ad0a5546cc4bc65bb560f29ee15c6488440c79c4722f86a2eb9e8587aca514e8

Sharing

Copy URL Twitter E-mail

General

Target

ad0a5546cc4bc65bb560f29ee15c6488440c79c4722f86a2eb9e8587aca514e8
Size

2.9MB
MD5

1ad94bd10c9db037b5697780eeaace38
SHA1

3d42136356882d29a31abe075cb107cf79859eb9
SHA256

ad0a5546cc4bc65bb560f29ee15c6488440c79c4722f86a2eb9e8587aca514e8
SHA512

00d43144210b0163776512917ecce15ce41e84d036435992f823a1640d8a85d85012da71ee9b3c07da94b6c828d389a727344c85c4a934cf158f645586fb857e
SSDEEP

24576:zGdRtKDekoeDqvSjj5S4H13PBPsw9GuKFoK64:zcR0qkoeDJj04V35PscbB4

Score

N/A

Malware Config

Signatures

Files

ad0a5546cc4bc65bb560f29ee15c6488440c79c4722f86a2eb9e8587aca514e8
.exe windows x86

239bc03023ac61aa55d45c38c78996fe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdiplus

GdiplusStartup
GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdipDisposeImage
GdipAlloc
GdipFree
GdipDrawImageRectI
GdipCreateFromHDC
GdipCloneImage
GdipCreateBitmapFromStream
GdipDeleteGraphics

mfc71

ord2991
ord4261
ord3315
ord572
ord2168
ord4125
ord709
ord602
ord2075
ord347
ord501
ord1084
ord2368
ord1279
ord5637
ord2372
ord1903
ord1063
ord908
ord865
ord2902
ord1916
ord266
ord783
ord265
ord4035
ord304
ord2322
ord3934
ord911
ord907
ord300
ord297
ord1489
ord6118
ord299
ord2933
ord781
ord762
ord1482
ord3677
ord1564
ord1280
ord2875
ord1651
ord1595
ord6014
ord4198
ord3929
ord5355
ord3987
ord1912
ord2081
ord2077
ord2039
ord1352
ord4991
ord1345
ord1351
ord5145
ord6269
ord5202
ord2402
ord4966
ord5161
ord1962
ord3325
ord651
ord751
ord416
ord562
ord6009
ord5740
ord784
ord4115
ord3401
ord5739
ord2478
ord1470
ord3161
ord3210
ord1934
ord4041
ord2370
ord1053
ord3684
ord3423
ord2086
ord1545
ord4232
ord587
ord3164
ord3576
ord2095
ord1591
ord4240
ord741
ord6065
ord5642
ord6067
ord6037
ord2264
ord2430
ord3761
ord3317
ord3665
ord3549
ord1298
ord2034
ord620
ord3105
ord508
ord1794
ord1781
ord1880
ord1873
ord6017
ord5634
ord2263
ord5888
ord2367
ord1731
ord4734
ord4211
ord3302
ord1554
ord3195
ord754
ord591
ord1892
ord1790
ord2164
ord2657
ord5563
ord5529
ord5613
ord874
ord280
ord577
ord900
ord287
ord293
ord283
ord2867
ord2130
ord5528
ord3933
ord903
ord3848
ord1488
ord2901
ord282
ord2932
ord6115
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord3171
ord1654
ord1598
ord2987
ord3328
ord3883
ord5868
ord2595
ord3916
ord1291
ord457
ord5396
ord3668
ord3553
ord1327
ord4583
ord2036
ord1582
ord5212
ord4280
ord1521
ord4272
ord721
ord980
ord524
ord526
ord715
ord1643
ord1581
ord3292
ord1486
ord1024
ord5744
ord3406
ord2494
ord1091
ord4508
ord1397
ord6266
ord1933
ord1484
ord4096
ord2087
ord1546
ord4233
ord922
ord2389
ord2412
ord2407
ord2941
ord3167
ord657
ord4099
ord2091
ord1570
ord4237
ord3229
ord3645
ord3450
ord4566
ord2614
ord2621
ord6238
ord2016
ord5156
ord5592
ord5412
ord2742
ord5495
ord1922
ord4222
ord3040
ord2768
ord5934
ord6043
ord2838
ord4482
ord4264
ord616
ord368
ord4705
ord6231
ord4474
ord1379
ord3088
ord2021
ord2271
ord2272
ord3849
ord3056
ord3997
ord4257
ord1917
ord5420
ord313
ord2049
ord6138
ord5403
ord2292
ord1198
ord3295
ord5444
ord530
ord722
ord6005
ord1185
ord5714
ord1308
ord2176
ord1191
ord1187
ord3174
ord747
ord559
ord3653
ord3499
ord1572
ord2246
ord1913
ord2615
ord5009
ord5013
ord4135
ord2940
ord5214
ord944
ord5356
ord2992
ord2425
ord2424
ord4020
ord1557
ord3945
ord5148
ord1904
ord2173
ord1306
ord4277
ord1963
ord740
ord748
ord552
ord430
ord635
ord5168
ord5010
ord4300
ord5766
ord4929
ord4450
ord3076
ord5705
ord6090
ord4309
ord5207
ord4265
ord2098
ord1650
ord1594
ord4243
ord2983
ord3324
ord3881
ord4472
ord4471
ord3672
ord3567
ord3740
ord4444
ord4790
ord4776
ord4386
ord4401
ord4399
ord4381
ord4384
ord4379
ord4863
ord3974
ord5151
ord3344
ord1360
ord4273
ord732
ord544
ord5174
ord5988
ord6091
ord2044
ord4591
ord2320
ord5640
ord326
ord5620
ord2632
ord5641
ord502
ord3351
ord4172
ord6144
ord3350
ord1968
ord5759
ord1339
ord458
ord4306
ord4181
ord4935
ord4860
ord3287
ord3163
ord4123
ord4001
ord4100
ord2094
ord3244
ord1955
ord2371
ord1283
ord2019
ord333
ord1395
ord4473
ord3683
ord4095
ord4038
ord4014
ord6278
ord3801
ord4326
ord2063
ord5583
ord3806
ord1010
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5566
ord4481
ord593
ord5119
ord334
ord959
ord437
ord4031
ord5975
ord1054
ord1122
ord1126
ord3830
ord630
ord385
ord5102
ord5213
ord3321
ord557
ord745
ord5446
ord3866
ord6006
ord3864
ord1181
ord5320
ord1159
ord6286
ord1211
ord6003
ord5712
ord5716
ord2306
ord2259
ord777
ord4109
ord1791
ord1793
ord2160
ord2131
ord4353
ord1425
ord3654
ord3500
ord3757
ord1604
ord1914
ord5014
ord2939
ord943
ord2426
ord4021
ord1905
ord5208
ord742
ord553
ord431
ord5929
ord1469
ord5859
ord2003
ord2145
ord1207
ord4299
ord4594
ord4278
ord5011
ord5169
ord4310
ord4267
ord4250
ord3642
ord3442
ord1552
ord4196
ord4986
ord1347
ord5913
ord606
ord357
ord1343
ord3667
ord3552
ord5071
ord5072
ord5070
ord4797
ord4617
ord4867
ord4844
ord4213
ord4736
ord5211
ord4720
ord718
ord516

msvcr71

abs
strlen
malloc
_mbsicmp
_strdup
free
_except_handler3
__RTDynamicCast
_mbscmp
_findfirst
_findnext
_findclose
_splitpath
atoi
memcmp
_purecall
memcpy
sscanf
_mbstok
memset
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
__CxxFrameHandler
atof
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
_setmbcp
??0bad_cast@@QAE@PBD@Z
_makepath
fclose
fgets
fopen
_mbsrchr
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_controlfp
sprintf
memmove
tolower
_mbsnbcpy
_mbsstr
strncpy
strncmp
strcat
_wcslwr
_mbschr
strtoul
_stricmp
_amsg_exit
_acmdln
exit
_cexit
strcmp
_strupr
_findfirsti64
_stat
??1type_info@@UAE@XZ
__security_error_handler
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead

kernel32

GetEnvironmentVariableA
lstrlenW
WideCharToMultiByte
GetVersion
lstrcmpiA
lstrlenA
SetThreadLocale
GlobalFree
LockResource
LoadResource
FindResourceA
SizeofResource
lstrcpyA
GetWindowsDirectoryA
WinExec
lstrcatA
IsBadReadPtr
GetSystemDefaultLangID
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FormatMessageA
LocalFree
InterlockedDecrement
InterlockedIncrement
Sleep
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WaitForSingleObject
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalUnlock
GlobalLock
GlobalAlloc
ResumeThread
GetModuleFileNameA
SetCurrentDirectoryA
GetLastError
GetCurrentDirectoryA

user32

GetWindowRect
SendMessageA
InvalidateRect
ReleaseCapture
EnableWindow
GetClientRect
SetCursor
MessageBoxA
GetCapture
SetCapture
LoadCursorA
LoadImageA
GetWindowLongA
PostMessageA
GetParent
GetSysColor
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
BringWindowToTop
IsWindowVisible
GetWindow
GetKeyState
GetSystemMetrics
ReleaseDC
GetDC
SetWindowTextA
MapDialogRect
SetWindowLongA
MessageBeep
DrawTextA
DrawFocusRect
CopyIcon
DestroyCursor
InflateRect
ModifyMenuA
GetDlgCtrlID
IsWindowEnabled
IsDialogMessageA
GetClassNameA
GetWindowTextA
AdjustWindowRect
GetSysColorBrush
DestroyWindow
IsRectEmpty
IsMenu
GetMenu
IsChild
WinHelpA
GetFocus
DestroyIcon
SetCursorPos
InvertRect
SetRectEmpty
CopyRect
IsZoomed
IsIconic
GetWindowPlacement
SystemParametersInfoA
KillTimer
SetTimer
GetMenuItemID
GetMenuItemCount
AppendMenuA
DeleteMenu
CreatePopupMenu
CreateMenu
IsWindow
ShowWindow
SetWindowPos
LoadIconA
UpdateWindow
GetDesktopWindow
RedrawWindow
ScreenToClient
ClientToScreen
LoadMenuA
GetSubMenu
OffsetRect
SetRect
PtInRect
GetCursorPos

gdi32

SelectObject
SetTextJustification
TextOutA
SetDIBitsToDevice
GetTextFaceA
CreateFontA
SelectPalette
CreateDIBitmap
CreatePalette
ExtTextOutA
RealizePalette
CreateCompatibleBitmap
CreateFontIndirectA
Arc
CreateDIBSection
ExtFloodFill
SetPixel
GetPixel
CreateBitmap
GetObjectA
StretchBlt
GetDeviceCaps
CreateRectRgn
DeleteDC
DeleteObject
GetTextExtentPoint32A
GetStockObject
BitBlt
CreateCompatibleDC
GetTextExtentPointA

advapi32

RegCreateKeyExA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegDeleteKeyA
RegQueryValueA
RegSetValueExA

shell32

ShellExecuteA
DragAcceptFiles
DragQueryFileA
DragFinish
ShellExecuteExA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ExtractIconExA

comctl32

ord17
ImageList_GetImageCount
ImageList_Remove
ImageList_ReplaceIcon
ImageList_AddMasked

shlwapi

PathRemoveFileSpecA

ole32

CoTaskMemFree
StringFromIID
IIDFromString
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString

msvcp71

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1locale@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Register@facet@locale@std@@QAEXXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
??0_Lockit@std@@QAE@H@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0locale@std@@QAE@XZ
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@V312@G@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IABV12@@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIG@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBG@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIABV12@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?at@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?is@?$ctype@G@std@@QBE_NFG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

239bc03023ac61aa55d45c38c78996fe

Headers

File Characteristics

Imports

gdiplus

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp71

version

Sections

.text Size: 264KB - Virtual size: 262KB

.rdata Size: 100KB - Virtual size: 97KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

.text Size: 60KB - Virtual size: 60KB

.text
Size: 264KB - Virtual size: 262KB

.rdata
Size: 100KB - Virtual size: 97KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

.text
Size: 60KB - Virtual size: 60KB