b549b58637f9d15a43d7e9f83ba30b9b3f754c5088bc9f7b27cf198e5d3428b9

Sharing

Copy URL Twitter E-mail

General

Target

b549b58637f9d15a43d7e9f83ba30b9b3f754c5088bc9f7b27cf198e5d3428b9
Size

595KB
MD5

11e754f4df2741d89bcac67fbdf19fa0
SHA1

c3ed3593a019725d7b89e22a220954419674076c
SHA256

b549b58637f9d15a43d7e9f83ba30b9b3f754c5088bc9f7b27cf198e5d3428b9
SHA512

1a490a5a8ebf78b359cd2b442be0d80e66403b7f990b847b095bdfa84d76a2f27fa3c65d5489209b54b007b54311b07e8db6a7fda4decd249c62712646342ca4
SSDEEP

12288:w3gQxg3tbH5Q/80KIs/2feqU6gcGccpccUccL7cc2ccOcc9cc4VcbcoHcIyccGc4:0xzKIs/2JjgcGccpccUccL7cc2ccOccj

Score

N/A

Malware Config

Signatures

Files

b549b58637f9d15a43d7e9f83ba30b9b3f754c5088bc9f7b27cf198e5d3428b9
.exe windows x86

4a606385e6d4dbc7eff70efbce017f62

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

basedll

?IsFileExist@FileMisc@Base@@YAHPB_W@Z

utilsdll

?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?GetSoftID@Misc@Utils@@YAIXZ
?GetInstallVer@Misc@Utils@@YAHPADK@Z

reportdll

GetReportMgr

kernel32

GlobalFree
GetTempPathW
Sleep
CreateEventW
WideCharToMultiByte
CreateFileW
Process32NextW
CreateDirectoryW
GetProcAddress
GetFileAttributesW
MoveFileW
CreateToolhelp32Snapshot
Process32FirstW
LoadLibraryW
TerminateThread
CreateIoCompletionPort
HeapSize
HeapReAlloc
HeapDestroy
TlsFree
InterlockedIncrement
GetModuleFileNameW
DeleteCriticalSection
GetLastError
CreateEventA
LeaveCriticalSection
CreateMutexW
SetEvent
InterlockedExchangeAdd
InterlockedExchange
FindResourceExW
LockResource
WriteFile
GetLocalTime
IsBadReadPtr
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
CreateWaitableTimerA
SystemTimeToFileTime
GetTickCount
ResumeThread
ResetEvent
OpenEventA
GetCurrentProcessId
ReleaseSemaphore
GetSystemTimeAsFileTime
FormatMessageA
LocalFree
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetVersionExA
FreeResource
lstrcpynW
RaiseException
InitializeCriticalSection
CloseHandle
EnterCriticalSection
TlsAlloc
InterlockedDecrement
PostQueuedCompletionStatus
GlobalAlloc
GlobalUnlock
WaitForMultipleObjects
LoadResource
InterlockedCompareExchange
QueueUserAPC
GetModuleHandleW
GetProcessHeap
SetWaitableTimer
TlsSetValue
FindResourceW
LoadLibraryExW
FlushInstructionCache
HeapAlloc
GetCurrentProcess
TlsGetValue
HeapFree
GlobalLock
lstrlenW
lstrcmpiW
GetQueuedCompletionStatus
WaitForSingleObject
MultiByteToWideChar
lstrcmpW
SizeofResource
InitializeCriticalSectionAndSpinCount
SetLastError
GetCurrentThreadId
MulDiv
FreeLibrary

user32

LoadCursorW
RedrawWindow
MoveWindow
DispatchMessageW
ClientToScreen
DestroyWindow
GetSysColor
CallWindowProcW
ScreenToClient
GetDlgItem
PostMessageW
TranslateMessage
DefWindowProcW
UnregisterClassA
RegisterWindowMessageW
SetWindowTextW
PeekMessageW
GetClientRect
GetFocus
ReleaseDC
ReleaseCapture
BeginPaint
GetClassNameW
SetCapture
GetClassInfoExW
CreateAcceleratorTableW
GetWindow
SetFocus
GetDC
GetWindowTextLengthW
InvalidateRect
EndPaint
SetWindowPos
GetDesktopWindow
DrawEdge
LoadImageW
GetMonitorInfoW
SystemParametersInfoW
MonitorFromWindow
IsWindowEnabled
UpdateWindow
GetSystemMetrics
GetWindowRect
ShowWindow
InflateRect
CreateDialogParamW
AdjustWindowRectEx
GetCapture
SetWindowRgn
OffsetRect
PtInRect
DrawFocusRect
FillRect
GetMenu
GetDlgCtrlID
SetForegroundWindow
TrackPopupMenu
GetSubMenu
LoadMenuW
RegisterClassExW
GetMessageW
CharNextW
DestroyAcceleratorTable
IsWindow
IsChild
CreateWindowExW
SendMessageW
SetWindowLongW
GetWindowLongW
GetParent
GetWindowTextW
InvalidateRgn
GetCursorPos
SetTimer
KillTimer
DestroyMenu

gdi32

SetBkMode
TextOutW
SetViewportOrgEx
RoundRect
CreateFontIndirectW
GetTextExtentPoint32W
SetTextColor
MoveToEx
Rectangle
CreateRoundRectRgn
CreatePen
GetDIBColorTable
GetObjectW
GetStockObject
CreateCompatibleDC
DeleteDC
SelectObject
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap
BitBlt
DeleteObject
CreateDIBSection
SetDIBColorTable
StretchBlt

advapi32

RegSetValueExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW

shell32

Shell_NotifyIconW
ShellExecuteExW

ole32

IIDFromString
CoInitializeEx
CoCreateInstance
OleLockRunning
CoGetInterfaceAndReleaseStream
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoTaskMemFree
StringFromGUID2
CoMarshalInterThreadInterfaceInStream
CoLoadLibrary
OleInitialize
CLSIDFromString
CoGetClassObject
CoUninitialize
CreateStreamOnHGlobal
CLSIDFromProgID
CoFreeLibrary

oleaut32

VariantInit
VariantClear
OleCreateFontIndirect
LoadTypeLi
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarUI4FromStr
SysAllocString
SysFreeString
LoadRegTypeLi

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_GetIconSize
ImageList_Draw
ImageList_Add
ImageList_Create
InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipCloneImage
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipFree
GdipDrawImageRectI
GdipAlloc
GdipGetGenericFontFamilySansSerif
GdipGetLogFontW
GdipLoadImageFromFile
GdipDisposeImage
GdipCreateFont
GdiplusShutdown
GdipDeleteFont
GdipBitmapUnlockBits
GdipGetImagePaletteSize
GdipCreateBitmapFromScan0
GdipDrawImageI
GdipGetImagePalette
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipBitmapLockBits
GdipGetImagePixelFormat
GdiplusStartup
GdipDeleteFontFamily
GdipGetImageGraphicsContext
GdipCreateFromHDC

msvcp80

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

ws2_32

WSAStartup
WSACleanup

msvcr80

_purecall
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
_itoa
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
memcpy_s
malloc
swprintf_s
free
_invalid_parameter_noinfo
wcsncpy_s
_recalloc
memmove_s
wcscpy_s
_resetstkoflw
swscanf
srand
rand
_time64
printf
_vscwprintf_p
_vswprintf_p
_vsprintf_p
_vscprintf_p
_waccess
vswprintf_s
_vscwprintf
_snwprintf
wcsncat_s
strncpy_s
_wcsicmp
wcschr
sprintf
_wtoi
_wsplitpath
tolower
__CxxFrameHandler3
_snprintf
fflush
fprintf
__iob_func
_CxxThrowException
memcpy
memset
strerror
_gmtime64
_beginthreadex
?terminate@@YAXXZ
_wsplitpath_s
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_unlock
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

HttpQueryInfoW
InternetCloseHandle
InternetConnectW
HttpSendRequestW
HttpOpenRequestW
InternetReadFile
InternetOpenW
InternetCrackUrlW

sensapi

IsNetworkAlive

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 364KB - Virtual size: 360KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a606385e6d4dbc7eff70efbce017f62

Headers

File Characteristics

Imports

basedll

utilsdll

reportdll

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

gdiplus

msvcp80

ws2_32

msvcr80

version

wininet

sensapi

Exports

Exports

Sections

.text Size: 364KB - Virtual size: 360KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 12KB - Virtual size: 13KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 112KB - Virtual size: 112KB

.text
Size: 364KB - Virtual size: 360KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 12KB - Virtual size: 13KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 112KB - Virtual size: 112KB