ea6842d4b5fc1794cfade39f0136bb400e8a2a4c097aeece016bb8a60e8c98cd

Sharing

Copy URL Twitter E-mail

General

Target

ea6842d4b5fc1794cfade39f0136bb400e8a2a4c097aeece016bb8a60e8c98cd
Size

128KB
MD5

15a0f33084de2829426b301c246296a0
SHA1

50bfd02c9e77a423603c37aec5eceb7cf73a00f5
SHA256

ea6842d4b5fc1794cfade39f0136bb400e8a2a4c097aeece016bb8a60e8c98cd
SHA512

9c653b22ab5082c7f19934c2dbae23b4c393bc96cd119978ffdcb7d76e0d3dd5b5a496bdffc241a72e06e21be9e9fcc789c9f9a22c057bf4d163d9198f70af73
SSDEEP

3072:QQa89dCA7St48TxaOYhvMW/7Ddyxfgun4qtTRvImTW0GhddrYl9:tCAuaJOYW84fRDngmTWF4

Score

N/A

Malware Config

Signatures

Files

ea6842d4b5fc1794cfade39f0136bb400e8a2a4c097aeece016bb8a60e8c98cd
.exe windows x86

9066f1bf2fb4abd68f54386b52a9320c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
lstrcpynA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
GetModuleHandleA
GetVersionExA
GetModuleFileNameA
SetUnhandledExceptionFilter
SetErrorMode
GetLocalTime
IsDebuggerPresent
RaiseException
GetCurrentProcessId
CreateFileA
WriteFile
SetEvent
WaitForSingleObject
LocalFree
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
TerminateThread
InitializeCriticalSection
GetCommandLineA
Sleep
Process32Next
CloseHandle
Module32First
Process32First
CreateEventA
CreateToolhelp32Snapshot

user32

KillTimer
DefWindowProcA
PostThreadMessageA
PeekMessageA
wsprintfA
SetTimer
PostMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
EndPaint
BeginPaint
CreateWindowExA
RegisterClassExA
LoadCursorA

advapi32

GetOldestEventLogRecord
GetNumberOfEventLogRecords
CloseEventLog
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenEventLogA

shell32

ShellExecuteA

oleaut32

VariantClear

kwdatadef

??0Sign@@QAE@XZ

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

kwlib

?Format@StringUtility@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDZZ
?ReadString@REG@KwLib@@YA_NPAUHKEY__@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@1AAV45@@Z
?GetUserID@UserId@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?KillOtherInstance@Process@KwLib@@YA_NXZ
?GetKwPath@Dir@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@W4Path_Type@12@@Z
?Str2Lower@StringUtility@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z

pd

StopDown
StartDown
StartKWMV
SetSysMsgWnd
EnableVIPService
GetResInfo
DelRes
StopAll

kwmv

StopP2P
StartP2P
StopUpload

ccenter

RS_InitializeCallCenter

kwmodconfig

AfxGetConfigManager

kwlog

?LogUserActMsg@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PBD_N@Z
?ResetLogLevel@@YAXH@Z
?LogClientErrorMsg@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@000@Z
?SetSpeceilVersion@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

kwhttp

UninitKwHttpMgr
InitKwHttpMgr

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

imm32

ImmDisableIME

shlwapi

PathFileExistsA
PathRemoveBackslashA

msvcr90

_except_handler3
memset
_CxxThrowException
__CxxFrameHandler3
_strlwr
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
vsprintf_s
strcpy_s
??3@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
atoi
??_V@YAXPAX@Z
_mbschr
_snprintf_s
strncpy
__argc
_time64
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_beginthreadex
memcpy
_splitpath_s
_makepath_s
sprintf_s

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9066f1bf2fb4abd68f54386b52a9320c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

oleaut32

kwdatadef

msvcp90

kwlib

pd

kwmv

ccenter

kwmodconfig

kwlog

kwhttp

version

imm32

shlwapi

msvcr90

Sections

.text Size: 31KB - Virtual size: 30KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 7KB

.rsrc Size: 77KB - Virtual size: 80KB

.text
Size: 31KB - Virtual size: 30KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 7KB

.rsrc
Size: 77KB - Virtual size: 80KB