696a022982d87da1151ebf4e4e8af00be28b55868c0438114717c2f079436953

Sharing

Copy URL Twitter E-mail

General

Target

696a022982d87da1151ebf4e4e8af00be28b55868c0438114717c2f079436953
Size

1.1MB
MD5

36582bc18d8a7c218337b32acfe776d0
SHA1

d09241e367e2ae45a6590befee5413293874a051
SHA256

696a022982d87da1151ebf4e4e8af00be28b55868c0438114717c2f079436953
SHA512

a59675ba87e85284febc2177fcb6164240a5ceef5636f70b00302acdefcfb95d356d4e67fe3f707e1ecb136763fdc39dfd6465c4bdadc92c76c98adf9cb1f467
SSDEEP

24576:DwBlm5L412JKFfww22583EVqfCbNqyipdVOkOiFtbUHJix:DP0YtfCOQkOiFtbF

Score

N/A

Malware Config

Signatures

Files

696a022982d87da1151ebf4e4e8af00be28b55868c0438114717c2f079436953
.exe windows x86

0e627eff562d654a52a776b25173e2e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
__WSAFDIsSet
gethostbyname
inet_ntoa
WSAGetLastError
select
connect
ioctlsocket
socket
htons
inet_addr
ntohl
htonl
setsockopt
WSASetLastError
WSAStartup
listen
bind
accept
closesocket
send
recv
getsockname
getpeername

mfc42

ord1200
ord3721
ord795
ord2301
ord4809
ord940
ord2243
ord5789
ord6172
ord4224
ord1232
ord1153
ord3692
ord5791
ord812
ord686
ord5148
ord6129
ord3754
ord6358
ord5787
ord2860
ord6605
ord5683
ord4220
ord2584
ord3654
ord3701
ord801
ord6438
ord541
ord2438
ord2863
ord6379
ord5781
ord6200
ord5937
ord1601
ord6877
ord3876
ord6134
ord6143
ord6883
ord6119
ord2516
ord361
ord3870
ord1779
ord4055
ord3790
ord3499
ord3763
ord1644
ord5572
ord2915
ord692
ord3797
ord2754
ord2408
ord2096
ord384
ord2714
ord5782
ord3283
ord3803
ord2099
ord2064
ord3452
ord668
ord1980
ord2770
ord356
ord3708
ord696
ord699
ord781
ord394
ord397
ord5593
ord3438
ord2111
ord2152
ord1083
ord909
ord501
ord4185
ord912
ord3771
ord3061
ord4083
ord6270
ord2817
ord1269
ord5590
ord3435
ord861
ord6311
ord4171
ord1979
ord539
ord3318
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord798
ord6407
ord532
ord5465
ord5194
ord533
ord2574
ord3572
ord1793
ord1756
ord6136
ord3767
ord2393
ord2078
ord559
ord5862
ord2558
ord2116
ord5873
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord5953
ord3097
ord926
ord2763
ord4337
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord674
ord366
ord5252
ord6378
ord4457
ord4413
ord4499
ord700
ord398
ord5594
ord6929
ord6927
ord913
ord5632
ord4189
ord2299
ord5856
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord6157
ord5714
ord4622
ord3738
ord815
ord561
ord2092
ord5484
ord2919
ord4159
ord6117
ord1134
ord2725
ord3522
ord816
ord562
ord1642
ord2753
ord3337
ord548
ord6094
ord3873
ord2453
ord603
ord2740
ord879
ord273
ord2801
ord882
ord2450
ord3184
ord6144
ord5651
ord3616
ord3127
ord350
ord2381
ord6442
ord1621
ord4278
ord4277
ord4202
ord2764
ord3706
ord6380
ord6197
ord536
ord3317
ord5606
ord1158
ord5860
ord941
ord1146
ord6334
ord4234
ord2370
ord2289
ord324
ord3597
ord3089
ord6394
ord5450
ord6383
ord5440
ord5981
ord2086
ord6215
ord3811
ord5600
ord773
ord4022
ord1792
ord6385
ord922
ord354
ord5186
ord5442
ord665
ord2380
ord2820
ord656
ord3610
ord4034
ord1949
ord6779
ord939
ord5710
ord2642
ord4287
ord4284
ord3092
ord3573
ord1168
ord6880
ord2567
ord3874
ord4123
ord3693
ord6178
ord2431
ord2859
ord1641
ord2405
ord2452
ord6453
ord5785
ord609
ord3574
ord4396
ord3571
ord2575
ord4710
ord4229
ord641
ord355
ord4834
ord5280
ord2515
ord4852
ord4375
ord5016
ord4608
ord4750
ord4716
ord4607
ord4635
ord5067
ord1834
ord2818
ord4129
ord924
ord858
ord472
ord5788
ord4297
ord4133
ord1088
ord2379
ord289
ord613
ord5875
ord537
ord3619
ord323
ord1640
ord640
ord823
ord3986
ord6142
ord1233
ord2122
ord809
ord500
ord1576
ord556
ord772
ord3742
ord4275
ord2645
ord2688
ord2864
ord1768
ord6199
ord5799
ord3756
ord5768
ord429
ord1652
ord4042
ord3216
ord404
ord5445
ord703
ord5510
ord6778
ord4328
ord6242
ord6170
ord4267
ord3496
ord6909
ord6654
ord682
ord3630
ord2580
ord1844
ord1195
ord4163
ord554
ord2120
ord2012
ord2920
ord807
ord1862
ord1574
ord1099
ord6140
ord5858
ord6663
ord341
ord654
ord3921
ord1175
ord6282
ord6283
ord3957
ord1929
ord3752
ord6128
ord4400
ord1133
ord3138
ord6458
ord2089
ord3920
ord6720
ord2862
ord2107
ord2093
ord2841
ord4273
ord4723
ord5260
ord4299
ord2302
ord818
ord2135
ord567
ord4424
ord3402
ord5290
ord2385
ord1776
ord6055
ord4853
ord2614
ord860
ord4476
ord470
ord283
ord2414
ord755
ord3663
ord3626
ord4837
ord535
ord6241
ord540
ord4160
ord800
ord825
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord560
ord813
ord4432
ord1726
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord3748
ord5240
ord4108
ord4961
ord4964
ord4524
ord4529
ord4526
ord6376
ord2055
ord2648
ord4441
ord3798
ord4353
ord6374
ord5163
ord5241
ord4543
ord4545
ord4531
ord4890
ord4349
ord4341

msvcrt

_purecall
_except_handler3
_ftol
_mbsicmp
strncpy
fopen
_itoa
_strlwr
strchr
_strnicmp
_strdup
strstr
?terminate@@YAXXZ
_setmbcp
_tell
_chsize
_write
_open
_close
_filelength
_read
__CxxFrameHandler
sprintf
time
atoi
free
realloc
malloc
wcslen
rand
srand
_mbscmp
memmove
atol
isdigit
fread
fclose
ftell
fseek
_lseek
_CxxThrowException
_strupr
_stricmp
isprint
wcscpy
strtoul
_mbsnbcmp
_mbspbrk
atof
mktime
sscanf
fgets
strrchr
rename
_beginthreadex
toupper
isxdigit
_mbschr
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_mbsnbcpy

kernel32

GetSystemDirectoryA
WinExec
SetCurrentDirectoryA
CreateToolhelp32Snapshot
Process32First
Process32Next
SetFilePointer
GetLocalTime
OpenFileMappingA
WritePrivateProfileSectionA
WritePrivateProfileStringA
GetCurrentProcess
TerminateProcess
_lopen
_llseek
_lclose
_lread
InterlockedIncrement
InterlockedDecrement
FindResourceA
LoadResource
SizeofResource
LockResource
GlobalSize
GetFullPathNameA
CopyFileA
SetLastError
GetFileAttributesA
lstrlenA
CreateMutexA
MulDiv
FindFirstFileA
FindClose
WideCharToMultiByte
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
MultiByteToWideChar
lstrcmpiA
GetPrivateProfileIntA
DeleteFileA
IsBadReadPtr
CreateDirectoryA
TerminateThread
GetTickCount
GetLastError
Sleep
MapViewOfFile
UnmapViewOfFile
lstrcpyA
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
SetEvent
ResetEvent
CreateThread
CreateEventA
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
LoadLibraryA
GetProcAddress
GetPrivateProfileStringA
lstrcpynA
WriteFile
CreateFileA
ReadFile
CloseHandle
GetVersion
lstrlenW
GetCPInfo
GetFileSize
FindResourceExA
GetCurrentDirectoryA
GetCommandLineA
FindNextFileA
lstrcmpA
GetDiskFreeSpaceExA
LocalFree
lstrcatA
ResumeThread
GetVersionExA
GetStartupInfoA
IsDBCSLeadByte
GetModuleFileNameA

user32

SetPropA
SystemParametersInfoA
BringWindowToTop
SetWindowRgn
UpdateWindow
ScreenToClient
LoadBitmapA
DrawIcon
IsWindowVisible
LoadIconA
LoadImageA
SetCursor
DrawStateA
OffsetRect
InflateRect
DrawFocusRect
GetActiveWindow
GetDC
ReleaseDC
RedrawWindow
KillTimer
DestroyIcon
DestroyCursor
FindWindowExA
GetWindowLongA
SetWindowLongA
CallWindowProcA
wsprintfA
SetTimer
CreateWindowExA
RegisterClassA
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
GetCursorPos
WindowFromPoint
GetParent
SendMessageA
PtInRect
DefWindowProcW
GetCapture
SetCapture
CopyRect
DrawFrameControl
GetSysColor
InvalidateRect
SetRect
LoadCursorA
GetDesktopWindow
GetWindowRect
EnableWindow
GetAsyncKeyState
IsWindow
PostMessageA
GetClientRect
IsRectEmpty
SetClipboardData
EmptyClipboard
RemovePropA
MessageBoxA
DrawTextA
ClipCursor
GetClipCursor
LoadCursorFromFileA
VkKeyScanA
keybd_event
FindWindowA
ClientToScreen
FrameRect
GetForegroundWindow
SetCursorPos
AppendMenuA
AdjustWindowRectEx
CreateCursor
UnionRect
GetSystemMenu
EndPaint
BeginPaint
GetKeyState
FlashWindow
IsIconic
LoadMenuA
GetMenuStringA
GetMenuItemID
GetMenuItemCount
DrawIconEx
GetWindowRgn
EnableMenuItem
GetSubMenu
ModifyMenuA
CloseClipboard
OpenClipboard
GetFocus
GetMessagePos
GetMessageA
GetWindowDC
RegisterWindowMessageA
ChildWindowFromPointEx
SendMessageTimeoutA
IsChild
SetForegroundWindow
ReleaseCapture
SetWindowPos
GetMenuState
CreatePopupMenu
CreateMenu
GetSysColorBrush
GetSystemMetrics
FillRect
GetWindow
IsZoomed
GetClassNameA
IsMenu
GetNextDlgTabItem
GetNextDlgGroupItem
GetIconInfo
TabbedTextOutA
GrayStringA
GetClassInfoA
SetRectEmpty
IntersectRect
SetFocus
GetWindowTextA
DrawEdge
ShowScrollBar
GetCursor
MessageBeep
SetActiveWindow
GetMenuItemInfoA
InvertRect

gdi32

RectVisible
TextOutA
PtVisible
FrameRgn
PathToRegion
Arc
GetCurrentObject
GetTextAlign
LPtoDP
EndPath
BeginPath
SetDIBitsToDevice
CreateDIBitmap
GetRgnBox
FillRgn
PatBlt
SetStretchBltMode
SelectPalette
RealizePalette
GetPaletteEntries
GetDIBits
SetTextColor
SetMapMode
GetTextColor
CreateBitmap
GetPixel
SetBkColor
ExtTextOutA
SelectClipRgn
GetTextMetricsA
CreateRectRgnIndirect
CreateRectRgn
OffsetRgn
Rectangle
GetDeviceCaps
GetROP2
CreateFontIndirectA
Polygon
CreateDIBSection
ExtCreateRegion
CombineRgn
DeleteDC
GetTextExtentPoint32A
CreateRoundRectRgn
CreateSolidBrush
CreatePen
CreateFontA
CreateCompatibleBitmap
GetStockObject
CreateCompatibleDC
SelectObject
StretchBlt
BitBlt
GetObjectA
DeleteObject
Ellipse
GetTextExtentPoint32W
GetBkMode
CreatePolygonRgn
CreatePatternBrush
GetRegionData
LineDDA
GetBkColor
GetDIBColorTable
CreatePalette
CreateHalftonePalette
Escape
SetPixel

comdlg32

CommDlgExtendedError

advapi32

RegCloseKey
RegQueryValueExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegOpenKeyExA

shell32

SHAppBarMessage
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA
DragQueryFileA
DragFinish
SHBrowseForFolderA
SHGetPathFromIDListA

comctl32

ImageList_GetImageCount
_TrackMouseEvent
ImageList_GetIcon
ImageList_Draw
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_GetImageInfo
ImageList_Remove

ole32

OleCreate
OleSetContainedObject
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
RevokeDragDrop
OleRun
CoCreateInstance
CoInitialize
StgCreateDocfileOnILockBytes

olepro32

ord251

oleaut32

SafeArrayCreateVector
SystemTimeToVariantTime
GetErrorInfo
SysFreeString
SysAllocStringLen
SysStringLen
VariantInit
SysAllocStringByteLen
VariantClear
SysStringByteLen
SysAllocString
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData

gdiplus

GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreateFromHDC
GdipDrawImageRectI
GdipDeleteBrush
GdipDisposeImage
GdipFree
GdipLoadImageFromStreamICM
GdiplusShutdown
GdiplusStartup
GdipCloneImage
GdipCloneBrush
GdipAlloc
GdipImageSelectActiveFrame
GdipFillRectangleI
GdipDeleteGraphics
GdipCreateSolidFill

msimg32

TransparentBlt

voice

?StopVoiceProcess@@YAXPAUtagVOICEPROCESS@@@Z
?IsVoiceBusy@@YAHXZ
?DelayCapture@@YAKPAXK@Z
?StartVoiceProcess@@YAPAUtagVOICEPROCESS@@PAUtWAVEFORMATEX@@KKKKKJP6GKPAUtagVOICECAPTUREDATA@@K@ZKP6GKPAXK0KK@ZKHK@Z
?AddVoiceData@@YAKPAX0KK_JK@Z

glp2pcomm

DisConnect
SendDataDirect
InitUDPSocket
RegisterCallBackFunc

ofcatchscreen

Show
RegisterCallBackFun

shlwapi

UrlEscapeA

winmm

PlaySoundA

dsound

ord6

Sections

.text
Size: 848KB - Virtual size: 846KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0e627eff562d654a52a776b25173e2e7

Headers

File Characteristics

Imports

ws2_32

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

gdiplus

msimg32

voice

glp2pcomm

ofcatchscreen

shlwapi

winmm

dsound

Sections

.text Size: 848KB - Virtual size: 846KB

.rdata Size: 128KB - Virtual size: 125KB

.data Size: 24KB - Virtual size: 59KB

.sxdata Size: 4KB - Virtual size: 16B

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 848KB - Virtual size: 846KB

.rdata
Size: 128KB - Virtual size: 125KB

.data
Size: 24KB - Virtual size: 59KB

.sxdata
Size: 4KB - Virtual size: 16B

.rsrc
Size: 100KB - Virtual size: 100KB