63ef40faf2150fc6ab0bf69315314aa5f8548e363891c2f0cf181ad0a57a1bc2

Sharing

Copy URL Twitter E-mail

General

Target

63ef40faf2150fc6ab0bf69315314aa5f8548e363891c2f0cf181ad0a57a1bc2
Size

258KB
MD5

0a9239d8e256bf97b58ed64add75d910
SHA1

44de618f615c60947e6e9ba693cc930a09c303db
SHA256

63ef40faf2150fc6ab0bf69315314aa5f8548e363891c2f0cf181ad0a57a1bc2
SHA512

e859b71d4f237cac9a9057306e22050c24eb5e566572adfd6274c29fb34fbb7bb45ab460b5067bc8b3a910074ea9baa30125d786e2e3eb1ac7837d4b9a884c83
SSDEEP

6144:m8T0NQAEitx431slGUiPZQ1WZQjT2+qsnvUWES:mc0NQAEblsliZsl6snv

Score

N/A

Malware Config

Signatures

Files

63ef40faf2150fc6ab0bf69315314aa5f8548e363891c2f0cf181ad0a57a1bc2
.exe windows x86

aab1555d0fcc4c5447ce57a09ecc5b68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasEnumConnectionsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

HttpQueryInfoW
InternetAttemptConnect
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

minizip

mini_unzip_dll

kernel32

GetPriorityClass
GetCurrentProcess
OutputDebugStringA
OutputDebugStringW
VirtualProtect
GetModuleHandleW
InterlockedExchange
GetCurrentThread
CreateThread
CopyFileW
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
SetLastError
GetModuleFileNameW
WritePrivateProfileStringW
LocalFree
DeleteFileW
FreeLibrary
SetErrorMode
SetCurrentDirectoryW
SetEvent
ResetEvent
WideCharToMultiByte
TerminateProcess
OpenEventW
CreateMutexW
GetPrivateProfileIntW
lstrlenW
UnmapViewOfFile
ReleaseMutex
GetCurrentProcessId
WaitForMultipleObjects
GetTickCount
OpenMutexW
MapViewOfFile
CreateFileMappingW
CreateEventW
IsBadCodePtr
CreateDirectoryW
GetFileAttributesW
lstrcatW
SetPriorityClass
SuspendThread
ResumeThread
GetCurrentThreadId
WriteFile
CreateFileW
Sleep
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
SetFileAttributesW
MultiByteToWideChar
GetExitCodeProcess
CreateProcessW
FileTimeToSystemTime
GetCommandLineW
lstrlenA
GetSystemDirectoryW
GetPrivateProfileStringW
SystemTimeToFileTime
GetLocalTime
GetPrivateProfileStructW
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetLastError
CloseHandle
LoadLibraryW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSection
RaiseException
HeapSize
GetProcessHeap
GetTempPathW
WaitForSingleObject
ExitProcess
GetModuleHandleA
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
LoadLibraryA
DebugBreak
GetModuleFileNameA
VirtualAlloc
InterlockedCompareExchange
FlushInstructionCache
GetThreadContext
SetThreadContext
VirtualQuery

user32

GetMessageW
wsprintfW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
ShowWindow
UpdateWindow
PostQuitMessage
DefWindowProcW
DestroyWindow
TranslateMessage
DispatchMessageW
PostMessageW

gdi32

GetStockObject

advapi32

RegQueryValueExW
RegOpenKeyExW
GetNamedSecurityInfoW
GetAclInformation
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
EqualSid
SetNamedSecurityInfoW
InitializeAcl
AddAce
GetLengthSid
CopySid
IsValidSid
AddAccessAllowedAce
LookupAccountNameW
InitializeSecurityDescriptor
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
SetSecurityDescriptorDacl

shell32

SHGetFolderPathW
ord680
ShellExecuteExW
ShellExecuteW

ole32

CoTaskMemFree

shlwapi

PathIsSameRootW
PathCombineW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW

msvcp71

?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??_D?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?str@?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?find_last_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?_Nomemory@std@@YAXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?eof@?$char_traits@_W@std@@SAGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@PA_W@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@_W@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

msvcr71

fopen
_wtoi
wcsncat
_beginthread
_callnewh
__security_error_handler
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_CRT_RTC_INIT
_controlfp
_getpid
_itoa
__CxxFrameHandler
memset
_except_handler3
free
??3@YAXPAX@Z
??_V@YAXPAX@Z
wcsstr
_wcsupr
memcpy
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_wcslwr
wcscpy
wcsncpy
fclose
wcslen
fgetws
_wfopen
malloc
_resetstkoflw
_purecall
tolower
memmove
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@PBD@Z
strlen
_itow
?swprintf@@YAHPA_WIPB_WZZ
_wcsnicmp
wcscmp
_wcsicmp
swprintf
swscanf
_ultow
wcscat
wcsrchr
fwrite
fgetwc
fseek
fread
sprintf
_wtol

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aab1555d0fcc4c5447ce57a09ecc5b68

Headers

File Characteristics

Imports

rasapi32

version

wininet

minizip

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

msvcp71

msvcr71

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 76KB - Virtual size: 76KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 76KB - Virtual size: 76KB