69fa34955eedb3547a7fa9041aac4c07abd11350ab2510c13e704ae5c24a750a

Sharing

Copy URL Twitter E-mail

General

Target

69fa34955eedb3547a7fa9041aac4c07abd11350ab2510c13e704ae5c24a750a
Size

364KB
MD5

09cb8ba2f889d7c7d9fc039dd73499ee
SHA1

6c089364bf8e5ff888af8255e6c15c9779d02914
SHA256

69fa34955eedb3547a7fa9041aac4c07abd11350ab2510c13e704ae5c24a750a
SHA512

1f7217ccbb8a56d6b8848fd1ed5fce4d2d2332ae8bb15536b4f688e840b78e1c4d9fd3e77719a062aa9839d254a61bed53540f77a4a312ad36dfbdeba16007a9
SSDEEP

6144:rZUBMmVqT2KjPXLkABoGoBQiLkYMY2dHrHMZqr:rWeLRypopzMZqr

Score

N/A

Malware Config

Signatures

Files

69fa34955eedb3547a7fa9041aac4c07abd11350ab2510c13e704ae5c24a750a
.exe windows x86

767c56ffba849e09d17482f8c9fd88d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crlutl

_UNITConvToUnitAndString@24
?UTLLocateExceptionMapEntry@@YGHHPAUHWND__@@HAAK@Z
_UTLShowHelp@20
_UTLStandardHelpButton@12
_UTLStandardHelp@20
_UTLStandardContextMenu@20
_UTLLoadString@4
_INIInitCommonIniFile@0
_GetUserProfileConfigDir@4
_UTLFindHelpFile@8
?GetInst@IGLB_UILanguage@@SAAAV1@XZ

crli18n

_CorGetCharSet@0
_CorIsFarEastWindow@0
?SetFromUnicode@CGlbChar@@QAGHQBGI@Z

crlctl

?BuildPropPageArray@WCmnUI_PropertySheet@@UAEXXZ
?SetNumDecimalPlaces@WUnitSpinBase@@QAEXI@Z
??0WSpinCtrl@@QAE@XZ
??1WSpinCtrl@@UAE@XZ
?GetThisMessageMap@WCmnUI_PropertyPage@@KGPBUAFX_MSGMAP@@XZ
?GetThisClass@WCmnUI_PropertyPage@@SGPAUCRuntimeClass@@XZ
??0WCmnUI_PropertyPage@@QAE@IIK@Z
??1WCmnUI_PropertyPage@@UAE@XZ
?GetThisMessageMap@WCmnUI_PropertySheet@@KGPBUAFX_MSGMAP@@XZ
?GetThisClass@WCmnUI_PropertySheet@@SGPAUCRuntimeClass@@XZ
??0WCmnUI_PropertySheet@@QAE@IPAVCWnd@@I@Z
?AddPage@WCmnUI_PropertySheet@@QAEXPAVCPropertyPage@@@Z
?OnInitDialog@WCmnUI_PropertySheet@@UAEHXZ
??1WCmnUI_PropertySheet@@UAE@XZ
??0WCmnUI_PropertySheet@@QAE@XZ
?PreTranslateMessage@WCmnUI_PropertySheet@@UAEHPAUtagMSG@@@Z
?UTLGetNumDisplayColors@@YGJXZ

mfc71u

ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord3327
ord490
ord5379
ord5221
ord6248
ord5113
ord1488
ord956
ord5995
ord547
ord4025
ord1049
ord593
ord1117
ord1121
ord334
ord3624
ord3596
ord3657
ord3533
ord2686
ord4851
ord4737
ord4703
ord4841
ord1945
ord1663
ord4496
ord4803
ord4888
ord4910
ord4363
ord4329
ord4326
ord4911
ord2665
ord4455
ord4247
ord4989
ord5600
ord4021
ord2541
ord2998
ord4916
ord3096
ord6241
ord5461
ord973
ord3029
ord3380
ord2819
ord4561
ord2610
ord2616
ord6234
ord2007
ord5153
ord1371
ord5408
ord4254
ord1917
ord4216
ord3034
ord2762
ord2831
ord4476
ord4264
ord705
ord1139
ord4702
ord578
ord1189
ord2297
ord2250
ord1123
ord2132
ord487
ord5590
ord1533
ord5316
ord6282
ord1177
ord313
ord4029
ord310
ord3676
ord3585
ord2027
ord4438
ord4437
ord4784
ord4198
ord4775
ord4974
ord4166
ord4175
ord4771
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4858
ord4855
ord3968
ord5147
ord3338
ord1352
ord4267
ord565
ord756
ord5170
ord4145
ord4585
ord6225
ord6227
ord6232
ord1396
ord3922
ord1784
ord3155
ord1270
ord5633
ord347
ord5609
ord2651
ord2066
ord3654
ord3525
ord4836
ord2823
ord1950
ord1322
ord4892
ord5494
ord4306
ord4305
ord2237
ord1904
ord2609
ord5003
ord5006
ord4303
ord4129
ord2933
ord4898
ord940
ord5356
ord2419
ord2418
ord4016
ord3939
ord5144
ord5205
ord2164
ord3826
ord4271
ord4259
ord704
ord697
ord468
ord480
ord471
ord694
ord5373
ord4296
ord5161
ord3642
ord3460
ord5352
ord4013
ord5201
ord395
ord635
ord4293
ord4274
ord1512
ord4266
ord1573
ord4109
ord2422
ord3126
ord3534
ord4852
ord2990
ord4875
ord4817
ord4822
ord4827
ord4579
ord4551
ord4732
ord5011
ord4798
ord4504
ord4865
ord4369
ord4878
ord4387
ord4973
ord3906
ord2854
ord2936
ord4479
ord488
ord706
ord2366
ord589
ord330
ord4512
ord6058
ord4861
ord5065
ord5064
ord4791
ord4611
ord4838
ord4184
ord4207
ord4730
ord5207
ord4714
ord620
ord591
ord5829
ord4119
ord1922
ord1474
ord4092
ord2080
ord1538
ord4228
ord2985
ord3165
ord1545
ord3189
ord1785
ord5699
ord2421
ord2160
ord6115
ord3753
ord2155
ord587
ord3983
ord6086
ord5066
ord2340
ord2362
ord2361
ord602
ord1571
ord5327
ord6293
ord4072
ord2077
ord4226
ord3158
ord746
ord1908
ord629
ord1430
ord5319
ord2897
ord3451
ord380
ord1626
ord1534
ord3151
ord583
ord1386
ord3590
ord1182
ord1178
ord2121
ord293
ord577
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord1542
ord280
ord1479
ord870
ord2895
ord6111
ord282
ord2926
ord4320
ord2009
ord1007
ord5096
ord566
ord776
ord6063
ord4026
ord2751
ord4886
ord5380
ord4481
ord4519
ord2042
ord2736
ord5492
ord4850
ord4736
ord5931
ord6039
ord300
ord1472
ord1172
ord1118
ord287
ord860
ord3927
ord896
ord777
ord1782
ord1058
ord2986
ord1548
ord3756
ord774
ord1883
ord2893
ord290
ord1765
ord775
ord2311
ord1536
ord283
ord268
ord5398
ord2460
ord383
ord3383
ord899
ord4027
ord1156
ord5378
ord6215
ord3800
ord5579
ord2054
ord6274
ord3795
ord6272
ord4008
ord4032
ord2239
ord757
ord701
ord1086
ord1079
ord762
ord4574
ord2011
ord354
ord605
ord3176
ord4256
ord2942
ord5199
ord1392
ord5908
ord1661
ord1662
ord4884
ord4729
ord4206
ord5178
ord3677
ord4461
ord4463
ord3635
ord501
ord709
ord760
ord572
ord3331
ord4255
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2402
ord2407
ord2388
ord2404
ord931
ord927
ord929
ord925
ord920
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord3678
ord764
ord5640
ord326
ord502
ord5636
ord5637
ord3249
ord1271
ord3280
ord1925
ord3204
ord265
ord266
ord1297
ord1198

msvcr71

_CIsin
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
_onexit
__security_error_handler
?terminate@@YAXXZ
_controlfp
_CIcos
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
memset
_resetstkoflw
_waccess
calloc
wcsncpy
malloc
_wsplitpath
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcsrchr
_except_handler3
wcsncmp
atol
strncat
isdigit
atoi
_wtoi
strncpy
atof
sprintf
free
_wcsdup
_CxxThrowException
_CIacos
__CxxFrameHandler
wcscpy
_purecall
wcslen
wcscmp

kernel32

LoadLibraryW
GetProcAddress
GlobalAlloc
GlobalLock
GlobalUnlock
HeapFree
GetProcessHeap
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
GetStartupInfoW
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
FreeLibrary
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
WritePrivateProfileStructA
WritePrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntA
WideCharToMultiByte
lstrlenW
LockResource
GetModuleHandleA
GetModuleHandleW
CreateEventW
GetCurrentProcessId
GetFileAttributesW
GetVersion
CloseHandle
WaitForSingleObject
GlobalDeleteAtom
GlobalFindAtomW
ReleaseMutex
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
SetUnhandledExceptionFilter
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetUserDefaultLCID
GetFileSize
OutputDebugStringW
ReadFile
CreateFileW
lstrcmpiW
lstrcpyW
LoadResource
WritePrivateProfileStringA
GetVersionExA
FindResourceW

user32

IsWindow
UpdateLayeredWindow
LoadCursorW
GetDesktopWindow
ShowWindow
EndDialog
RedrawWindow
FindWindowW
BeginPaint
EndPaint
IsRectEmpty
SetWindowTextW
SetRect
LoadStringW
DrawTextW
GetWindowLongW
AdjustWindowRect
SetWindowPos
OffsetRect
CreateDialogParamW
InflateRect
DestroyWindow
DdeNameService
DdeUninitialize
PostThreadMessageW
GetSysColor
FillRect
CopyRect
MessageBeep
GetDlgCtrlID
GetClassNameA
GetParent
WindowFromDC
GetWindowRect
LoadBitmapW
SendDlgItemMessageW
LoadStringA
PostMessageW
LoadIconW
SendMessageW
GetWindowTextW
EnableWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDC
ReleaseDC
GetClientRect
UpdateWindow
InvalidateRect
GetSystemMetrics

gdi32

CreateDIBSection
SetDIBColorTable
SelectPalette
SetBkColor
TextOutW
RectVisible
DeleteDC
CreateFontIndirectW
GetStockObject
GetNearestColor
StretchDIBits
Rectangle
EnumFontFamiliesW
GetCurrentObject
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
GetObjectW
PatBlt
CreateEnhMetaFileW
SetWindowOrgEx
CloseMetaFile
CreateSolidBrush
SaveDC
SetMapMode
SetWindowExtEx
SetViewportExtEx
GetTextMetricsW
GetTextExtentPoint32A
RestoreDC
SetBkMode
SetTextColor
SetTextAlign
TextOutA
RealizePalette
GetDeviceCaps
CreatePalette
CreateFontW
GetTextFaceW
Polygon
LPtoDP
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject

gdiplus

GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipFree
GdipGetImageGraphicsContext
GdipDrawImageI
GdipAlloc
GdipCloneImage
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipGetImagePixelFormat

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

767c56ffba849e09d17482f8c9fd88d0

Headers

File Characteristics

Imports

crlutl

crli18n

crlctl

mfc71u

msvcr71

kernel32

user32

gdi32

gdiplus

Sections

.text Size: 176KB - Virtual size: 172KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 52KB - Virtual size: 50KB

.text Size: 76KB - Virtual size: 76KB

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 52KB - Virtual size: 50KB

.text
Size: 76KB - Virtual size: 76KB