d0a15d7ac2e2954f8ce4d0b5a75118302fb4293b8b244fc34adde14755fd1e7c

Sharing

Copy URL Twitter E-mail

General

Target

d0a15d7ac2e2954f8ce4d0b5a75118302fb4293b8b244fc34adde14755fd1e7c
Size

248KB
MD5

30bcf54901ce1fae3f059e8da8997d30
SHA1

d87e47d0e7195f6daca3d905d60fe3a73f42a06b
SHA256

d0a15d7ac2e2954f8ce4d0b5a75118302fb4293b8b244fc34adde14755fd1e7c
SHA512

7a9ea91bc1d7b2ff2d04d4267fb126e632924c6b3e46fa44daf6b31ad1baf5335e1783b3202e6cb1a965b0d9083e86a60660fe12746122077c6e6e6cddc26128
SSDEEP

6144:TYKSXuG7c3YZQUfDUgBRHCPemP1GPOkR4vJPXAyEWyroAYRZEXY:kKSXuWc8zH81+6JPXAP9rcAI

Score

N/A

Malware Config

Signatures

Files

d0a15d7ac2e2954f8ce4d0b5a75118302fb4293b8b244fc34adde14755fd1e7c
.exe windows x86

74b0b34ca170a0e7e74403ebdfd2cb7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileW
URLDownloadToCacheFileW

kernel32

FindFirstFileW
OutputDebugStringW
GetCurrentThreadId
GlobalLock
GlobalAlloc
CloseHandle
FlushFileBuffers
WriteFile
SetFilePointer
WritePrivateProfileStringW
GetTempPathA
CreateFileW
WritePrivateProfileStringA
GetPrivateProfileIntW
GetPrivateProfileStringA
GetPrivateProfileStringW
CopyFileW
MoveFileW
InterlockedExchangeAdd
InitializeCriticalSection
MapViewOfFile
ReleaseMutex
CreateFileMappingW
WaitForSingleObject
ExitProcess
CreateMutexW
TerminateProcess
GetCurrentProcess
TlsSetValue
FindCloseChangeNotification
FindFirstChangeNotificationW
TlsGetValue
GetLastError
TlsAlloc
LoadLibraryW
GetSystemInfo
FreeLibrary
UnmapViewOfFile
InterlockedDecrement
TlsFree
DeleteCriticalSection
OpenFileMappingW
FindNextFileW
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetVersionExW
lstrlenW
lstrcpyW
CreateThread
TerminateThread
WaitForMultipleObjects
SetEnvironmentVariableW
GetTempPathW
ExpandEnvironmentStringsW
Sleep
CreateEventW
GetExitCodeThread
GetFileSize
EnterCriticalSection
VirtualQuery
GlobalFree
GetLocalTime
DeleteFileW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcessId
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetVolumeInformationA
GetSystemDirectoryA
LeaveCriticalSection
GetModuleFileNameA
IsBadCodePtr
GetCommandLineW
FindClose
GetFileAttributesW
CreateDirectoryW
GetFileAttributesA
CreateDirectoryA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GlobalUnlock
lstrcatA
lstrcpyA
DeviceIoControl
lstrlenA
RaiseException
GetVersionExA
SetPriorityClass
CreateFileA

user32

GetMessageW
TrackPopupMenu
SetForegroundWindow
GetCursorPos
GetLastActivePopup
LoadImageW
CharLowerBuffW
MessageBoxW
PostQuitMessage
PostMessageW
AppendMenuW
CreatePopupMenu
DestroyMenu
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
ShowWindow
UpdateWindow
RegisterWindowMessageW
GetSystemMetrics
TranslateMessage
DispatchMessageW
DefWindowProcW
wsprintfW

gdi32

GetStockObject

advapi32

RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteW
SHGetSpecialFolderPathA
ShellExecuteExW
Shell_NotifyIconW
ord680
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
StringFromIID
OleRun

oleaut32

SysAllocStringLen
SysFreeString
VarBstrCmp
SysStringLen
VariantInit
VariantCopy
VariantClear
SysStringByteLen
GetErrorInfo
SysAllocString
SysAllocStringByteLen

msvcp90

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?str@?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

PathAppendW
PathFileExistsW
PathFindFileNameW

msvcr90

wcscmp
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
strlen
strncpy
_snprintf
strtok
memcmp
strncat
wcstok
_wcsicmp
_wstat64i32
_vsnwprintf
wcscat
_vswprintf
_vscwprintf
vswprintf_s
??_V@YAXPAX@Z
memcpy_s
wcsnlen
calloc
_recalloc
memmove_s
_swprintf
atoi
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s
wcscpy
_CxxThrowException
free
strcmp
strncmp
_wtoi
memcpy
wcsncpy
_wsplitpath
memset
wcslen
_snwprintf
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
wcschr
strstr
??3@YAXPAX@Z
malloc
isalnum
tolower
isspace
isprint
srand
rand
sprintf
_time64
_itoa

crypt32

CertFindCertificateInStore
CryptQueryObject
CryptMsgGetParam
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose
CertCloseStore

wintrust

WinVerifyTrust

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74b0b34ca170a0e7e74403ebdfd2cb7c

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp90

version

shlwapi

msvcr90

crypt32

wintrust

iphlpapi

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 4KB - Virtual size: 18KB

.rsrc Size: 82KB - Virtual size: 84KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 4KB - Virtual size: 18KB

.rsrc
Size: 82KB - Virtual size: 84KB