d1da13db41921cd9cf6ef86e5cac685b9a86800ba23a4fe3ab04f014ccc1efaf

Sharing

Copy URL Twitter E-mail

General

Target

d1da13db41921cd9cf6ef86e5cac685b9a86800ba23a4fe3ab04f014ccc1efaf
Size

1024KB
MD5

82df65dfdf31f2da52f5b41b06f8b7f0
SHA1

e2112781ff62437a7397d017a14b0db1cd758099
SHA256

d1da13db41921cd9cf6ef86e5cac685b9a86800ba23a4fe3ab04f014ccc1efaf
SHA512

abc6ff707ef296d0d0e7711c2789166be67fbf1c7d1510fb79b0fa3e3a4b493bb0afe21bff0e19e0fa1919cbfdd6221d2d1ed7c05e6c41ae9993a9209dc1ca50
SSDEEP

24576:mjwmspi5L2/JZlOVDwDQuD+RtKOOOOaOOOOt+VfRp:EwOhHatOOOOaOOOOt+VfR

Score

N/A

Malware Config

Signatures

Files

d1da13db41921cd9cf6ef86e5cac685b9a86800ba23a4fe3ab04f014ccc1efaf
.exe windows x86

e24a15e89425fe6de9937d1899c9f26c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

clclient

ord1
ord2

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePen
GdipDrawLineI
GdipFree
GdipCloneBrush
GdipAlloc
GdipCreateLineBrushI
GdipSetLinePresetBlend
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetStringFormatLineAlign
GdipCreatePen1
GdipMeasureString
GdipCreateSolidFill
GdipDrawString
GdipDeleteBrush
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipCreateFromHDC
GdipSetSmoothingMode
GdipSetInterpolationMode

mfc42

ord2122
ord6178
ord6358
ord1088
ord2431
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5714
ord4622
ord3738
ord815
ord459
ord561
ord743
ord4160
ord617
ord5301
ord296
ord6354
ord6352
ord5500
ord5716
ord5717
ord2036
ord986
ord520
ord4159
ord6117
ord2621
ord1134
ord1199
ord1205
ord2725
ord6283
ord6282
ord5289
ord539
ord1825
ord4238
ord2486
ord4003
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord1206
ord2623
ord338
ord1223
ord4823
ord1841
ord4241
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4340
ord4347
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord6054
ord5240
ord5281
ord3748
ord1725
ord5260
ord2091
ord4432
ord364
ord784
ord4720
ord4456
ord5037
ord1871
ord926
ord2614
ord5572
ord2818
ord940
ord609
ord613
ord289
ord5789
ord6172
ord2859
ord3693
ord2860
ord6171
ord4465
ord5787
ord3996
ord3286
ord6905
ord3874
ord2135
ord1949
ord4034
ord3706
ord5785
ord2405
ord4396
ord5781
ord4123
ord6880
ord2642
ord686
ord384
ord2408
ord2096
ord2841
ord3495
ord2086
ord2864
ord2820
ord3811
ord6778
ord5856
ord3870
ord2639
ord3181
ord3310
ord3178
ord4058
ord2781
ord2770
ord356
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord2107
ord5450
ord5440
ord6383
ord6394
ord798
ord533
ord922
ord2574
ord3572
ord2575
ord3574
ord1793
ord2078
ord3089
ord4793
ord1842
ord4242
ord6605
ord6380
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord2649
ord1665
ord4436
ord4427
ord674
ord366
ord4457
ord2863
ord5252
ord4413
ord5030
ord1768
ord5054
ord5282
ord2884
ord1834
ord5067
ord4635
ord4607
ord4716
ord4750
ord5016
ord4375
ord4852
ord4710
ord4834
ord4229
ord4608
ord4224
ord2784
ord3721
ord795
ord3873
ord3797
ord2302
ord6453
ord283
ord2370
ord2297
ord2363
ord6334
ord3092
ord4476
ord1779
ord4055
ord324
ord4234
ord816
ord562
ord4133
ord4297
ord1176
ord472
ord446
ord1200
ord809
ord556
ord2452
ord3571
ord323
ord1640
ord5875
ord2450
ord640
ord823
ord5710
ord2729
ord2730
ord6467
ord2727
ord4226
ord290
ord2622
ord614
ord1799
ord2233
ord1265
ord3258
ord5194
ord2393
ord5465
ord2763
ord1997
ord1601
ord6143
ord4278
ord6883
ord5861
ord4277
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord5241
ord4407
ord1776
ord4078
ord6055
ord3640
ord3370
ord5261
ord2385
ord4402
ord2582
ord3573
ord3619
ord3610
ord3402
ord2915
ord3177
ord939
ord535
ord4202
ord2764
ord941
ord6215
ord537
ord355
ord2515
ord3499
ord5683
ord4129
ord858
ord641
ord5981
ord470
ord755
ord4299
ord2100
ord2089
ord2379
ord1641
ord6378
ord6197
ord4284
ord1168
ord1146
ord6199
ord1233
ord6442
ord924
ord4275
ord2414
ord3663
ord3626
ord825
ord567
ord540
ord2243
ord860
ord818
ord693
ord656
ord800
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord668
ord3136
ord5788
ord1576

msvcrt

fprintf
rand
memset
strlen
_mbsinc
sprintf
strcpy
strcat
memcpy
_strnicmp
_snprintf
wcsrchr
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
__RTDynamicCast
isprint
printf
_CIacos
div
_CIpow
strncmp
__CxxLongjmpUnwind
_setjmp3
longjmp
realloc
calloc
malloc
atoi
fclose
fopen
strncpy
_ismbslead
fwrite
wcslen
_wfopen
free
getc
fputc
fflush
ftell
strncat
_vsnwprintf
_wmkdir
_snwprintf
_vsnprintf
_mkdir
strrchr
ceil
memmove
_CxxThrowException
fread
fseek
exit
vsprintf
wcsncpy
_getcwd
_iob
gmtime
strtod
_setmbcp
strtok
_stricmp
__p___argc
_mbsicmp
__p___argv
time
_ftol
floor
_mbscmp
abort
_access
_purecall
__CxxFrameHandler

kernel32

FindResourceA
_lread
_lclose
CreateThread
CreateEventA
WriteFile
InterlockedDecrement
InterlockedIncrement
GetLastError
VirtualAllocEx
SetUnhandledExceptionFilter
CreateEventW
GetCurrentProcess
SearchPathW
DuplicateHandle
CreateProcessW
WaitForSingleObject
GetStartupInfoA
GetModuleHandleA
CreateFileA
ReadFile
CloseHandle
GlobalAlloc
GlobalLock
GlobalUnlock
SizeofResource
LoadResource
LockResource
MulDiv
lstrcpyA
CreateDirectoryA
DeleteFileA
MultiByteToWideChar
OutputDebugStringA
QueryPerformanceCounter
GetPrivateProfileIntW
GetPrivateProfileStringW
QueryPerformanceFrequency
WritePrivateProfileStringW
GetLocalTime
OutputDebugStringW
GetWindowsDirectoryA
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrlenA
SetLastError
GetModuleFileNameW
GetPrivateProfileIntA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
GetTickCount
TerminateProcess
HeapFree
GetProcessHeap
HeapAlloc
GlobalFree
GlobalReAlloc
FindClose
FindFirstFileA
CopyFileA
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
SetErrorMode
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
_lopen

user32

DestroyIcon
CallWindowProcA
GetClassNameA
EnumChildWindows
ShowWindow
SetWindowRgn
GetParent
GetWindowLongA
SetWindowLongA
SetCursor
LoadCursorA
OffsetRect
DestroyCursor
PtInRect
DefWindowProcA
UnregisterClassA
RegisterClassA
CreateWindowExA
DestroyWindow
mouse_event
SetCursorPos
GetCursorPos
SetActiveWindow
wsprintfA
AppendMenuA
GetSystemMenu
DestroyMenu
GetWindowDC
ScreenToClient
IsZoomed
SystemParametersInfoA
SetCapture
RedrawWindow
ReleaseCapture
SetWindowTextA
IsWindowEnabled
FrameRect
GetIconInfo
EqualRect
CopyRect
GetDesktopWindow
UpdateWindow
LoadImageA
EnableWindow
PostMessageA
ClientToScreen
DrawIconEx
FillRect
ReleaseDC
GetDC
GetCursor
IsWindowVisible
FlashWindow
GetActiveWindow
FindWindowA
SetForegroundWindow
LoadBitmapA
SetRect
SendMessageA
LoadIconA
SetTimer
KillTimer
InvalidateRect
IsWindow
DrawTextA
GetClientRect
MoveWindow
GetWindowRect
IsIconic
GetSystemMetrics

gdi32

GetCurrentObject
CreatePenIndirect
CreateBrushIndirect
CreateFontIndirectA
CreateCompatibleBitmap
CombineRgn
CreateRectRgnIndirect
CreateBitmap
GetDeviceCaps
GetTextMetricsA
GetBkMode
GetBitmapDimensionEx
GetTextExtentPoint32A
GetTextCharacterExtra
GetStockObject
CreateFontA
OffsetRgn
CreateRectRgn
CreatePen
CreateDIBitmap
GetDIBits
RealizePalette
SetStretchBltMode
ExtSelectClipRgn
GetClipBox
SetBkColor
RectVisible
StretchDIBits
TextOutA
CreateCompatibleDC
DeleteDC
SetDIBitsToDevice
CreateDIBSection
GetObjectA
DeleteObject
BitBlt
SelectObject
SetBkMode
SetTextColor
ExtCreateRegion
SetPixel
GetPixel
StretchBlt
CreateSolidBrush

advapi32

RegCloseKey
RegCreateKeyA
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
ShellExecuteA
SHFileOperationA
SHChangeNotify

comctl32

ImageList_AddMasked
ImageList_SetBkColor
_TrackMouseEvent
ImageList_GetIcon
ImageList_GetImageCount

ole32

CoInitialize
CoDisconnectObject
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoUninitialize

msvcp60

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??_8?$basic_fstream@DU?$char_traits@D@std@@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_fstream@DU?$char_traits@D@std@@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??_7?$basic_fstream@DU?$char_traits@D@std@@@std@@6B@
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

PlaySoundA

zlib1

inflate
inflateEnd
deflateReset
deflateInit2_
deflateEnd
deflate
inflateInit_
inflateReset
crc32

wsock32

gethostname
htonl
ntohl
inet_addr
gethostbyname

ddraw

DirectDrawCreate

oleaut32

SysFreeString

Sections

.text
Size: 540KB - Virtual size: 538KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

N4.
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e24a15e89425fe6de9937d1899c9f26c

Headers

File Characteristics

Imports

clclient

gdiplus

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

msvcp60

version

winmm

zlib1

wsock32

ddraw

oleaut32

Sections

.text Size: 540KB - Virtual size: 538KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 28KB - Virtual size: 49KB

.rsrc Size: 284KB - Virtual size: 281KB

N4. Size: 92KB - Virtual size: 92KB

.text
Size: 540KB - Virtual size: 538KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 28KB - Virtual size: 49KB

.rsrc
Size: 284KB - Virtual size: 281KB

N4.
Size: 92KB - Virtual size: 92KB