c5faced721c222ae13fe14c4784b698b7f1d42ecde03f33328e90bb64d0a2a48

Sharing

Copy URL Twitter E-mail

General

Target

c5faced721c222ae13fe14c4784b698b7f1d42ecde03f33328e90bb64d0a2a48
Size

5.2MB
MD5

438fd408e48621d8c600bb3d85d11da5
SHA1

8e4fc5f5340b358fd36a26fd3d86da34ae01270a
SHA256

c5faced721c222ae13fe14c4784b698b7f1d42ecde03f33328e90bb64d0a2a48
SHA512

d53c164f327e6e7236eb1ca6313b319a9c57b8fbf92b5308e2ee5b5a3cb5e308578c60efe8f2cba158f1c957a5e1d54b2f9db0710ea25a0b2524f101724743d0
SSDEEP

98304:KWuCwrR2ZHf6M7A7/9P+HsSzBBhsscUju9U4U:KWu/6HCM02vxKU9

Score

N/A

Malware Config

Signatures

Files

c5faced721c222ae13fe14c4784b698b7f1d42ecde03f33328e90bb64d0a2a48
.exe windows x86

f799660798d7a3312915eaa9de98f30c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

raptra30u

RTGetLanguageFileParams
RTSwitchLanguage
RTStart
RTAddThread
RTGetLanguageParams
RTGetLanguageFileBitmap
RTEnd
RTTranslateString

odbc32

ord23
ord3
ord119
ord111
ord12
ord72
ord49
ord48
ord20
ord18
ord5
ord16
ord108
ord4
ord13
ord43
ord110
ord15
ord14
ord9
ord1
ord2
ord150
ord145
ord141
ord51

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

avifil32

AVIFileInit
AVIFileRelease
AVIFileInfoW
AVIStreamRelease
AVIFileGetStream
AVIFileOpenW
AVIFileExit

winmm

mmioClose
mmioDescend
mmioStringToFOURCCW
mmioOpenW
mmioWrite
mmioRead

quartz

AMGetErrorTextW

mfc100u

ord13572
ord13567
ord13570
ord7179
ord11469
ord13267
ord10976
ord14162
ord1739
ord7126
ord3625
ord3684
ord8530
ord13387
ord7108
ord13381
ord11477
ord11476
ord2164
ord4744
ord13854
ord11784
ord7548
ord7624
ord12005
ord3640
ord3181
ord787
ord5677
ord804
ord6869
ord9239
ord923
ord11235
ord11021
ord345
ord7616
ord12753
ord1895
ord3150
ord6323
ord12135
ord6655
ord4450
ord942
ord3643
ord7171
ord6373
ord8363
ord13306
ord5892
ord12780
ord13050
ord4780
ord9557
ord8598
ord11533
ord13132
ord5185
ord6399
ord11167
ord9874
ord985
ord430
ord11115
ord2337
ord6155
ord11080
ord12608
ord5557
ord7474
ord10304
ord10307
ord8640
ord8655
ord8645
ord9075
ord9080
ord8657
ord10159
ord8070
ord8062
ord10750
ord8659
ord10164
ord8151
ord10185
ord9139
ord9140
ord6975
ord4439
ord4440
ord4441
ord4438
ord4437
ord2765
ord1280
ord3489
ord4528
ord2947
ord879
ord6722
ord7630
ord13305
ord3259
ord5824
ord2755
ord5564
ord12762
ord5535
ord5844
ord12037
ord12798
ord2435
ord6125
ord5456
ord8276
ord2847
ord2946
ord3766
ord1274
ord7249
ord1446
ord7662
ord1020
ord469
ord6086
ord2824
ord2939
ord1226
ord4447
ord12573
ord10043
ord10064
ord8181
ord10265
ord10199
ord10935
ord1645
ord8362
ord2664
ord8390
ord2825
ord2251
ord3257
ord5828
ord5563
ord5713
ord12502
ord997
ord6132
ord5459
ord1281
ord5866
ord8268
ord2767
ord2922
ord3750
ord7147
ord2509
ord3493
ord11786
ord11996
ord11870
ord12510
ord3675
ord343
ord12512
ord3433
ord2907
ord4138
ord5027
ord10409
ord6861
ord2849
ord5198
ord6161
ord7077
ord6727
ord4573
ord6367
ord5125
ord10037
ord14013
ord10485
ord9647
ord9229
ord9342
ord13449
ord13446
ord13447
ord13448
ord12294
ord4955
ord10740
ord6705
ord9552
ord9230
ord7246
ord12228
ord4571
ord5220
ord4956
ord3370
ord2774
ord13219
ord1224
ord3665
ord806
ord1232
ord6603
ord1229
ord812
ord6901
ord6996
ord12945
ord383
ord5585
ord11207
ord11206
ord9448
ord3495
ord6842
ord10352
ord9621
ord8118
ord5200
ord3248
ord3368
ord6109
ord2833
ord2942
ord1253
ord14203
ord13212
ord1269
ord2542
ord11374
ord867
ord13070
ord2151
ord4512
ord4963
ord11666
ord11543
ord2148
ord2149
ord5813
ord7673
ord12783
ord11603
ord5887
ord7659
ord4959
ord1241
ord835
ord7145
ord6908
ord13184
ord5852
ord4890
ord13253
ord1272
ord871
ord851
ord7636
ord415
ord13398
ord10960
ord2528
ord421
ord5726
ord1861
ord2578
ord6131
ord11090
ord10724
ord4412
ord11162
ord13370
ord11070
ord2307
ord2283
ord10780
ord2308
ord3648
ord3710
ord3737
ord3776
ord3805
ord3779
ord3406
ord7507
ord11401
ord7348
ord8133
ord12817
ord2848
ord5189
ord12439
ord12212
ord12210
ord4531
ord6860
ord12349
ord7353
ord11530
ord1294
ord892
ord746
ord6633
ord2135
ord6661
ord2030
ord998
ord5868
ord2768
ord2923
ord3260
ord4808
ord5052
ord1867
ord1175
ord722
ord6035
ord12060
ord12799
ord12151
ord11567
ord11487
ord2063
ord12247
ord2271
ord3504
ord741
ord1250
ord911
ord2518
ord325
ord848
ord3687
ord4952
ord7333
ord2196
ord740
ord8548
ord9501
ord6412
ord11100
ord10808
ord8045
ord11173
ord8353
ord1267
ord865
ord5454
ord11113
ord8274
ord2306
ord2281
ord10779
ord2310
ord8132
ord2845
ord2944
ord3764
ord11865
ord12994
ord12176
ord8129
ord13390
ord13392
ord11136
ord475
ord8376
ord3399
ord7562
ord4446
ord1529
ord12564
ord12562
ord5296
ord8486
ord10802
ord3409
ord2861
ord6994
ord7549
ord3555
ord3898
ord3900
ord8435
ord13310
ord10562
ord8560
ord3498
ord7074
ord9565
ord6732
ord9451
ord9444
ord8404
ord6858
ord12877
ord6318
ord10647
ord6619
ord6604
ord820
ord9551
ord10142
ord6843
ord6123
ord5295
ord10597
ord2147
ord9491
ord1174
ord721
ord12821
ord12463
ord11528
ord3962
ord12125
ord11240
ord3809
ord8219
ord5024
ord5026
ord6172
ord5624
ord2389
ord12731
ord6099
ord1244
ord1797
ord8003
ord7092
ord13175
ord4568
ord3629
ord427
ord5152
ord1271
ord870
ord1720
ord11604
ord11572
ord4159
ord1615
ord6178
ord3506
ord2195
ord13605
ord322
ord1914
ord12944
ord7279
ord6630
ord6632
ord12764
ord12266
ord1264
ord8391
ord10044
ord2843
ord3208
ord14066
ord3188
ord3466
ord13074
ord13072
ord3452
ord3420
ord4449
ord12127
ord2349
ord1535
ord3624
ord3672
ord3673
ord5111
ord5045
ord3705
ord12810
ord13085
ord2868
ord2036
ord5600
ord6205
ord9013
ord3703
ord7093
ord5022
ord5791
ord4616
ord863
ord10598
ord7112
ord9675

msvcr100

__FrameUnwindFilter
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
__wgetmainargs
_amsg_exit
_CIsqrt
_swprintf
_vsnwprintf
sprintf
sscanf
wcsncpy
wcsstr
calloc
_snwprintf
_mktime64
modf
_CIpow
wcsrchr
malloc
_wcsicmp
_ultow
floor
_wtoi
_itow
qsort
wcsncmp
_wsetlocale
free
_wcsdup
swprintf_s
_wtol
wcstoul
_vswprintf
_wcsnicmp
isdigit
iswspace
wcstol
wcschr
memmove_s
_ltow
iswdigit
swscanf
_fcvt
localeconv
wcstod
wcsftime
ceil
_localtime64_s
_CxxThrowException
ldiv
memcpy_s
memcpy
memset
srand
rand
_purecall
__CxxFrameHandler3
_time64
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit

kernel32

GetCurrentDirectoryW
InterlockedExchangeAdd
WaitForSingleObject
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetTempPathW
GetDiskFreeSpaceExW
GetVolumeInformationW
ResetEvent
SetEvent
GetFileAttributesExW
GetSystemDirectoryW
GetLogicalDriveStringsW
RemoveDirectoryW
GetUserDefaultLangID
lstrcmpW
SetThreadLocale
InterlockedIncrement
LocalAlloc
lstrlenW
LoadLibraryExW
GetTickCount
Sleep
FileTimeToLocalFileTime
FileTimeToSystemTime
GetVersionExW
lstrcmpiW
GetCurrentThreadId
ConvertDefaultLocale
GetLocaleInfoW
SearchPathW
CreateFileW
WriteFile
ReadFile
CloseHandle
lstrcpynW
ActivateActCtx
GetLastError
DeactivateActCtx
InterlockedCompareExchange
SetLastError
GetModuleHandleW
CreateDirectoryW
MoveFileW
DeleteFileW
GetDriveTypeW
FormatMessageW
LocalFree
InterlockedDecrement
GetThreadLocale
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameW
GetFileAttributesW
WideCharToMultiByte
FindResourceW
SizeofResource
LoadResource
LockResource
lstrcpyW
MulDiv
GlobalFree
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
GetFileTime
RaiseException
ExpandEnvironmentStringsA
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
UnmapViewOfFile
GetLocalTime
CreateFileMappingW
MapViewOfFile
GetFileInformationByHandle
GetFileSize
InterlockedExchange
CreateMutexW
ReleaseMutex
GetCurrentProcessId
CreateThread
lstrlenA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFilePointer
GetTempFileNameW
Beep
MultiByteToWideChar
CreateEventW
GetVersion
GetUserDefaultLCID
LoadLibraryA
GetWindowsDirectoryW
FreeLibrary

user32

PostMessageW
DrawTextW
SendMessageW
SetWindowRgn
MonitorFromWindow
GetMonitorInfoW
GetForegroundWindow
GetAncestor
IsWindowUnicode
ShowScrollBar
LoadBitmapW
IntersectRect
BeginDeferWindowPos
EndDeferWindowPos
SetParent
DrawIcon
RegisterClassW
GetCaretBlinkTime
AdjustWindowRectEx
PeekMessageW
WindowFromPoint
GetCapture
DrawStateW
TrackMouseEvent
ShowWindow
GetSystemMenu
TrackPopupMenu
GetTopWindow
GetWindowDC
BringWindowToTop
GetClassLongW
DrawMenuBar
RegisterClipboardFormatW
MapVirtualKeyW
GetKeyNameTextW
SetWindowPos
InsertMenuItemW
SetActiveWindow
MessageBeep
GetLastActivePopup
CheckMenuItem
AppendMenuW
CreatePopupMenu
GetDoubleClickTime
DeleteMenu
EqualRect
GetMenu
LoadIconW
GetNextDlgTabItem
GetNextDlgGroupItem
ModifyMenuW
GetMenuState
SetMenuDefaultItem
CopyRect
UnionRect
RedrawWindow
IsClipboardFormatAvailable
GetFocus
IsWindowEnabled
IsChild
GetClassNameW
CharLowerW
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
TranslateAcceleratorW
LoadAcceleratorsW
IsIconic
RemoveMenu
GetMessagePos
GetAsyncKeyState
DrawFocusRect
SetCursor
ReleaseCapture
TranslateMessage
GetMessageW
DispatchMessageW
GetCursor
GetClassInfoW
DefWindowProcW
LoadCursorW
SetCapture
ReleaseDC
GetDC
DrawFrameControl
DestroyCursor
CopyIcon
GetDlgCtrlID
IsWindow
IsWindowVisible
EndMenu
WindowFromDC
GetMenuItemCount
GetMenuItemID
GetCursorPos
GetKeyState
SystemParametersInfoW
GetSysColor
DrawEdge
FrameRect
GetSysColorBrush
OffsetRect
InflateRect
SetRectEmpty
PtInRect
IsRectEmpty
EnableMenuItem
GetMenuItemInfoW
SetMenuItemInfoW
CreateIconIndirect
IsZoomed
FillRect
SetRect
RegisterWindowMessageW
GetWindowTextW
wsprintfW
ScreenToClient
ClientToScreen
LoadMenuW
GetSubMenu
InvalidateRect
GetDlgItem
GetWindowLongW
DestroyWindow
CreateWindowExW
CallWindowProcW
SetWindowLongW
GetParent
MapWindowPoints
GetSystemMetrics
DrawIconEx
LoadImageW
GetIconInfo
GetWindow
MoveWindow
DestroyIcon
EnableWindow
GetDesktopWindow
KillTimer
SetTimer
UpdateWindow
GetClientRect
GetWindowRect

gdi32

SetPixel
ExcludeClipRect
MoveToEx
LineTo
EnumFontFamiliesExW
GetBkColor
CreateSolidBrush
GetTextColor
DPtoLP
SetBkMode
Escape
PlayEnhMetaFile
GetEnhMetaFileHeader
GetEnhMetaFileW
EndDoc
CreatePatternBrush
Ellipse
StretchDIBits
UnrealizeObject
CreateHatchBrush
SetBrushOrgEx
CreateDIBitmap
CombineRgn
CreateEllipticRgn
Polyline
GetMiterLimit
SetMiterLimit
GetMapMode
GetDeviceCaps
ExtTextOutW
PlgBlt
GetPixel
StretchBlt
BitBlt
FillRgn
PtInRegion
CreatePolygonRgn
AbortDoc
EndPage
StartPage
GetTextMetricsW
CreateRectRgnIndirect
DeleteEnhMetaFile
CreatePenIndirect
CreateBitmap
LPtoDP
StartDocW
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
GetDIBits
SelectObject
GetObjectW
DeleteObject
GetTextExtentPoint32W
Rectangle
CreateFontIndirectW
CreatePen
Polygon
GetStockObject

msimg32

GradientFill
AlphaBlend

advapi32

RegQueryValueExA
RegEnumKeyW
RegOverridePredefKey
RegOpenKeyExA
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegQueryValueExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetUserNameW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFolderPathW
SHFileOperationW
ExtractIconW
ExtractIconExW
SHGetSpecialFolderPathW
SHGetMalloc

comctl32

ImageList_GetIconSize
ImageList_SetOverlayImage
ImageList_GetIcon
ImageList_Destroy
ImageList_LoadImageW
_TrackMouseEvent

shlwapi

PathRenameExtensionW
PathAddExtensionW
PathStripToRootW
PathRelativePathToW
PathCanonicalizeW
PathAppendW
PathRemoveBackslashW
PathSkipRootW
PathRemoveExtensionW
PathIsSameRootW
PathFindNextComponentW
PathFindFileNameW
PathFindExtensionW
PathIsDirectoryW
PathFileExistsW
PathIsRelativeW
PathCombineW
SHCreateStreamOnFileW
PathMatchSpecW
StrFormatByteSizeW
PathIsURLW
StrFromTimeIntervalW
PathAddBackslashW

ole32

GetRunningObjectTable
CreateItemMoniker
CoInitializeEx
BindMoniker
StringFromCLSID
CreateStreamOnHGlobal
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
StgCreateDocfile
OleCreateStaticFromData
OleSetContainedObject
OleDuplicateData
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoInitialize
CoUninitialize
CoFreeUnusedLibraries
OleRun
CoCreateInstance
CoLoadLibrary

oleaut32

VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
VariantChangeType
VariantCopy
VariantInit
SysFreeString
SysAllocString
OleLoadPicture
SysStringByteLen
SysStringLen
GetErrorInfo
VarDateFromStr
OleCreatePictureIndirect
OleLoadPicturePath
OleCreatePropertyFrame
VarUdateFromDate
SysAllocStringByteLen

urlmon

IsValidURL

mscoree

_CorExeMain

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 742KB - Virtual size: 741KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f799660798d7a3312915eaa9de98f30c

Headers

DLL Characteristics

File Characteristics

Imports

raptra30u

odbc32

version

avifil32

winmm

quartz

mfc100u

msvcr100

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

mscoree

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 58KB - Virtual size: 96KB

.rsrc Size: 742KB - Virtual size: 741KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 58KB - Virtual size: 96KB

.rsrc
Size: 742KB - Virtual size: 741KB