0fec486d54a0313767837540abd1679915e55e1ed7c45191d32248a24b6942de

Sharing

Copy URL Twitter E-mail

General

Target

0fec486d54a0313767837540abd1679915e55e1ed7c45191d32248a24b6942de
Size

386KB
MD5

0c3f1fb67a3e9ee90e30fa11679102c0
SHA1

19c7ef8a7644b28702ef10193fe0163ba2bbd5e4
SHA256

0fec486d54a0313767837540abd1679915e55e1ed7c45191d32248a24b6942de
SHA512

841779c3d120e6273ebdd5b491708b09d2eb22c21a53146eb426c190e40831fc964c3e7b5a4a1c00260f0177f6248a8dde5c55c466c4c0ae3111ec3ea9e31bc5
SSDEEP

12288:hOosJJawSyWQXgHflit4qrfztt5D4oASsPd6:hOosv4ywNit4qr7tt5D4dSo4

Score

N/A

Malware Config

Signatures

Files

0fec486d54a0313767837540abd1679915e55e1ed7c45191d32248a24b6942de
.exe windows x86

6373d120735715ecb5d3bb6457c8cb45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

11p2sp

Uninit
CreateP2SPTask
StartTask
RemoveTask
QueryTask
StopTask
Init
Login

war3replay

WRepCreate
WRepView
WRepInstance
WRepGetIcon
WRepParse
WRepDownload
WRepClose

mfc100u

ord2090
ord2773
ord7251
ord12504
ord1476
ord5828
ord422
ord980
ord3628
ord1905
ord3380
ord2407
ord5219
ord261
ord5232
ord2030
ord12153
ord11571
ord13219
ord2410
ord13366
ord3438
ord2618
ord7902
ord3751
ord2780
ord8269
ord5882
ord1013
ord10081
ord3174
ord8509
ord11940
ord13133
ord3506
ord11975
ord6243
ord1212
ord788
ord10122
ord5227
ord4139
ord921
ord5809
ord8266
ord2748
ord3436
ord7913
ord7529
ord7967
ord11998
ord6080
ord796
ord7512
ord4805
ord8599
ord13047
ord12186
ord5855
ord4356
ord4802
ord12951
ord12948
ord7006
ord3397
ord6870
ord8821
ord897
ord1296
ord917
ord5800
ord9333
ord5468
ord5143
ord11159
ord2852
ord2951
ord2952
ord3491
ord11116
ord2339
ord5276
ord12557
ord10725
ord6156
ord13388
ord7109
ord13382
ord2665
ord3992
ord14067
ord3999
ord4416
ord4383
ord4379
ord4413
ord4434
ord4392
ord4421
ord4430
ord4400
ord4404
ord4408
ord4396
ord4425
ord4388
ord1519
ord1512
ord1514
ord1508
ord1501
ord11244
ord11246
ord12724
ord2853
ord8393
ord10045
ord6247
ord11210
ord8112
ord13380
ord10937
ord3402
ord11081
ord8264
ord14060
ord14059
ord14132
ord14149
ord14145
ord14147
ord14148
ord11804
ord2418
ord7385
ord2884
ord2887
ord12610
ord5558
ord2746
ord5799
ord3971
ord2062
ord968
ord407
ord1969
ord12150
ord13220
ord13214
ord7524
ord2185
ord5801
ord5862
ord3446
ord4290
ord1987
ord6096
ord4360
ord1934
ord4355
ord3703
ord12154
ord1972
ord12801
ord11494
ord2528
ord11333
ord5231
ord10960
ord979
ord421
ord7929
ord3846
ord4511
ord266
ord265
ord1440
ord12147
ord4150
ord4151
ord11801
ord7871
ord11838
ord7624
ord7548
ord11784
ord13854
ord4744
ord2088
ord11476
ord11477
ord13381
ord7108
ord13387
ord8530
ord3684
ord3625
ord11864
ord7126
ord1739
ord14162
ord10976
ord13267
ord11469
ord7179
ord13570
ord13567
ord13572
ord13569
ord6863
ord1284
ord6134
ord920
ord751
ord7516
ord7095
ord5013
ord7333
ord9074
ord8644
ord8639
ord1195
ord752
ord5193
ord13391
ord3498
ord13181
ord9525
ord6711
ord948
ord381
ord6344
ord11123
ord8179
ord10058
ord10412
ord2981
ord2980
ord2756
ord5556
ord12606
ord2417
ord11163
ord8347
ord3978
ord2529
ord4959
ord2620
ord4956
ord7353
ord4216
ord4197
ord981
ord423
ord4810
ord3261
ord6346
ord5022
ord6661
ord3495
ord2614
ord258
ord2763
ord1270
ord869
ord4138
ord7973
ord9493
ord10906
ord12775
ord6159
ord12413
ord12776
ord6161
ord11954
ord2823
ord4331
ord2068
ord919
ord341
ord1266
ord6117
ord8273
ord2844
ord3763
ord6145
ord1294
ord892
ord6318
ord7399
ord3413
ord6036
ord11330
ord2057
ord13396
ord11353
ord13415
ord4359
ord2188
ord13571
ord13568
ord3416
ord5261
ord11228
ord11236
ord7391
ord9498
ord11240
ord11209
ord11845
ord4642
ord4923
ord5115
ord8483
ord4901
ord5118
ord4645
ord4794
ord4623
ord6931
ord6932
ord6922
ord4792
ord7393
ord9328
ord8346
ord6140
ord4086
ord3627
ord12753
ord849
ord1298
ord7914
ord1479
ord7176
ord1895
ord286
ord1310
ord1292
ord890
ord6869
ord9447
ord7618
ord1312
ord296
ord285
ord5264
ord2629
ord902
ord280
ord1944
ord3493
ord337
ord1300
ord11997
ord3433
ord1006
ord457
ord3482
ord5900
ord3754
ord7903
ord6416
ord1313
ord2064
ord12871
ord11999
ord5726
ord1226
ord6086
ord2824
ord2939
ord7932
ord4909
ord3428
ord7301
ord2878
ord8148
ord11285
ord5133
ord8656
ord9079
ord5134
ord5302
ord5807
ord5164
ord4358
ord5178
ord12182
ord5190
ord5200
ord3611
ord2908
ord2271
ord741
ord1945
ord2164
ord8596
ord11982
ord2184
ord2509
ord945
ord374
ord970
ord5846
ord8277
ord14146
ord10409
ord5652

msvcr100

memcpy
memset
__CxxFrameHandler3
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
strncmp
isalnum
isalpha
tolower
isspace
atoi
fprintf
strcat_s
_vsnprintf_s
vsprintf_s
_purecall
fopen_s
fclose
ftell
fseek
fflush
fwrite
fread
_fsopen
vswprintf_s
wcschr
wcscpy_s
_beginthreadex
_mktime64
ldiv
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
memcpy_s
strchr
malloc
wcsftime
_localtime64_s
free
_wcsdup
wcsstr
memmove
_wtoi
_time64
__wargv
__argc
_CxxThrowException

kernel32

GlobalSize
OutputDebugStringW
lstrlenW
GetTickCount
CreateDirectoryW
CloseHandle
GetLastError
CreateMutexW
GlobalAlloc
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
Sleep
DeleteFileW
SetFileAttributesW
GetModuleFileNameA
WritePrivateProfileStringW
GetPrivateProfileStringW
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetExitCodeThread
ResumeThread
SetUnhandledExceptionFilter
SetThreadPriority
CreateThread
WriteProcessMemory
VirtualProtect
GetCurrentProcessId
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GlobalMemoryStatusEx
SetFilePointer
WriteFile
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
LocalFree
FormatMessageW
MoveFileW
GetCurrentThreadId
TerminateThread
GetLogicalDriveStringsW
GetFileAttributesExW
GetCurrentDirectoryW
ActivateActCtx
LoadLibraryW
DeactivateActCtx
TerminateProcess
WaitForSingleObject
GetCurrentProcess
lstrcmpiW
GetProcAddress
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualQuery
GetModuleHandleW
SetLastError
GetModuleFileNameW
MulDiv
IsBadReadPtr
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
lstrcpyW
lstrcatW
IsBadWritePtr
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
lstrcpynW

user32

OffsetRect
IntersectRect
ClientToScreen
ScreenToClient
SetRect
SendMessageW
GetWindowRect
CopyImage
ReleaseDC
GetDC
SetWindowPos
ShowWindow
CreatePopupMenu
GetKeyState
EnableMenuItem
UpdateLayeredWindow
SetWindowLongW
wsprintfW
wvsprintfW
GetDlgCtrlID
DrawFocusRect
EndPaint
BeginPaint
GetDesktopWindow
RegisterWindowMessageW
RegisterClipboardFormatW
LoadIconW
SubtractRect
ReleaseCapture
ClipCursor
SetCapture
SetFocus
LoadStringW
GetSystemMetrics
GetCursorPos
UnionRect
FrameRect
LoadCursorW
SetCursor
FindWindowW
GetSubMenu
LoadMenuW
AppendMenuW
FillRect
DrawStateW
IsRectEmpty
SetRectEmpty
GetWindowDC
UpdateWindow
GetComboBoxInfo
IsChild
GetFocus
RedrawWindow
PtInRect
LoadImageW
SetWindowRgn
DrawIconEx
DestroyIcon
GetSysColor
EnableWindow
InvalidateRect
PostMessageW
GetClassNameW
SetForegroundWindow
IsWindowVisible
DrawTextW
InvalidateRgn
MapWindowPoints
GetUpdateRgn
GetParent
GetClientRect
CopyRect
GetWindowLongW
KillTimer
SetTimer
InflateRect
IsWindow

gdi32

GetObjectType
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
StretchBlt
DeleteObject
CreateDIBSection
ExtCreateRegion
IntersectClipRect
CreatePolygonRgn
SetPixel
GetTextExtentExPointW
SetStretchBltMode
GetCurrentObject
Rectangle
CreatePen
CreatePatternBrush
GetTextExtentPoint32W
FillRgn
RoundRect
SetDIBits
GetDIBits
SetDIBColorTable
GetDIBColorTable
SetBkMode
SetTextColor
SelectClipRgn
SetViewportOrgEx
GetViewportOrgEx
ExtSelectClipRgn
GetClipRgn
CreateFontIndirectW
GetStockObject
CreateRoundRectRgn
FrameRgn
CreateSolidBrush
OffsetRgn
CreateRectRgn
GetDeviceCaps
ExtTextOutW
SetBkColor
CombineRgn
GetObjectW

msimg32

GradientFill
TransparentBlt

shell32

SHFileOperationW
ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFileExistsW
PathUnquoteSpacesW
PathAddBackslashW
PathIsRelativeW
PathFileExistsA
PathAddBackslashA
PathRemoveFileSpecA
PathRemoveExtensionW
PathFindFileNameW
PathCombineW
PathRemoveFileSpecW
PathIsDirectoryW

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

gdiplus

GdipDrawImagePointsI
GdipDrawImageRectRectI
GdipLoadImageFromFile
GdipDrawImageRectI
GdipDrawImageI
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRect
GdipDeleteGraphics
GdipCreateFromHDC
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdiplusShutdown
GdiplusStartup
GdipReleaseDC

msvcp100

?_Xlength_error@std@@YAXPBD@Z

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6373d120735715ecb5d3bb6457c8cb45

Headers

DLL Characteristics

File Characteristics

Imports

11p2sp

war3replay

mfc100u

msvcr100

kernel32

user32

gdi32

msimg32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

msvcp100

dbghelp

Sections

.text Size: 240KB - Virtual size: 240KB

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 3KB - Virtual size: 12KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 69KB - Virtual size: 69KB

.text
Size: 240KB - Virtual size: 240KB

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 3KB - Virtual size: 12KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 69KB - Virtual size: 69KB