457d2dea09cca57818d56559b72141e4613f5e59a070d8624c86473c317c06b8

Sharing

Copy URL Twitter E-mail

General

Target

457d2dea09cca57818d56559b72141e4613f5e59a070d8624c86473c317c06b8
Size

1.2MB
MD5

22722fa8ec569881fd46f15d43d6cf60
SHA1

dbfca5d53f9d272671ff1025380706f629adf17a
SHA256

457d2dea09cca57818d56559b72141e4613f5e59a070d8624c86473c317c06b8
SHA512

7e689b024be68ba9f384cf0503089828a119609b613c4cc83eebdc87b44d2014bbd2f8597452e1aa76394aaff6b7078bbed49d976d83eb0d1fc7398ef0af5f84
SSDEEP

24576:F2Y18cBino8rPz8Lgf4t1jIH3N71UjYPIKbANFt9sqJ6:KcB58rPz8Lgf6IXynKbALtWg6

Score

N/A

Malware Config

Signatures

Files

457d2dea09cca57818d56559b72141e4613f5e59a070d8624c86473c317c06b8
.exe windows x86

3e0063fde17040f468ea480be7337fd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crt

ord41
ord28
ord84
ord70
ord8
ord30
ord96
ord29
ord9
ord11
ord67
ord10
ord2
ord1
ord99
ord24
ord79
ord88
ord85
ord6
ord3
ord95
ord27
ord25
ord7
ord82
ord91
ord32
ord86

api

ord6
ord34
ord16
ord29
ord2
ord30
ord19
ord8
ord10
ord9
ord7
ord13
ord11
ord28
ord24
ord25

http

ord12
ord1

ral

ord9
ord1
ord2
ord10
ord11

gdiplus

GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipDrawImageRectRect
GdipFlush
GdipGetImageEncoders
GdipGetImageHeight
GdipGetImageEncodersSize
GdipFillRectangle
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipReleaseDC
GdipDrawImagePointRectI
GdipLoadImageFromFile
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillPolygonI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawPolygonI
GdipSetPenLineJoin
GdipDeletePen
GdipCreatePen1
GdipCreateHBITMAPFromBitmap
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSaveGraphics
GdipDrawImageRect
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipDeleteGraphics
GdipSaveImageToFile

psapi

GetModuleBaseNameW

diag

ord1
ord2

crash

ord1
ord3
ord4
ord9
ord2

dzip

ord1

wxsqlite3

sqlite3_step
sqlite3_reset
sqlite3_prepare16_v2
sqlite3_column_text16
sqlite3_column_int64
sqlite3_column_int
sqlite3_finalize
sqlite3_free
sqlite3_mprintf
sqlite3_key
sqlite3_exec
sqlite3_errmsg
sqlite3_open16
sqlite3_close

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeSListHead
InterlockedPopEntrySList
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SetThreadContext
GetThreadContext
ResumeThread
SuspendThread
InterlockedCompareExchange
GlobalReAlloc
GetFileSize
lstrcmpiA
ResetEvent
GetTempPathW
CreateDirectoryW
TerminateThread
WritePrivateProfileStringW
LoadLibraryExW
lstrcmpW
GetPrivateProfileStringW
GlobalFree
FreeResource
GetCurrentThread
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
GetSystemDirectoryW
GetVersionExW
GetTickCount
lstrcpyW
InterlockedIncrement
InterlockedPushEntrySList
IsProcessorFeaturePresent
DecodePointer
EncodePointer
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapDestroy
InterlockedDecrement
CreateEventW
OpenEventW
GetCurrentProcessId
GetLastError
CreateMutexW
SetEvent
OutputDebugStringW
FreeLibrary
LoadLibraryW
DeleteFileW
WriteFile
RaiseException
SetLastError
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
ReadFile
lstrcmpiW
GetSystemInfo
GetModuleHandleW
GetProcAddress
CreateFileW
lstrlenA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
lstrlenW
GetLocalTime
lstrcpynW
SystemTimeToFileTime
LocalFileTimeToFileTime
GetModuleFileNameW
CreateProcessW
WaitForSingleObject
CloseHandle
MultiByteToWideChar
WideCharToMultiByte

user32

DestroyAcceleratorTable
GetFocus
IntersectRect
IsRectEmpty
SetRectEmpty
FillRect
SetRect
DrawTextW
AnimateWindow
EndPaint
BeginPaint
ReleaseDC
GetDC
MsgWaitForMultipleObjects
CopyRect
InflateRect
PtInRect
ReleaseCapture
OffsetRect
SetCapture
ScreenToClient
SetLayeredWindowAttributes
PostThreadMessageW
GetCursorPos
IsWindowEnabled
EnableMenuItem
GetDesktopWindow
InvalidateRgn
CreateAcceleratorTableW
CharNextW
GetSysColor
GetWindow
IsChild
IsDialogMessageW
MapWindowPoints
ModifyMenuW
CheckMenuRadioItem
DeleteMenu
MonitorFromPoint
TrackPopupMenu
DestroyMenu
GetSubMenu
SetMenuInfo
LoadMenuW
KillTimer
FindWindowExW
LoadIconW
GetKeyState
RedrawWindow
GetClassNameW
EqualRect
GetWindowRect
GetForegroundWindow
DestroyWindow
GetSystemMetrics
GetMonitorInfoW
GetMenuInfo
GetClassNameA
CallNextHookEx
SetWindowsHookExW
SetPropA
UnhookWindowsHookEx
GetMenuItemInfoW
SetWindowTextA
FindWindowA
GetWindowDC
GetPropA
GetMenuItemID
GetMenuItemCount
GetSystemMenu
EndDialog
DialogBoxParamW
IsZoomed
BringWindowToTop
MessageBoxW
GetWindowThreadProcessId
SetParent
SetPropW
PostQuitMessage
EnumChildWindows
WindowFromPoint
EnableWindow
OpenClipboard
GetClipboardData
CloseClipboard
PrintWindow
SetWindowRgn
WaitForInputIdle
SetMenuItemInfoW
RemoveMenu
GetMenuState
MonitorFromWindow
SetForegroundWindow
GetPropW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadImageW
SetTimer
CreateWindowExW
GetClassInfoExW
RegisterClassExW
SetFocus
GetClientRect
UpdateWindow
SetWindowTextW
IsWindow
GetWindowTextLengthW
GetWindowTextW
InvalidateRect
PostMessageW
LoadCursorW
SetCursor
GetParent
CallWindowProcW
DefWindowProcW
GetWindowLongW
GetDlgItem
SystemParametersInfoW
SetWindowLongW
SetWindowPos
IsWindowVisible
ShowWindow
IsIconic
SendMessageW
FindWindowW
SendMessageTimeoutW
RegisterWindowMessageW
wsprintfW
DrawIconEx
ClientToScreen
GetShellWindow
UnregisterClassW
MoveWindow

gdi32

SetBkColor
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
Rectangle
GetTextExtentPoint32W
CreatePen
EnumFontFamiliesW
EnumFontFamiliesExW
CreateFontIndirectW
DPtoLP
GetObjectW
GetStockObject
MoveToEx
LineTo
CreateDIBSection
GetClipBox
ExcludeClipRect
StretchBlt
GetPixel
GetRgnBox
CreateDCW
SelectPalette
RealizePalette
GetDIBits
CreateDIBitmap
ExtCreateRegion
CombineRgn
SetBkMode
GetDeviceCaps
SetTextColor
CreateSolidBrush
DeleteObject
ExtTextOutW
DeleteDC

advapi32

RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW

shell32

ShellExecuteExW
SHAppBarMessage
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoTaskMemRealloc
CoCreateGuid
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
OleInitialize
CLSIDFromString
CLSIDFromProgID
OleLockRunning
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
CoGetClassObject
CoUninitialize
CoLoadLibrary
CoFreeLibrary
CreateStreamOnHGlobal
PropVariantClear
StringFromGUID2
CoCreateInstance
CoInitialize

oleaut32

SysStringByteLen
SysAllocString
VarUI4FromStr
VariantCopy
VarBstrCmp
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
DispCallFunc
SysFreeString
SysAllocStringByteLen
VariantTimeToSystemTime
VariantChangeType
VariantClear
VariantInit
SysStringLen
SysAllocStringLen

shlwapi

SHDeleteKeyW
SHSetValueW
StrStrIW
SHStrDupW
wnsprintfW
PathRemoveFileSpecW
PathFileExistsW
SHGetValueW
PathAppendW
StrStrW
PathIsDirectoryW
PathFindFileNameW
StrCmpW
UrlEscapeW
StrStrIA
StrChrIW
StrCmpIW

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

TransparentBlt

urlmon

CoGetClassObjectFromURL
URLDownloadToFileW

msvcp110

??0_Lockit@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1_Lockit@std@@QAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
??1_Container_base12@std@@QAE@XZ
?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

msvcr110

fclose
fread
ftell
fseek
iswspace
_beginthreadex
atoi
atol
memchr
wcsncpy_s
wcscpy_s
swscanf
_time64
_except_handler3
_mktime64
_wtof
_vsnwprintf_s
malloc
free
isspace
isalnum
swprintf_s
_recalloc
_wtoi64
_wfopen_s
_purecall
memmove
wcsrchr
_wpgmptr
_wtol
??_V@YAXPAX@Z
??2@YAPAXI@Z
_wcslwr_s
wcsstr
wcschr
_wtoi
swscanf_s
_wcsicmp
_vscwprintf
vswprintf_s
wmemcpy_s
memmove_s
wcsnlen
memcpy_s
sprintf_s
_snwprintf
_mbslwr_s
strpbrk
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
sscanf
memcpy
memset
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
?terminate@@YAXXZ
__CxxFrameHandler3
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
??3@YAXPAX@Z
_CxxThrowException
__RTDynamicCast

winmm

timeKillEvent

ws2_32

recv
closesocket
send

Sections

.text
Size: 919KB - Virtual size: 918KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 100KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3e0063fde17040f468ea480be7337fd0

Headers

DLL Characteristics

File Characteristics

Imports

crt

api

http

ral

gdiplus

psapi

diag

crash

dzip

wxsqlite3

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

urlmon

msvcp110

msvcr110

winmm

ws2_32

Sections

.text Size: 919KB - Virtual size: 918KB

.rdata Size: 259KB - Virtual size: 258KB

.data Size: 100KB - Virtual size: 104KB

.text
Size: 919KB - Virtual size: 918KB

.rdata
Size: 259KB - Virtual size: 258KB

.data
Size: 100KB - Virtual size: 104KB