92df27de3769a78b7083db057079569ffe350d5f2b1f77d090a4996bde19eb3f

Sharing

Copy URL Twitter E-mail

General

Target

92df27de3769a78b7083db057079569ffe350d5f2b1f77d090a4996bde19eb3f
Size

294KB
MD5

2121d35cbb39eaf48bc89d80d1f1e420
SHA1

83158e6c8d0a386341c805289f03d2dc9bb28cfa
SHA256

92df27de3769a78b7083db057079569ffe350d5f2b1f77d090a4996bde19eb3f
SHA512

459a0d0fbd468b77dd9de2576dd3251c816c6d973cc7bd053493df8e0c18f5420ce3805bf081966502b40f3419f099fe90402b872117085eb3f00576df852a02
SSDEEP

6144:+wk4lanBlUbdf1jCdjYmEMgPo+dBuODZpFotpBC564ubYe5t:+wkHnBlUxf1jeYmEMt8Potpk8jk

Score

N/A

Malware Config

Signatures

Files

92df27de3769a78b7083db057079569ffe350d5f2b1f77d090a4996bde19eb3f
.exe windows x86

27f457cce9e79588d08fcbcbf4f21600

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

recv
send
connect
WSAStartup
gethostbyname
htons
socket
closesocket
WSACleanup

comctl32

InitCommonControlsEx
ord17

gdiplus

GdipFillPath
GdipFillRectangle
GdipDrawPath
GdipSetPageUnit
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipGetPointCount
GdipWidenPath
GdipTransformPath
GdipAddPathString
GdipAddPathPath
GdipClosePathFigures
GdipGetPathData
GdipSetPathFillMode
GdipResetPath
GdipDeletePath
GdipCreatePath2
GdipCreatePath
GdipSetPenLineJoin
GdipDeletePen
GdipCreatePen2
GdipCreatePen1
GdipCreateLineBrush
GdipTranslateTextureTransform
GdipCreateTexture
GdipScaleMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipDrawImageI
GdiplusShutdown
GdiplusStartup
GdipBitmapGetPixel
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectRectI
GdipGetImageGraphicsContext
GdipDisposeImage
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipMeasureString
GdipDrawString
GdipFillRectangleI
GdipGraphicsClear
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipAlloc
GdipFree
GdipGetPathWorldBounds

wininet

InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetCrackUrlA
HttpQueryInfoW

kernel32

InterlockedDecrement
GetModuleHandleW
MultiByteToWideChar
SetCurrentDirectoryW
InterlockedExchange
SetThreadLocale
OutputDebugStringA
CreateThread
Sleep
GetTickCount
CloseHandle
OpenMutexA
InterlockedCompareExchange
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLastError
HeapFree
GetProcessHeap
CreateFileA
GetFileSize
ReadFile
CreateProcessA
WideCharToMultiByte
lstrlenA
GetModuleFileNameW

user32

ScreenToClient
SystemParametersInfoW
PostMessageW
InvalidateRect
GetClientRect
GetMenuItemCount
GetSubMenu
RemoveMenu
MessageBoxA
DispatchMessageW
TranslateMessage
GetClassNameW
GetMessageW
RegisterClassExW
LoadIconW
SetScrollInfo
GetScrollInfo
WindowFromPoint
MessageBoxW
GetSystemMetrics
SetTimer
KillTimer
SetWindowTextA
CreateWindowExW
ReleaseCapture
SetCapture
LoadCursorW
SetCursor
SetLayeredWindowAttributes
GetCursorPos
TrackMouseEvent
DestroyMenu
SystemParametersInfoA
UpdateLayeredWindow
GetWindowRect
FillRect
IntersectRect
ReleaseDC
GetDC
ClientToScreen
SetWindowRgn
GetWindowPlacement
ShowWindow
SetWindowPos
DestroyWindow
IsWindow
SendMessageW
CreateWindowExA
RegisterClassExA
DefWindowProcW
GetWindowLongW
GetParent
SetWindowLongW
GetWindowTextA
DrawMenuBar
PostQuitMessage

gdi32

CreateDIBSection
DeleteObject
SelectClipRgn
CreateRectRgn
SetDCBrushColor
GetBitmapDimensionEx
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateRoundRectRgn
GetStockObject

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteExA

ole32

CLSIDFromString
StgCreateDocfile
OleCreate
OleSetContainedObject
CreateStreamOnHGlobal
OleInitialize

oleaut32

VariantChangeType
VariantClear
VariantCopy
VariantInit
SysFreeString
SysStringLen
SysAllocString

msvcp90

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z

msvcr90

??3@YAXPAX@Z
_time64
??2@YAPAXI@Z
_atoi64
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
__argc
__wargv
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??_V@YAXPAX@Z
memmove_s
fopen
_filelength
_fileno
fread
fclose
sscanf
malloc
free
_purecall
toupper
??8type_info@@QBE_NABV0@@Z
tolower
srand
_ui64toa
rand
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
memset
_CxxThrowException
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
__CxxFrameHandler3
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
memcpy

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

h;
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

27f457cce9e79588d08fcbcbf4f21600

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

comctl32

gdiplus

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp90

msvcr90

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 13KB - Virtual size: 13KB

h; Size: 92KB - Virtual size: 92KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 13KB - Virtual size: 13KB

h;
Size: 92KB - Virtual size: 92KB