21d27ce95a54fc17ea13782007d7b651da097fad5c5d5e5c074571f4fe16d985

Sharing

Copy URL Twitter E-mail

General

Target

21d27ce95a54fc17ea13782007d7b651da097fad5c5d5e5c074571f4fe16d985
Size

541KB
MD5

9357f05b65860f76e92af7af1cdffc39
SHA1

c690966f426ef3a5cfb1da1e027f73a2484ec0c6
SHA256

21d27ce95a54fc17ea13782007d7b651da097fad5c5d5e5c074571f4fe16d985
SHA512

3b1c6b183da9434d8fd26b1fe50109086eb6c206644c8c1d6937a31e115592b200a6fdde9889b836ed0854995cde25e5bfff1ece83cdd6a3a19642b28b5251fc
SSDEEP

12288:d+7pJcMoDg0q5TRjGpjpdYEVc6Um7GES+52oSr2/aIEmt120wGZqw6BtrB1:d2nweTR2jPLnUmvn2oSK/aIEmvZX0

Score

N/A

Malware Config

Signatures

Files

21d27ce95a54fc17ea13782007d7b651da097fad5c5d5e5c074571f4fe16d985
.exe windows x86

f5daf35732a7e3ec10aaddd08023b001

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100u

ord7393
ord9328
ord8346
ord4645
ord5118
ord4901
ord8483
ord5115
ord3996
ord2220
ord4792
ord4794
ord4623
ord6931
ord7624
ord6869
ord1292
ord7548
ord9498
ord11784
ord4086
ord6932
ord13854
ord4744
ord13571
ord13568
ord890
ord6656
ord1987
ord1895
ord3416
ord5261
ord11228
ord7391
ord11240
ord11209
ord1934
ord5264
ord285
ord2629
ord280
ord2614
ord1476
ord286
ord7876
ord11838
ord1300
ord7176
ord6922
ord5862
ord3446
ord5801
ord2185
ord3397
ord6661
ord1296
ord897
ord9333
ord5143
ord11159
ord2852
ord2951
ord2952
ord3491
ord2164
ord2339
ord5276
ord12557
ord10725
ord6156
ord13388
ord7109
ord13382
ord2665
ord3992
ord14067
ord3999
ord4416
ord4383
ord4379
ord4413
ord4434
ord4392
ord4421
ord4430
ord4400
ord4404
ord4408
ord4396
ord4425
ord4388
ord1519
ord1512
ord1514
ord1508
ord1501
ord11244
ord11246
ord12724
ord2853
ord8393
ord10045
ord6247
ord11210
ord8112
ord13380
ord10937
ord11081
ord8277
ord14060
ord14059
ord14132
ord14149
ord14145
ord14147
ord14148
ord14146
ord2418
ord7385
ord2884
ord2887
ord12610
ord5558
ord2078
ord4805
ord13133
ord3402
ord12186
ord8509
ord1950
ord6870
ord6080
ord4356
ord5799
ord2184
ord7967
ord4355
ord4360
ord8264
ord2746
ord917
ord6318
ord337
ord7929
ord6243
ord11940
ord7529
ord11998
ord945
ord11516
ord11997
ord7006
ord374
ord4923
ord4642
ord1440
ord11476
ord11477
ord13381
ord7108
ord13387
ord8530
ord3684
ord3625
ord11864
ord7126
ord1739
ord14162
ord10976
ord13267
ord11469
ord7179
ord13570
ord13567
ord13572
ord13569
ord11116
ord1298
ord266
ord265
ord296
ord902
ord1310
ord1312
ord1479
ord4290
ord11236
ord2089

msvcr100

_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wcscmp
wcscpy
_snwprintf_s
_resetstkoflw
_wunlink
_wstat64i32
__RTDynamicCast
towupper
strncat
strncpy_s
strtok_s
atoi
fsetpos
_fseeki64
fgetpos
setvbuf
_unlock_file
_lock_file
ungetc
fputc
fgetc
memmove
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
_CxxThrowException
__CxxFrameHandler3
??0bad_cast@std@@QAE@PBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_errno
calloc
strtoul
_wsopen
_lseek
_read
_filelength
_vsnwprintf_s
wcstombs
strncpy
wcsncat_s
memcpy
_controlfp_s
_wsplitpath_s
wcsncmp
iswalnum
iswspace
srand
rand
swscanf_s
wcschr
swprintf_s
wcscat_s
memset
realloc
_close
memcpy_s
vswprintf_s
wcsnlen
_vscwprintf
memmove_s
mbstowcs
_time64
_wchmod
__iob_func
wcscpy_s
_wcsnicmp
_wcsicmp
_wcsupr
wcsstr
_wtoi
wcsrchr
_invoke_watson
_wcsdup
mbstowcs_s
malloc
free
fclose
_wrename
fwrite
ferror
_vsnwprintf
_wsplitpath
_wfopen
fflush
_itow
_waccess
wcsncat
wcsncpy
_swprintf
_snwprintf
swscanf
?terminate@@YAXXZ
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
strlen
_wtol
_wgetenv
wcscat
clock
wcsncpy_s
wcslen

kernel32

HeapSize
HeapReAlloc
HeapDestroy
ExpandEnvironmentStringsA
InterlockedExchangeAdd
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
GetTimeFormatW
GetCurrentThreadId
GetStartupInfoW
OpenProcess
GlobalAlloc
GlobalFree
GetCurrentDirectoryW
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
RaiseException
lstrcpynW
OpenEventW
CreateDirectoryW
QueryDosDeviceW
Beep
MoveFileExW
GetLongPathNameW
GetProcessHeap
HeapAlloc
HeapFree
RemoveDirectoryW
GetWindowsDirectoryW
GetTempPathW
ReleaseSemaphore
CreateSemaphoreW
GetVolumeInformationW
FileTimeToSystemTime
VerSetConditionMask
VerifyVersionInfoW
GetCurrentThread
CreateMutexW
FormatMessageW
LocalAlloc
LocalFree
GetSystemDirectoryW
LoadLibraryA
lstrlenW
GetTickCount
GetVersionExW
QueryPerformanceCounter
SetErrorMode
DeviceIoControl
SetLastError
LoadLibraryExW
SetFileAttributesW
CreateProcessW
GetPrivateProfileIntW
WritePrivateProfileStringW
MultiByteToWideChar
LoadLibraryW
GetPriorityClass
SetPriorityClass
CreateToolhelp32Snapshot
OpenThread
Thread32Next
Thread32First
FlushFileBuffers
ResumeThread
SuspendThread
GetDiskFreeSpaceExW
ExitThread
GetProcAddress
WriteFile
FreeLibrary
GetDriveTypeW
SetFilePointer
GetSystemTime
FindNextFileW
FindClose
GetLastError
GetFileAttributesW
FindFirstFileW
InterlockedDecrement
InterlockedIncrement
GetComputerNameW
GetModuleFileNameW
GetExitCodeProcess
CopyFileW
GetModuleHandleW
GetProcessAffinityMask
GetCurrentProcess
CreateThread
GetCurrentProcessId
WaitForMultipleObjects
CreateEventW
ResetEvent
SetThreadPriority
Sleep
TerminateThread
SetEvent
WaitForSingleObject
SystemTimeToFileTime
DeleteFileW
CloseHandle
DeleteCriticalSection
EnterCriticalSection
CreateFileW
ReadFile
LeaveCriticalSection
InitializeCriticalSection
GetFileSize
GetLocalTime
GetPrivateProfileStringW
GetDateFormatW
BackupRead

user32

LoadIconW
DrawIconEx
DestroyIcon
GetParent
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
GetWindowRect
SendMessageW
FillRect
InflateRect
DrawStateW
GetActiveWindow
GetLastActivePopup
MessageBoxW
GetKeyState
EnableWindow
LoadImageW
DispatchMessageW
PeekMessageW
TranslateMessage
IsWindow
GetSystemMetrics
LoadStringW
wsprintfW
ExitWindowsEx
CopyRect
MessageBeep

advapi32

SetEntriesInAclW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
FreeSid
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
RegQueryValueExA
RegOpenKeyExA
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
ReportEventW
DeregisterEventSource
RegisterEventSourceW
DuplicateTokenEx
ImpersonateLoggedOnUser
RegDisablePredefinedCache
SetThreadToken
GetSecurityInfo
GetSecurityDescriptorDacl
BuildExplicitAccessWithNameW
GetUserNameW
SetSecurityInfo
CreateProcessAsUserW
LookupAccountSidW
RegEnumValueW
GetTokenInformation
EqualSid
RegCreateKeyExW
RegSetValueExW
ImpersonateSelf
OpenThreadToken

shell32

SHGetSpecialFolderPathW
ShellExecuteW

comctl32

_TrackMouseEvent
ord17

ole32

CoCreateInstance
CoInitialize

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msvcp100

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Xlength_error@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_BADOFF@std@@3_JB
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ

winmm

sndPlaySoundW

gdi32

GetTextExtentPoint32W
SetPixel
GetPixel
BitBlt
RoundRect
CreateSolidBrush
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject

Sections

.text
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.nrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f5daf35732a7e3ec10aaddd08023b001

Headers

DLL Characteristics

File Characteristics

Imports

mfc100u

msvcr100

kernel32

user32

advapi32

shell32

comctl32

ole32

version

msvcp100

winmm

gdi32

Sections

.text Size: 350KB - Virtual size: 350KB

.rdata Size: 60KB - Virtual size: 60KB

.data Size: 9KB - Virtual size: 24KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 27KB - Virtual size: 27KB

.nrdata Size: 68KB - Virtual size: 68KB

.text
Size: 350KB - Virtual size: 350KB

.rdata
Size: 60KB - Virtual size: 60KB

.data
Size: 9KB - Virtual size: 24KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 27KB - Virtual size: 27KB

.nrdata
Size: 68KB - Virtual size: 68KB