SysStringByteLen
SysAllocString

uxtheme

GetThemeSysFont
SetWindowTheme

crypt32

CryptProtectData
CryptUnprotectData

setupapi

SetupGetInfDriverStoreLocationW

comdlg32

CommDlgExtendedError
GetSaveFileNameW
ChooseFontW
GetOpenFileNameW

gdiplus

GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipImageSelectActiveFrame
GdipGetImagePixelFormat
GdipCreateFromHDC
GdipGetImageHorizontalResolution
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipDeleteBrush
GdiplusStartup
GdipCloneImage
GdipCloneBrush
GdipDrawImageRectRect
GdipDrawImageRect
GdipGetDC
GdipReleaseDC
GdipGetDpiX
GdipGetDpiY
GdipGetImageVerticalResolution
GdipFillRectangle
GdipSaveAdd
GdipGetImageGraphicsContext
GdiplusShutdown
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSetPropertyItem
GdipGetPropertyItem
GdipFree
GdipAlloc
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageRawFormat
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipSaveAddImage

winmm

PlaySoundW

ws2_32

getaddrinfo
WSAStringToAddressW
getnameinfo
WSAStartup
WSACleanup
WSAGetLastError
WSAAddressToStringA
freeaddrinfo

credui

CredUIParseUserNameW

atl

ord31

Sections

.text
Size: 470KB - Virtual size: 470KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zczmxto
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5855422e819db6bf2078d5b8c8e93496

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

ntdll

shlwapi

ole32

shell32

winspool.drv

comctl32

oleaut32

uxtheme

crypt32

setupapi

comdlg32

gdiplus

winmm

ws2_32

credui

atl

Sections

.text Size: 470KB - Virtual size: 470KB

.data Size: 6KB - Virtual size: 11KB

.rsrc Size: 265KB - Virtual size: 265KB

.reloc Size: 67KB - Virtual size: 68KB

zczmxto Size: - Virtual size: 4KB

.text
Size: 470KB - Virtual size: 470KB

.data
Size: 6KB - Virtual size: 11KB

.rsrc
Size: 265KB - Virtual size: 265KB

.reloc
Size: 67KB - Virtual size: 68KB

zczmxto
Size: - Virtual size: 4KB