7e55ce50b45577b6e5fe014d62ffd452f423a911434702fb204723a3ff1adef6

Sharing

Copy URL Twitter E-mail

General

Target

7e55ce50b45577b6e5fe014d62ffd452f423a911434702fb204723a3ff1adef6
Size

972KB
MD5

5eff6b07c9c2ffd5c082b5c99f38c5d3
SHA1

c68ad68ccff4e9d17f4d774531e8a31dad8ab150
SHA256

7e55ce50b45577b6e5fe014d62ffd452f423a911434702fb204723a3ff1adef6
SHA512

f9c848e3808d424c3a25025ae44893664fd7751aac6cddf3d25115e9513e66670a178a73cb71d680d54ae206fa0cf23312a38b7765ecd3151d8cb102c7dcdbfd
SSDEEP

12288:cDp5hDt1jj+eY2vVTTTTTTTTCnv8ARmFE/zRfALSap+pImbTUl:cDpDnjj+etk5SEqubBb

Score

N/A

Malware Config

Signatures

Files

7e55ce50b45577b6e5fe014d62ffd452f423a911434702fb204723a3ff1adef6
.exe windows x86

2c03dc39d555446a7517cff94e5033ec

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord6004
ord3995
ord3298
ord3282
ord6330
ord1197
ord2809
ord1196
ord6279
ord2644
ord1662
ord2371
ord4294
ord2372
ord4847
ord3871
ord3312
ord5871
ord4470
ord5977
ord3494
ord2507
ord355
ord4370
ord2350
ord2362
ord942
ord940
ord4270
ord3568
ord2567
ord4390
ord3569
ord609
ord3792
ord4118
ord2070
ord3688
ord2559
ord4128
ord4292
ord5784
ord2072
ord860
ord537
ord755
ord2746
ord5869
ord6168
ord470
ord6238
ord3088
ord4875
ord2081
ord2854
ord6125
ord927
ord3701
ord5777
ord3915
ord6126
ord6124
ord2626
ord5764
ord613
ord5785
ord289
ord472
ord1941
ord818
ord5795
ord6437
ord1230
ord6451
ord1937
ord4268
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4335
ord4343
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4103
ord5236
ord1719
ord5256
ord4426
ord813
ord560
ord4717
ord4502
ord3492
ord4078
ord1920
ord4259
ord1560
ord1258
ord2225
ord268
ord3476
ord4035
ord2732
ord2793
ord3348
ord3574
ord290
ord2855
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord640
ord1633
ord323
ord2397
ord5783
ord6193
ord2745
ord6640
ord816
ord562
ord3133
ord1168
ord1229
ord5568
ord2910
ord1791
ord2606
ord3491
ord4124
ord4016
ord764
ord3023
ord824
ord826
ord6466
ord6375
ord6376
ord3737
ord6153
ord283
ord703
ord603
ord5193
ord2446
ord273
ord403
ord2385
ord1252
ord6303
ord521
ord4162
ord834
ord2755
ord1565
ord2756
ord1130
ord404
ord957
ord1852
ord5445
ord6389
ord909
ord4200
ord3981
ord1769
ord884
ord886
ord463
ord882
ord876
ord878
ord879
ord941
ord536
ord922
ord699
ord3933
ord397
ord5589
ord3433
ord6867
ord912
ord4183
ord4272
ord6489
ord4273
ord4199
ord4197
ord1637
ord4158
ord2914
ord3998
ord4015
ord2719
ord2722
ord2721
ord1172
ord2144
ord6597
ord2444
ord2373
ord4265
ord1131
ord1594
ord3253
ord3000
ord2127
ord3727
ord556
ord809
ord2114
ord1932
ord3290
ord6150
ord2522
ord4360
ord4051
ord5467
ord4116
ord2381
ord1703
ord1708
ord5230
ord6365
ord5275
ord5058
ord5244
ord2436
ord3725
ord554
ord807
ord4263
ord4279
ord3084
ord5047
ord956
ord1821
ord5852
ord4042
ord1764
ord6362
ord2405
ord2016
ord4395
ord692
ord1839
ord4119
ord3798
ord2615
ord1137
ord2558
ord4214
ord2573
ord3634
ord5142
ord3232
ord5679
ord3785
ord5706
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord4667
ord2099
ord6390
ord5446
ord823
ord6379
ord5436
ord2859
ord540
ord858
ord859
ord2810
ord535
ord800
ord6139
ord5257
ord2836
ord825
ord541
ord538
ord801
ord3658
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord1720
ord5059
ord3744
ord6372
ord2047
ord6278
ord6195
ord4704
ord1143
ord1634
ord4155
ord3087
ord6871
ord6211
ord2634
ord2088
ord2857
ord3566
ord4229
ord2294
ord2291
ord614
ord2406
ord3621
ord324
ord567
ord384
ord861
ord6868
ord656
ord810
ord686
ord3614
ord3577
ord3397
ord5286
ord4392
ord2570
ord4213
ord2015
ord2403
ord3605
ord3592
ord4419
ord5276
ord1767
ord6048
ord4992
ord5261
ord3728
ord3393
ord1202
ord2613
ord296
ord5208
ord1148
ord617
ord6113
ord2506
ord616
ord641
ord925
ord1190
ord1165
ord815
ord561
ord3733
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord2640
ord4435
ord4831
ord3793
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord1569

msvcrt

__CxxFrameHandler
_CxxThrowException
wcscmp
_wcsdup
free
wcscpy
_wtoi
_wcsicmp
memmove
_ftol
_purecall
_CIpow
wcsstr
_wcslwr
malloc
swscanf
wcslen
strchr
wcsncpy
calloc
_wtol
iswxdigit
iswalnum
iswspace
iswdigit
iswprint
iswalpha
wcschr
qsort
_wmkdir
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp

kernel32

LocalFree
InterlockedDecrement
GetPrivateProfileIntW
GetModuleFileNameW
lstrcpynW
GetTickCount
GetVersionExW
EnumResourceLanguagesW
EnumResourceTypesW
MultiByteToWideChar
WideCharToMultiByte
EnumResourceNamesW
FreeLibrary
WritePrivateProfileStringW
lstrcmpA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SizeofResource
FindResourceW
LoadResource
LockResource
InterlockedIncrement
GetModuleHandleA
LoadLibraryW
GetModuleHandleW
GetProcAddress
GetCurrentThreadId
MulDiv
lstrlenW
GlobalAlloc
GlobalLock
lstrcpyW
GlobalUnlock
GlobalFree
EnumSystemCodePagesW
GetCPInfoExW
CreateMutexW
GetLastError
ReleaseMutex
GetStartupInfoW

user32

IsIconic
ShowWindow
SetForegroundWindow
GetLastActivePopup
EnableWindow
GetParent
InvalidateRect
TabbedTextOutW
SetRect
DefWindowProcW
GetForegroundWindow
GetWindowLongW
IntersectRect
GetCapture
GetMessageW
ClientToScreen
DispatchMessageW
CopyRect
SetRectEmpty
PtInRect
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetDlgCtrlID
UpdateWindow
DrawIconEx
DrawStateW
GetPropW
OffsetRect
DestroyCursor
GetSystemMetrics
IsRectEmpty
GetCursorPos
ScreenToClient
LoadCursorW
SendMessageW
IsWindow
GetWindow
GetDesktopWindow
LoadIconW
GetClientRect
LoadBitmapW
SetCursor
SystemParametersInfoW
SetCapture
GetDC
InvertRect
ReleaseDC
GetFocus
DrawFrameControl
GetCaretPos
GetWindowRect
SetPropW
wsprintfW
GetKeyState
DrawFocusRect
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
ReleaseCapture
PostMessageW
GetSysColor
RegisterWindowMessageW
SetActiveWindow
InflateRect
mouse_event
GetClassLongW
SetClassLongW
HideCaret
ShowCaret
MessageBeep
RedrawWindow
GetNextDlgTabItem
GetSysColorBrush
EqualRect
SetWindowPos
SetTimer
GetCursor
KillTimer
IsWindowVisible
WindowFromPoint
LookupIconIdFromDirectoryEx
LoadMenuW
DestroyIcon
CopyIcon
CreateIconIndirect
GetIconInfo
CreateIconFromResourceEx
LoadImageW
RegisterClipboardFormatW
SetWindowRgn
SetWindowLongW
GrayStringW
FillRect
DrawTextW

gdi32

Polygon
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateDIBSection
DeleteDC
StretchBlt
CreateBitmap
SetBkColor
SetStretchBltMode
GetDIBits
GetBitmapBits
ExtCreateRegion
SetPixel
PatBlt
DeleteObject
BitBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
CreatePolygonRgn
FillRgn
GetTextMetricsW
GetTextExtentPoint32W
CreateRectRgn
GetStockObject
SelectObject
GetObjectW
GetBkColor
GetTextColor
CreatePen
SetTextColor
CreateFontIndirectW
CreateSolidBrush

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW

shell32

DragQueryFileW
DragFinish

comctl32

ImageList_GetIcon
_TrackMouseEvent
ImageList_AddMasked
ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Add
ImageList_DrawIndirect

ole32

CoInitialize
OleRun
CoCreateInstance
CoUninitialize

oleaut32

GetErrorInfo
VariantClear
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringByteLen

smartpublic

?Serialize@CSPBlockTableInfo@@UAEXAAVCArchive@@@Z
??0CSPBlockTableInfo@@QAE@ABVCString@@0@Z
??1CSPBlockTableInfo@@UAE@XZ
??0SP_Fixed_Field_Info@@QAE@ABH00ABVCString@@@Z
?SaveCategoryData@CSPLinesData@@QAEHABVCString@@@Z
??1CSPBlockMainInfo@@UAE@XZ
?GetDelimiter@CSPLinesData@@QAE?AVCString@@XZ
?SetPageCode@CSPLinesData@@QAEHABI@Z
?SetFileName@CSPLinesData@@QAEHABVCString@@@Z
?LoadCategory@CSPLinesData@@QAEHABVCString@@@Z
??0CSPBlockMainInfo@@QAE@ABVCString@@0@Z
?GetFileName@CSPLinesData@@QAE?AVCString@@XZ
??1CSPLinesData@@UAE@XZ
??0CSPLinesData@@QAE@XZ
?GetCategoryData@CSPLinesData@@QAEHAAVCStringArray@@AAV?$CArray@PAVCSPBlockData_Row@@PAV1@@@@Z
?IsDataFileFixed@CSPLinesData@@QAEHABH@Z
?RregEXLine@CSPLinesData@@SAHABVCString@@0@Z
?GetArrText@CSPLinesData@@QAE?AVCString@@ABH@Z
?GetBtiFileName@CSPLinesData@@SA?AVCString@@ABV2@@Z
?Serialize@CSPBlockMainInfo@@UAEXAAVCArchive@@@Z
?GetText2Array@CSPLinesData@@QAEHABH@Z
?CleanCategory@CSPLinesData@@QAEXXZ
?GetText2Array@CSPLinesData@@SAHIVCString@@AAVCStringArray@@ABH@Z
?GetQualifier@CSPLinesData@@QAE?AVCString@@XZ

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 632KB - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c03dc39d555446a7517cff94e5033ec

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

smartpublic

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 632KB - Virtual size: 630KB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 632KB - Virtual size: 630KB