d3a6ed74c76b07a8b551cced64ff9dc378df3e8967644c47fb60ecc4ca9eda41

Sharing

Copy URL Twitter E-mail

General

Target

d3a6ed74c76b07a8b551cced64ff9dc378df3e8967644c47fb60ecc4ca9eda41
Size

820KB
MD5

30493cb375604aacab032d31a76a0dcd
SHA1

e3c145a0aa5f7c6be0dd4752670daf00dbd2face
SHA256

d3a6ed74c76b07a8b551cced64ff9dc378df3e8967644c47fb60ecc4ca9eda41
SHA512

ac3dd768a217d9f6751dcafcba3bddafe3f51e5363e37305e718ed3434b42abc1b8d190f11a117dae3a3a7c6a09ec57f3779e2d63910f150a2647398a664c638
SSDEEP

12288:r+iA/kcu/LF/Qi0/4EMlSn3c482M/BxjclulllEl3T3lujS2u4o:r0/zL/4EMlSnM4UclulllEl3T3sO2n

Score

N/A

Malware Config

Signatures

Files

d3a6ed74c76b07a8b551cced64ff9dc378df3e8967644c47fb60ecc4ca9eda41
.exe windows x86

d1d06cfbd060e42604e31ac168199cc3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libcrypto-1_1

RSA_public_decrypt
BIO_free_all
RSA_public_encrypt
RSA_size
RSA_new
BIO_new_mem_buf
PEM_read_bio_RSA_PUBKEY
RSA_free

msvcp120d

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@DDH@std@@2V0locale@2@A
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?uncaught_exception@std@@YA_NXZ
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bios_base@std@@QBE_NXZ
??7ios_base@std@@QBE_NXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
_Xtime_get_ticks
?id@?$ctype@D@std@@2V0locale@2@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??2@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
??3@YAXPAXABU_DebugHeapTag_t@std@@PADH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_DebugHeapTag_func@std@@YAABU_DebugHeapTag_t@1@XZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Debug_message@std@@YAXPB_W0I@Z

msvcr120d

wcslen
_itoa
_wmakepath_s
_wsplitpath_s
_unlock_file
free
memcpy_s
_except_handler4_common
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_lock_file
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fputc
fgetpos
fgetc
fflush
fclose
_invalid_parameter
memset
memchr
isalnum
memcpy
__CxxFrameHandler3
_CxxThrowException
memmove
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
?terminate@@YAXXZ
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_onexit
__dllonexit
_calloc_dbg
_unlock
_lock
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
_CrtSetCheckCount
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_access
_CrtDbgReportW
_getcwd
_time64
_localtime64
strftime
system
srand
rand
atoi
exit
_errno
_snprintf
sprintf_s
remove
getchar
fread
fprintf
fopen
wcsncpy_s
strstr
strcpy_s
_findnext64i32
_findfirst64i32
_findclose
setlocale
??_V@YAXPAX@Z
clock
_recalloc
malloc
calloc
strtol
sprintf
printf
_vsnwprintf_s
vswprintf_s
swprintf_s
wcsstr
wcscpy_s
??1bad_cast@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
_mkdir

mfc120ud

ord532
ord17064
ord3414
ord1252
ord538
ord1255
ord6652
ord6656
ord9706
ord9691
ord14175
ord14171
ord1288
ord13809
ord16033
ord585
ord5614
ord2733
ord2737
ord292
ord1142
ord14958
ord4443
ord3526
ord1936
ord1933
ord296
ord286
ord302
ord1856
ord4446
ord2731
ord3415
ord5592
ord3418

kernel32

CopyFileW
FindResourceW
lstrcmpiW
lstrcmpW
FormatMessageW
MulDiv
LocalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetModuleFileNameA
FreeLibrary
FlushInstructionCache
CreateProcessW
TerminateThread
GetCurrentThreadId
CreateThread
GetCurrentProcess
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
GetProcessHeap
HeapFree
HeapAlloc
CreatePipe
SetLastError
RaiseException
CloseHandle
Beep
DecodePointer
ReadFile
GetFileSize
CreateFileW
CreateFileA
CreateDirectoryW
WideCharToMultiByte
MultiByteToWideChar
WinExec
InitializeCriticalSectionEx
GetLastError
OutputDebugStringW
SetConsoleCtrlHandler
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
VirtualQuery
GetStartupInfoW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
lstrcpyW

user32

ShowWindow
MoveWindow
SetWindowPos
DialogBoxParamW
EndDialog
GetDlgItem
CharNextW
SetFocus
GetFocus
GetKeyState
GetAsyncKeyState
keybd_event
SetCapture
ReleaseCapture
EnableWindow
IsWindowEnabled
LoadAcceleratorsW
CreateAcceleratorTableW
DestroyAcceleratorTable
TranslateAcceleratorW
GetSystemMetrics
CreatePopupMenu
AppendMenuW
TrackPopupMenu
UpdateWindow
GetForegroundWindow
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextW
GetWindowTextLengthW
DestroyWindow
GetWindowRect
MessageBoxW
GetCursorPos
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetWindowLongW
SetWindowLongW
GetDesktopWindow
GetParent
FindWindowA
EnumWindows
GetClassNameW
GetWindowThreadProcessId
GetWindow
LoadBitmapW
LoadCursorW
LoadIconW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
wsprintfW
LoadStringW
GetWindowTextW
ReleaseDC
GetDC
CreateWindowExW
IsChild
IsWindow
GetClassInfoExW
RegisterClassExW
GetClientRect
UnregisterClassW

gdi32

SetBkMode
SetTextColor
Rectangle
DeleteObject
CreateSolidBrush
CreateFontW
SelectObject
GetDeviceCaps
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
TextOutW
GetObjectW
CreateDIBSection
BitBlt

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
CryptAcquireContextW
CryptGetHashParam

shell32

SHBrowseForFolderW
ShellExecuteW
Shell_NotifyIconW
SHGetPathFromIDListW

comctl32

ord17

winhttp

WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpOpen
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest

ole32

OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect

winmm

PlaySoundW

Sections

.text
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1d06cfbd060e42604e31ac168199cc3

Headers

DLL Characteristics

File Characteristics

Imports

libcrypto-1_1

msvcp120d

msvcr120d

mfc120ud

kernel32

user32

gdi32

advapi32

shell32

comctl32

winhttp

ole32

oleaut32

winmm

Sections

.text Size: 310KB - Virtual size: 310KB

.rdata Size: 118KB - Virtual size: 117KB

.data Size: 22KB - Virtual size: 116KB

.rsrc Size: 335KB - Virtual size: 334KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 310KB - Virtual size: 310KB

.rdata
Size: 118KB - Virtual size: 117KB

.data
Size: 22KB - Virtual size: 116KB

.rsrc
Size: 335KB - Virtual size: 334KB

.reloc
Size: 33KB - Virtual size: 33KB