22703d04b41354fb26523b2ddb576bc7a87707c1bd6fd172b88b0bac769767b4

Sharing

Copy URL

Twitter E-mail

General

Target

22703d04b41354fb26523b2ddb576bc7a87707c1bd6fd172b88b0bac769767b4
Size

893KB
MD5

3c35fade96cd77b4c4789f85af1bc3d9
SHA1

083bacc0dcf97cd6796ae739c2bdbfc8539de8ba
SHA256

22703d04b41354fb26523b2ddb576bc7a87707c1bd6fd172b88b0bac769767b4
SHA512

f13a20c7072a79babf35e5fe0ee9039e63f302be2f0c0c2f54fd96c8fbac33a6aa3ee150a4b73d96ba9be1ebefcde969fe4feb3b3f05bc949216173dbaee73e2
SSDEEP

6144:McDDgRQldaD0XGfGNGsOujr54jGGFTF+EEbEEOwXouNBhVuwULxoXug:McXgRQ4fOQtTF+EEbEEOwXo2BhVu39ob

Score

N/A

Malware Config

Signatures

Files

22703d04b41354fb26523b2ddb576bc7a87707c1bd6fd172b88b0bac769767b4
.exe windows x86

1a7dfea78ecb3042b10b06615efe7eda

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crlutl

_UNITConvToUnitAndString@24
?UTLLocateExceptionMapEntry@@YGHHPAUHWND__@@HAAK@Z
_UTLShowHelp@20
_UTLStandardHelpButton@12
_UTLStandardHelp@20
_UTLStandardContextMenu@20
_UTLLoadString@4
?UTLInitialize@@YGXXZ
?UTLUninitialize@@YGXXZ
?INIInitCommonIniFile@@YAHXZ
?GetUserProfileConfigDir@@YAHPA_W@Z
_UTLFindHelpFile@8
?GetInst@IGLB_UILanguageW@@SAAAV1@XZ

crli18n

_CorGetCharSet@0
_CorIsFarEastWindow@0
?SetFromUnicode@CGlbChar@@QAGHQB_WI@Z

crlctl

??1WCmnUI_Dialog@@UAE@XZ
?SetNumDecimalPlaces@WUnitSpinBase@@QAEXI@Z
??0WSpinCtrl@@QAE@XZ
??1WSpinCtrl@@UAE@XZ
?GetThisMessageMap@WCmnUI_PropertyPage@@KGPBUAFX_MSGMAP@@XZ
??0WCmnUI_PropertyPage@@QAE@IIK@Z
??1WCmnUI_PropertyPage@@UAE@XZ
?GetThisClass@WCmnUI_PropertyPage@@SGPAUCRuntimeClass@@XZ
?GetThisMessageMap@WCmnUI_PropertySheet@@KGPBUAFX_MSGMAP@@XZ
??0WCmnUI_PropertySheet@@QAE@IPAVCWnd@@I@Z
?AddPage@WCmnUI_PropertySheet@@QAEXPAVCPropertyPage@@@Z
?OnInitDialog@WCmnUI_PropertySheet@@UAEHXZ
??1WCmnUI_PropertySheet@@UAE@XZ
?GetThisClass@WCmnUI_PropertySheet@@SGPAUCRuntimeClass@@XZ
?BuildPropPageArray@WCmnUI_PropertySheet@@UAEXXZ
?PreTranslateMessage@WCmnUI_PropertySheet@@UAEHPAUtagMSG@@@Z
??0WCmnUI_PropertySheet@@QAE@XZ
?UTLGetNumDisplayColors@@YGJXZ
??0WCmnUI_Dialog@@QAE@IPAVCWnd@@@Z
?GetParentFrameOrDialog@WCmnUI_Dialog@@MAEPAVCWnd@@XZ
?GetThisMessageMap@WCmnUI_Dialog@@KGPBUAFX_MSGMAP@@XZ

mfc80u

ord1479
ord2895
ord6111
ord282
ord6700
ord1079
ord1086
ord3677
ord4461
ord4463
ord490
ord566
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord776
ord5379
ord6063
ord4026
ord5221
ord6248
ord5113
ord1488
ord956
ord5995
ord547
ord4025
ord1049
ord593
ord1117
ord1121
ord334
ord3624
ord3596
ord2686
ord3533
ord3657
ord705
ord1139
ord4264
ord4476
ord2831
ord6039
ord5931
ord2762
ord3034
ord4216
ord1917
ord4736
ord4850
ord4254
ord5492
ord2736
ord5408
ord1371
ord5153
ord2042
ord2007
ord6234
ord2616
ord2610
ord4561
ord2819
ord3380
ord3029
ord973
ord5461
ord6241
ord3096
ord4916
ord2998
ord2541
ord4021
ord5600
ord4519
ord4481
ord5380
ord4989
ord4247
ord4886
ord4455
ord2665
ord4911
ord4326
ord4329
ord4363
ord4910
ord4888
ord4803
ord4496
ord1663
ord1945
ord4841
ord2751
ord4703
ord4737
ord4851
ord4702
ord578
ord300
ord1472
ord1189
ord2297
ord1172
ord2250
ord1123
ord2132
ord487
ord5590
ord1533
ord5316
ord6282
ord1177
ord313
ord287
ord4029
ord310
ord2027
ord3585
ord565
ord4267
ord1352
ord3338
ord5147
ord3968
ord4855
ord4858
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4771
ord4175
ord4166
ord4974
ord4775
ord4198
ord2239
ord4437
ord4438
ord756
ord5170
ord4145
ord4585
ord6225
ord6227
ord3676
ord860
ord3927
ord896
ord6232
ord1396
ord777
ord3922
ord1782
ord1784
ord3155
ord1058
ord1270
ord5633
ord5609
ord2651
ord347
ord2066
ord3525
ord704
ord697
ord468
ord480
ord471
ord4259
ord4271
ord1297
ord2164
ord5205
ord5144
ord3939
ord1548
ord4016
ord2418
ord2419
ord2986
ord5356
ord940
ord4898
ord2933
ord4129
ord4303
ord5006
ord5003
ord2609
ord1904
ord2237
ord4305
ord4306
ord5494
ord4892
ord1322
ord1950
ord2823
ord4836
ord694
ord5373
ord4296
ord5161
ord3654
ord3460
ord395
ord5201
ord4013
ord5352
ord635
ord4293
ord3642
ord4266
ord1512
ord4274
ord1573
ord4109
ord2422
ord3126
ord3534
ord488
ord4479
ord2936
ord2854
ord3906
ord4973
ord4387
ord4878
ord4369
ord4865
ord4504
ord4798
ord5011
ord4732
ord4551
ord4579
ord4827
ord4822
ord4817
ord4875
ord2990
ord4852
ord706
ord2366
ord589
ord330
ord4512
ord6058
ord3756
ord774
ord4861
ord620
ord591
ord4714
ord5207
ord4730
ord4207
ord4184
ord4838
ord4611
ord4791
ord5064
ord5065
ord6744
ord5829
ord4119
ord3165
ord2985
ord4228
ord1538
ord2080
ord4092
ord1474
ord1922
ord3189
ord1883
ord1785
ord5699
ord2893
ord290
ord2421
ord2160
ord6115
ord1765
ord3753
ord775
ord2155
ord587
ord280
ord3983
ord6086
ord5066
ord2340
ord2362
ord2361
ord602
ord1176
ord1571
ord5327
ord6293
ord4072
ord3158
ord4226
ord1536
ord2077
ord283
ord268
ord746
ord5398
ord2460
ord3451
ord380
ord6747
ord3151
ord1534
ord1626
ord583
ord4027
ord1386
ord1178
ord1182
ord3590
ord1156
ord4574
ord5178
ord4206
ord4729
ord4884
ord1662
ord1661
ord1542
ord6720
ord5908
ord1392
ord5199
ord4256
ord3176
ord757
ord701
ord762
ord2011
ord3678
ord501
ord709
ord760
ord6721
ord5911
ord1611
ord1608
ord3940
ord1393
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord5210
ord3397
ord4716
ord4276
ord1591
ord5956
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4255
ord3331
ord572
ord5640
ord326
ord502
ord5636
ord5637
ord2121
ord3249
ord1271
ord3280
ord3157
ord3281
ord1925
ord293
ord2311
ord870
ord1118
ord577
ord3204
ord265
ord266
ord764
ord4784
ord1198

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_CIsin
_CIcos
__CxxFrameHandler3
_purecall
_CIacos
_wcsdup
free
memset
sprintf
atof
_CxxThrowException
strncpy
_wtoi
atoi
isdigit
strncat
atol
wcsncmp
wcsrchr
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wsplitpath
malloc
wcsncpy
calloc
_waccess
memcpy_s
_recalloc
_resetstkoflw
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
?terminate@@YAXXZ
_crt_debugger_hook

kernel32

GetPrivateProfileStructA
WritePrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStructA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapFree
GetProcessHeap
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntA
WideCharToMultiByte
lstrlenW
CreateEventW
GetCurrentProcessId
GetModuleHandleA
GetModuleHandleW
CloseHandle
GetProcAddress
GetFileAttributesW
GetVersion
GlobalDeleteAtom
GlobalFindAtomW
ReleaseMutex
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
FreeLibrary
SetUnhandledExceptionFilter
GetUserDefaultLCID
GetACP
GetFileSize
OutputDebugStringW
ReadFile
CreateFileW
lstrcmpiW
lstrcpyW
InterlockedExchange
LeaveCriticalSection
EnterCriticalSection
Sleep
InterlockedCompareExchange
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
WaitForSingleObject
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime

user32

UpdateLayeredWindow
IsWindow
EndDialog
RedrawWindow
FindWindowW
BeginPaint
EndPaint
IsRectEmpty
InflateRect
SetWindowTextW
SetRect
DrawTextW
LoadStringW
GetWindowLongW
AdjustWindowRect
SetWindowPos
OffsetRect
CreateDialogParamW
DestroyWindow
LoadCursorW
DdeNameService
DdeUninitialize
PostThreadMessageW
GetSysColor
FillRect
CopyRect
MessageBeep
GetDlgCtrlID
GetClassNameA
GetParent
WindowFromDC
GetWindowRect
LoadBitmapW
SendDlgItemMessageW
LoadStringA
PostMessageW
LoadIconW
SendMessageW
GetWindowTextW
EnableWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDesktopWindow
UpdateWindow
InvalidateRect
GetSystemMetrics
GetClientRect
ReleaseDC
GetDC
ShowWindow

gdi32

CreateDIBSection
SetDIBColorTable
SelectPalette
SetBkColor
TextOutW
RectVisible
DeleteDC
CreateFontIndirectW
GetStockObject
GetNearestColor
Rectangle
StretchDIBits
EnumFontFamiliesW
GetCurrentObject
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
GetObjectW
PatBlt
CreateEnhMetaFileW
SetWindowOrgEx
CloseMetaFile
CreateSolidBrush
SaveDC
SetMapMode
SetWindowExtEx
SetViewportExtEx
GetTextMetricsW
GetTextExtentPoint32A
RestoreDC
SetBkMode
SetTextColor
SetTextAlign
TextOutA
RealizePalette
GetDeviceCaps
CreatePalette
CreateFontW
GetTextFaceW
Polygon
LPtoDP
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject

gdiplus

GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipGetImageGraphicsContext
GdipDrawImageI
GdipCloneImage
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetImagePixelFormat

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a7dfea78ecb3042b10b06615efe7eda

Headers

File Characteristics

Imports

crlutl

crli18n

crlctl

mfc80u

msvcr80

kernel32

user32

gdi32

gdiplus

Sections

.text Size: 180KB - Virtual size: 179KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 648KB - Virtual size: 648KB

.text
Size: 180KB - Virtual size: 179KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 648KB - Virtual size: 648KB