a2df95877514207669db31920ca7f8c74cecf8e4d01c60846b2252abc33ec9ae

Sharing

Copy URL Twitter E-mail

General

Target

a2df95877514207669db31920ca7f8c74cecf8e4d01c60846b2252abc33ec9ae
Size

759KB
MD5

0cb5af947f050f8cb91f7ed9fbf33900
SHA1

932cd4abc7c94ec16df6a2e116f9caa59afdea87
SHA256

a2df95877514207669db31920ca7f8c74cecf8e4d01c60846b2252abc33ec9ae
SHA512

fb318a9ac3dba62a4f6ac69b6d755d5a181d52aebbce12f545599191067604812aab3b9e582613e42dadc60d419543ceb7dac307011327d56553f00430881e19
SSDEEP

12288:noh7INWgyn9M2pm1CXpr1Vzk41Nygyds0Zk1zEUgiTa/vJTIcMZkxHphvatsWTdm:o5qWZFk1WzTNygyds0Zu4UgiTa/vJTIQ

Score

N/A

Malware Config

Signatures

Files

a2df95877514207669db31920ca7f8c74cecf8e4d01c60846b2252abc33ec9ae
.exe windows x86

e86bacff27092477a594dd0f1b1ac87a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFileTimeToFileTime
SetFilePointer
GetCurrentDirectoryW
SetFileTime
GetFileInformationByHandle
FileTimeToSystemTime
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
GetSystemTimeAsFileTime
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetFileType
GetStdHandle
PeekNamedPipe
CreateMutexW
ReleaseMutex
DuplicateHandle
WaitForMultipleObjects
GetExitCodeThread
FormatMessageW
SleepEx
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
GetPrivateProfileStringW
SetFilePointerEx
SetEndOfFile
GetFileSizeEx
FlushFileBuffers
Module32FirstW
ReadProcessMemory
QueryDosDeviceW
GetLogicalDriveStringsW
CreateThread
TerminateThread
TerminateProcess
Module32NextW
GetStringTypeExW
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
WriteFile
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ResetEvent
SetEvent
WaitForSingleObject
GetFileAttributesW
IsWow64Process
CreateEventW
FindNextFileW
CopyFileW
FindClose
FindFirstFileW
ExpandEnvironmentStringsW
GetTickCount
OutputDebugStringW
GetPrivateProfileIntW
WideCharToMultiByte
FlushInstructionCache
InitializeCriticalSection
GetCurrentProcess
LocalFree
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
lstrcmpW
GetProcAddress
GlobalFree
EnterCriticalSection
lstrcmpiA
MultiByteToWideChar
LeaveCriticalSection
GetVersionExW
lstrlenA
Sleep
FreeResource
InterlockedDecrement
GlobalAlloc
GetWindowsDirectoryW
CreateFileW
InterlockedIncrement
GetFileSize
GetCurrentThreadId
ReadFile
CloseHandle
lstrcmpA
DeleteCriticalSection
lstrcmpiW
GlobalLock
GlobalUnlock
FreeLibrary
SetLastError
GetLastError
FindResourceExW
LoadResource
LockResource
lstrlenW
SizeofResource
FindResourceW
RaiseException
SystemTimeToFileTime
VirtualAlloc
GetLocalTime

user32

MapWindowPoints
GetClientRect
GetCursorPos
DrawTextW
DrawIconEx
GetMessageW
DefWindowProcW
GetWindowThreadProcessId
TranslateMessage
SendMessageW
GetForegroundWindow
DispatchMessageW
MoveWindow
CopyRect
ShowWindow
ReleaseDC
wvsprintfW
PeekMessageW
UnregisterClassA
GetShellWindow
CharUpperBuffW
WindowFromPoint
wsprintfW
CharLowerBuffW
FindWindowW
GetSystemMetrics
PostThreadMessageW
GetDC
EnableWindow
GetDesktopWindow
GetDlgItem
GetActiveWindow
LoadImageW
ScreenToClient
SetRectEmpty
CharNextW
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
SetCursor
EqualRect
KillTimer
IsDialogMessageW
InvalidateRect
RegisterWindowMessageW
GetClassInfoExW
OffsetRect
IsWindowEnabled
PtInRect
IsChild
GetDlgCtrlID
SetWindowLongW
SystemParametersInfoW
EndPaint
UpdateLayeredWindow
SetRect
SetWindowPos
CharNextA
GetParent
DrawFrameControl
AttachThreadInput
SetForegroundWindow
ClientToScreen
BeginPaint
DestroyWindow
PostMessageW
SetFocus
GetWindowRect
CallWindowProcW
GetWindowLongW
SetCapture
CreateWindowExW
SetActiveWindow
LoadIconW
RegisterClassExW
IsWindowVisible
InflateRect
ReleaseCapture
DestroyIcon
GetNextDlgTabItem
wvsprintfA
GetWindow
LoadBitmapW
GetFocus
IsWindow
IntersectRect

advapi32

RegEnumKeyW
RegQueryValueW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExW
AllocateLocallyUniqueId
CopySid
LookupAccountNameW
BuildTrusteeWithSidW
GetTokenInformation
LookupAccountSidW
GetAce
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
DeleteAce
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyW
RegGetKeySecurity
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegSetValueW
RegEnumValueW

ole32

CoInitializeSecurity
CoInitializeEx
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CreateStreamOnHGlobal

shell32

SHGetSpecialFolderPathW
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

oleaut32

VarUI4FromStr
SysFreeString
VarBstrCmp
SysAllocStringLen
SysAllocString
SysStringLen
VariantInit
VariantClear

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
PathAppendW
PathStripToRootW
SHDeleteKeyW
SHEnumKeyExW
StrToIntA
StrToIntW
PathAddBackslashW
SHSetValueW
SHGetValueW
PathFileExistsW

gdi32

GetObjectW
GetCurrentObject
RestoreDC
RectInRegion
SetStretchBltMode
SelectClipRgn
OffsetRgn
StretchBlt
ExtSelectClipRgn
CreateBitmap
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
CreateRoundRectRgn
GetViewportOrgEx
SetBkMode
TextOutW
SaveDC
GetStockObject
CreateDIBSection
ExtTextOutW
LineTo
CreateCompatibleDC
RoundRect
CreateCompatibleBitmap
SetBkColor
GetTextExtentPoint32W
MoveToEx
SelectObject
GetClipRgn
BitBlt
SetTextColor
CreatePen
DeleteObject
DeleteDC
GetTextColor
Rectangle
SetViewportOrgEx
CreateFontIndirectW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

AlphaBlend

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
??0?$allocator@_W@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?max_size@?$allocator@_W@std@@QBEIXZ

gdiplus

GdipDrawLinesI
GdipSetStringFormatFlags
GdipCloneFontFamily
GdipDisposeImage
GdipDrawImageRectRect
GdipCreateStringFormat
GdipGetFamily
GdipCreatePen1
GdipTranslateWorldTransform
GdipAddPathStringI
GdipRotateWorldTransform
GdipNewPrivateFontCollection
GdipDrawImagePointsRectI
GdipGetFontSize
GdipResetWorldTransform
GdipDeletePrivateFontCollection
GdipAddPathArcI
GdipDeleteFont
GdipFillPath
GdipCloneBrush
GdipClosePathFigure
GdipGraphicsClear
GdipPrivateAddFontFile
GdipDeleteBrush
GdipDrawImageI
GdipGetFontCollectionFamilyCount
GdipDrawImageRectI
GdipAlloc
GdipCloneImage
GdipDrawString
GdipDeleteFontFamily
GdiplusShutdown
GdipSetTextRenderingHint
GdiplusStartup
GdipFree
GdipGetFontCollectionFamilyList
GdipImageRotateFlip
GdipDeletePath
GdipSetStringFormatTrimming
GdipDeletePen
GdipGetImageWidth
GdipCreateImageAttributes
GdipDeleteStringFormat
GdipSetCompositingQuality
GdipDisposeImageAttributes
GdipDrawLine
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipCreateFont
GdipCreateBitmapFromScan0
GdipSetSmoothingMode
GdipDeleteGraphics
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipGetImageGraphicsContext
GdipFillRectangle
GdipLoadImageFromFile
GdipSetClipPath
GdipLoadImageFromFileICM
GdipSetPenEndCap
GdipSetPenDashStyle
GdipCreateHBITMAPFromBitmap
GdipFillRectangleI
GdipDrawPath
GdipAddPathPieI
GdipCreateBitmapFromStreamICM
GdipCreateFromHDC
GdipCreateBitmapFromStream
GdipMeasureString
GdipSetPenMode
GdipCreateFontFromLogfontW
GdipCreateFontFromDC
GdipSetInterpolationMode
GdipSetPenStartCap
GdipDrawImageRectRectI
GdipLoadImageFromStreamICM
GdipAddPathRectangleI
GdipLoadImageFromStream
GdipSetStringFormatLineAlign
GdipSetPixelOffsetMode
GdipCreatePath

msvcr80

memmove_s
_putenv
_open
_close
_read
_strnicmp
_strdup
_stat64
_mktime64
getenv
fflush
_fstat64
_lseeki64
_gmtime64
_beginthreadex
strerror
__sys_nerr
strtol
sprintf
fopen
fgets
fputs
_errno
memchr
_strtoi64
_time64
strstr
strtoul
toupper
strrchr
sscanf
isdigit
isxdigit
realloc
fwrite
__iob_func
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
__CxxFrameHandler3
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
strncpy
strcat
strcpy
isalpha
tolower
isalnum
strchr
isspace
strncmp
ferror
sscanf_s
fputc
fprintf
fread
fclose
atof
fseek
ftell
_vsnprintf_s
fopen_s
strlen
memmove
_time32
_vswprintf
iswdigit
_wcslwr_s
wcsncmp
wcstol
wcsrchr
wcsncpy
wcsstr
_snwprintf
_wsplitpath
_wcsnicmp
_beginthread
_stricmp
wcscpy
wcscat_s
_wcsicmp
wcsncat
wcschr
wcscat
rand
srand
vsprintf_s
abs
labs
calloc
atoi
_wtoi
_waccess
_ui64tow_s
??0exception@std@@QAE@XZ
free
strcpy_s
malloc
??_V@YAXPAX@Z
floor
_purecall
_invalid_parameter_noinfo
ceil
?what@exception@std@@UBEPBDXZ
__RTDynamicCast
??1exception@std@@UAE@XZ
??2@YAPAXI@Z
strcmp
??0exception@std@@QAE@ABV01@@Z
memcpy
memcmp
_recalloc
??0exception@std@@QAE@ABQBD@Z
wcsncpy_s
wcscmp
vswprintf_s
_CxxThrowException
wcslen
wcscpy_s
memcpy_s
memset
swscanf_s
??3@YAXPAX@Z

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

ws2_32

__WSAFDIsSet
inet_ntoa
select
listen
accept
recvfrom
sendto
WSAGetLastError
WSASetLastError
gethostbyname
ioctlsocket
connect
inet_addr
getsockname
setsockopt
bind
socket
getsockopt
htons
ntohs
closesocket
send
recv
WSAStartup
WSACleanup

winmm

timeGetTime

crypt32

CertNameToStrW

netapi32

NetApiBufferFree

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e86bacff27092477a594dd0f1b1ac87a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

shlwapi

gdi32

comctl32

msimg32

msvcp80

gdiplus

msvcr80

version

psapi

ws2_32

winmm

crypt32

netapi32

Exports

Exports

Sections

.text Size: 452KB - Virtual size: 451KB

.rdata Size: 128KB - Virtual size: 125KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 160KB - Virtual size: 160KB

.text
Size: 452KB - Virtual size: 451KB

.rdata
Size: 128KB - Virtual size: 125KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 160KB - Virtual size: 160KB