6b55ac69a6b2569e4bb9b837d31cc0f9b822ca2075f636645a621ccde6f19504

Sharing

Copy URL Twitter E-mail

General

Target

6b55ac69a6b2569e4bb9b837d31cc0f9b822ca2075f636645a621ccde6f19504
Size

928KB
MD5

a1a92929a488844aefa3dbccec5422e0
SHA1

2b704f3792e50f25f0ff7ab12b6455470f44b1f3
SHA256

6b55ac69a6b2569e4bb9b837d31cc0f9b822ca2075f636645a621ccde6f19504
SHA512

a07b35a052ad302f2d05f3c3a52982db14beef5cab3593076aabef03dfb6d8f3a28b1d5c482a4e2249ab91e6ea950806e56221286df053b63e007c7beaef7965
SSDEEP

24576:zpbD/E0dNhQ9VvAodmBOaq/gk6wu+dTt:zpbrE0+9iYekcQ

Score

N/A

Malware Config

Signatures

Files

6b55ac69a6b2569e4bb9b837d31cc0f9b822ca2075f636645a621ccde6f19504
.exe windows x86

b82ceeeafcfa44e871b00d7b104335e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA

kernel32

FreeLibrary
_lclose
GetTickCount
DeleteFileW
GetCurrentProcess
SetEvent
GetModuleHandleW
WaitForSingleObject
MulDiv
CopyFileW
GetProcAddress
FormatMessageW
LocalFree
TlsGetValue
InterlockedIncrement
GetFileInformationByHandle
WriteFile
CreateFileW
GetFileSize
SetFilePointer
ReadFile
CloseHandle
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
LoadLibraryW
GetVersion
GetFileAttributesW
CreateEventW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
RtlUnwind
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetModuleHandleA
Sleep
ExpandEnvironmentStringsA

gdi32

DeleteObject
GetLayout
SetLayout
ExtTextOutW
GetTextMetricsW
CreateBitmap
SetBkColor
BitBlt
StretchBlt
CreateSolidBrush
CreatePen
RoundRect
Rectangle
MoveToEx
LineTo
CreateCompatibleDC
DeleteDC
GetObjectW
SelectObject
SetTextColor
SetBkMode
GetDeviceCaps
CreateFontIndirectW
GetStockObject

user32

UpdateWindow
GetParent
ReleaseDC
GetDC
CreateWindowExW
SetWindowPos
DestroyWindow
PostQuitMessage
DefWindowProcW
RegisterClassExW
CreateDialogParamW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
AppendMenuW
CreatePopupMenu
DeleteMenu
GetMenuItemCount
GetMenu
GetMenuState
MoveWindow
DrawTextW
GetClientRect
MapWindowPoints
GetWindowRect
LoadBitmapW
GetSystemMenu
PostMessageW
SetDlgItemTextW
SetPropW
GetPropW
InvalidateRect
RemovePropW
IsWindow
InflateRect
GetSysColor
DrawFocusRect
DrawEdge
FillRect
SetRect
GetActiveWindow
MapDialogRect
IsWindowEnabled
GetSysColorBrush
NotifyWinEvent
GetDlgCtrlID
LoadImageW
KillTimer
SetTimer
GetDesktopWindow
SetForegroundWindow
CheckDlgButton
LoadIconW
IsDlgButtonChecked
SendDlgItemMessageW
ShowWindow
SetFocus
SendMessageW
SetWindowLongW
GetWindowLongW
DialogBoxParamW
EndDialog
EnableWindow
GetDlgItem
SetWindowTextW
MessageBeep
MessageBoxW
CallWindowProcW
SetCursor
LoadCursorW

msvcrt

_errno
__CxxFrameHandler
_callnewh
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
memmove
?terminate@@YAXXZ
_controlfp
_beginthreadex
_wtoi
memcpy
atoi
srand
rand
free
malloc
_wfindfirst
_purecall
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
memset

shell32

DragQueryFileW
DragFinish

x2utilhl

??0CXString@@QAE@PBD@Z
?Mid@CXString@@QBE?AV1@HH@Z
?appendNullChar@ByteBuffer@@QAEAAV1@XZ
?append@ByteBuffer@@QAEAAV1@ABVCXString@@@Z
??0ByteBuffer@@QAE@ABV?$allocator@E@std@@@Z
??0CXString@@QAE@ABV0@@Z
??0ByteBuffer@@QAE@ABV0@@Z
?ReleaseBuffer@CXString@@QAEXH@Z
?IsEmpty@CXString@@QBEHXZ
?getLpbyte@ByteBuffer@@QBEPAEXZ
?empty@?$vector@EV?$allocator@E@std@@@std@@QBE_NXZ
?GetBufferSetLength@CXString@@QAEPAGH@Z
??1?$vector@VCXString@@V?$allocator@VCXString@@@std@@@std@@QAE@XZ
?GetLpcwstr@CXString@@QBEPBGXZ
??YCXString@@QAEABV0@ABV0@@Z
??H@YG?AVCXString@@ABV0@0@Z
??H@YG?AVCXString@@ABV0@PBG@Z
?Compare@CXString@@QBEHPBG@Z
?Right@CXString@@QBE?AV1@H@Z
?Left@CXString@@QBE?AV1@H@Z
?Empty@CXString@@QAEXXZ
?Find@CXString@@QBEHPBG@Z
?Find@CXString@@QBEHG@Z
?TrimLeft@CXString@@QAEXG@Z
??H@YG?AVCXString@@ABV0@G@Z
??H@YG?AVCXString@@GABV0@@Z
?setWithLpbyte@ByteBuffer@@QAEAAV1@QBEK@Z
?size@?$vector@EV?$allocator@E@std@@@std@@QBEIXZ
?resize@?$vector@EV?$allocator@E@std@@@std@@QAEXI@Z
??H@YG?AVCXString@@PBGABV0@@Z
?Format@CXString@@QAAXPBGZZ
?getDword@ByteBuffer@@QBEKXZ
?Find@CXString@@QBEHPBGH@Z
??4CXString@@QAEABV0@PBD@Z
?getAsStringValue@ByteBuffer@@QBE?AVCXString@@XZ
?GetAsMultiByte@CXString@@QBE?AV?$vector@DV?$allocator@D@std@@@std@@XZ
??YCXString@@QAEABV0@PBG@Z
??0?$vector@VCXString@@V?$allocator@VCXString@@@std@@@std@@QAE@ABV01@@Z
?push_back@?$vector@VCXString@@V?$allocator@VCXString@@@std@@@std@@QAEXABVCXString@@@Z
??0?$vector@VCXString@@V?$allocator@VCXString@@@std@@@std@@QAE@XZ
?Remove@CXString@@QAEHG@Z
?GetAsMultiByte@CXString@@QBEHPADI@Z
?GetSharedPtrMemoryPool@UtilitiesDllPerThreadStorage@@SGAAVFixedBlockSizeMemoryPool@@XZ
?GetUtilitiesDllTlsData@@YGKXZ
?ReturnToPool@FixedBlockSizeMemoryPool@@QAEXPAXI@Z
?IsBlank@CXString@@QBEHXZ
?TrimRight@CXString@@QAEXXZ
?TrimLeft@CXString@@QAEXXZ
?LoadStringW@ResourceLoader@@QAE?AVCXString@@I@Z
?Initialize@TextResourceLoader@@SG_NVCXString@@_N@Z
?GetCurrentUserUILanguage@TextResourceLoader@@SG?AVCXString@@XZ
??1Printer@@UAE@XZ
?LoadDll@ResourceLoader@@QAE_NAAVCXString@@@Z
?GenerateTextDllFilePath@TextResourceLoader@@SG?AVCXString@@PAX@Z
?Initialize@TextResourceLoader@@SG_NPAX_N@Z
?GetPrinterHandle@Printer@@QAEPAX_N@Z
?CreateHandle@Printer@@QAEPAXPBG@Z
??0Printer@@QAE@XZ
??0ResourceLoader@@QAE@XZ
??1ResourceLoader@@QAE@XZ
??YCXString@@QAEABV0@G@Z
?Find@CXString@@QBEHGH@Z
??1OperatingSystem@@UAE@XZ
?UnloadModule@OperatingSystem@@QAEXXZ
?LoadModule@OperatingSystem@@QAEPAUHINSTANCE__@@ABVCXString@@_N@Z
?IsUiThemeEnabled@OperatingSystem@@QAE_NXZ
??0OperatingSystem@@QAE@XZ
?FileExists@OperatingSystem@@QAE_NABVCXString@@@Z
?AllocateFromPool@FixedBlockSizeMemoryPool@@QAEPAXI@Z
?MakeLower@CXString@@QAEXXZ
?Replace@CXString@@QAEHPBG0@Z
??0CXString@@QAE@PBG@Z
?GetLength@CXString@@QBEHXZ
?GetAt@CXString@@QBEGH@Z
??ACXString@@QBEABGH@Z
??4CXString@@QAEABV0@PBG@Z
??1ByteBuffer@@QAE@XZ
?GetBuffer@CXString@@QAEPAGH@Z
?GetWindowTextW@CXString@@QAEHPAUHWND__@@@Z
??0CXString@@QAE@XZ
??4CXString@@QAEABV0@ABV0@@Z
??BCXString@@QBEPBGXZ
?SetWindowTextW@CXString@@QAEHPAUHWND__@@@Z
?LoadStringW@TextResourceLoader@@SG?AVCXString@@I@Z
?CompareNoCase@CXString@@QBEHPBG@Z
??1CXString@@QAE@XZ
?ReverseFind@CXString@@QBEHG@Z

msimg32

TransparentBlt

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b82ceeeafcfa44e871b00d7b104335e9

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

shell32

x2utilhl

msimg32

Sections

.text Size: 131KB - Virtual size: 130KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 282KB - Virtual size: 281KB

.reloc Size: 13KB - Virtual size: 12KB

.vmp0 Size: 500KB - Virtual size: 1.6MB

.text
Size: 131KB - Virtual size: 130KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 282KB - Virtual size: 281KB

.reloc
Size: 13KB - Virtual size: 12KB

.vmp0
Size: 500KB - Virtual size: 1.6MB