ee30b1252ee48371232ed0eb175f1121060b8ed0404972600c55d59e3f173548

Sharing

Copy URL

Twitter E-mail

General

Target

ee30b1252ee48371232ed0eb175f1121060b8ed0404972600c55d59e3f173548
Size

472KB
MD5

36984516123ec037cfe2d413a4336345
SHA1

8f91ec81e42043102e1e29d75ba43b478e7d9251
SHA256

ee30b1252ee48371232ed0eb175f1121060b8ed0404972600c55d59e3f173548
SHA512

7b3207c5a1a520e31f52b9cf8947cd5d1615f5cb9eb8566a668a0a7a030995e0fcbe79fc1b00681dcddda0a302905d04a2a50145ae8a68729dafde0b0d7db498
SSDEEP

3072:ZZs1ycTJlca6Wlfuq+7gsBPTy08sreD4ojOJVIbisGlgQRK5URn2FPlBBBBB2RW:whcw+bPFzu4AQVIH2gQRjgVK

Score

N/A

Malware Config

Signatures

Files

ee30b1252ee48371232ed0eb175f1121060b8ed0404972600c55d59e3f173548
.exe windows x86

4f94d49c44202d4af1840b5ecf7b369a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
WriteFile
LocalFree
FormatMessageA
CreateEventA
OutputDebugStringA
CloseHandle
WaitForSingleObject
SetEvent
InterlockedIncrement
GetVolumeInformationA
lstrcmpiA
GetFileAttributesA
MoveFileA
DeleteFileA
ResumeThread
GetLocaleInfoA
GetSystemTime
InterlockedDecrement
GetStartupInfoA
GetModuleFileNameA
lstrcmpA
lstrcatA
lstrlenA
lstrcpyA
CreateThread
GetDriveTypeA
HeapDestroy
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFileSize
ReadFile
EnterCriticalSection
FileTimeToSystemTime
CreateDirectoryA
LoadLibraryA
LeaveCriticalSection
GetVersionExA
IsDBCSLeadByte
GetProcAddress
InitializeCriticalSection
GetLastError
lstrcpynA
LoadLibraryExA
SizeofResource
FindResourceA
LoadResource
GetShortPathNameA
FreeLibrary
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
Sleep
GetCommandLineA
GetCurrentThreadId
DeleteCriticalSection
GetFullPathNameA

user32

IsIconic
GetSystemMetrics
SetTimer
GetMessageA
DispatchMessageA
KillTimer
CharNextA
SetDlgItemInt
SetFocus
EnableWindow
DialogBoxParamA
ScreenToClient
LoadMenuA
GetSubMenu
DeleteMenu
TrackPopupMenu
DestroyMenu
LoadIconA
LoadImageA
SendDlgItemMessageA
CreateWindowExA
GetDesktopWindow
IsWindow
GetParent
MessageBoxA
GetMenuItemID
GetMenuItemCount
GetWindowTextA
GetWindowLongA
SetWindowLongA
PostMessageA
GetWindowRect
SetWindowPos
UpdateWindow
LoadCursorA
SetCursor
GetDlgItem
ShowWindow
SetDlgItemTextA
SendMessageA
wsprintfA
EndDialog
DestroyIcon
PostThreadMessageA
LoadStringA

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA

shfolder

SHGetFolderPathA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA

ole32

CoInitialize
CoTaskMemAlloc
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoDisconnectObject
CoTaskMemFree
CoCreateInstance

oleaut32

RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
SysFreeString
VariantClear

comctl32

ImageList_Destroy
ImageList_SetOverlayImage
ImageList_ReplaceIcon
ImageList_Create

mpr

WNetOpenEnumA
WNetEnumResourceA
WNetCloseEnum

extdb

?DeleteFileEntry@CExtendedDB@@QAEHPAD@Z
?CopyFolder@CExtendedDB@@QAEHPAD0@Z
?CopyFileEntry@CExtendedDB@@QAEHPAD000@Z
?RenameFile@CExtendedDB@@QAEHPAD0@Z
?MoveFileA@CExtendedDB@@QAEHPAD000@Z
?GetCategoryMatches@CExtendedDB@@QAEHPAPADHPAPAJAAHPAPAH@Z
?MoveFolder@CExtendedDB@@QAEHPAD0@Z
?RemoveFileFromOneCategory@CExtendedDB@@QAEHPADJ@Z
?RemoveFileFromAllCategories@CExtendedDB@@QAEHPAD@Z
?CategoryNodeListGetFilesMatchAll@CExtendedDB@@QAEHPAJJAAHH@Z
?GetNthCategoryNodeFile@CExtendedDB@@QAEPADH@Z
?CategoryNodeGetFiles@CExtendedDB@@QAEHJAAHH@Z
?CategoryNodeListGetFiles@CExtendedDB@@QAEHPAJJAAHH@Z
?CategoryNodeGetName@CExtendedDB@@QAEHJPAD@Z
?CatNodeHasChildren@CExtendedDB@@QAEHJ@Z
?CategoryNodeAddFile@CExtendedDB@@QAEHJPAD@Z
?CatGetFirstChild@CExtendedDB@@QAEHJAAJ@Z
?DeleteCategoryNode@CExtendedDB@@QAEHJ@Z
?CatGetNextSibling@CExtendedDB@@QAEHJAAJ@Z
?AddCategoryNode@CExtendedDB@@QAEHJPADAAJ@Z
?SetDateSource@CExtendedDB@@QAEXW4DateSource@@@Z
?RenameCategoryNode@CExtendedDB@@QAEHJPADAAJ@Z
?GetFilesForDateRange@CExtendedDB@@QAEHVACDTime@@0AAH@Z
?SetMultiDateTimeForFile@CExtendedDB@@QAEHPADVACDTime@@11@Z
?GetNthTimeLineFile@CExtendedDB@@QAEPADH@Z
?CloseExtendedDB@CExtendedDB@@QAEHXZ
?SetDBDirectory@CExtendedDB@@QAEXPAD@Z
?FindDateTimeForFile@CExtendedDB@@QAEHPADAAVACDTime@@@Z
?CreateExtendedDB@CExtendedDB@@QAEHXZ
?OpenExtendedDB@CExtendedDB@@QAEHXZ
?Init@CExtendedDB@@QAEHXZ
??1CExtendedDB@@UAE@XZ
??0CExtendedDB@@QAE@XZ
?IsExtendedDBOpen@CExtendedDB@@QAEHXZ
?FileHasDateSourceItem@CExtendedDB@@QAEHPADW4DateSource@@@Z
?RemoveFilesFromCategories@CExtendedDB@@QAEHPAPADHPAJHH@Z
?DeleteFolder@CExtendedDB@@QAEHPAD@Z
?GetNextDateWithFiles@CExtendedDB@@QAEHVACDTime@@AAV2@@Z
?GetDateRangeInDB@CExtendedDB@@QAEHAAVACDTime@@0@Z
?RenameFolder@CExtendedDB@@QAEHPAD0@Z
?Optimize@CExtendedDB@@QAEHXZ
?GetSize@CExtendedDB@@QAEHAAJ@Z
?SetDBFilter@CExtendedDB@@QAEXPAPADHHH@Z
?CategoriesHaveFiles@CExtendedDB@@QAEHPAJH@Z
?SetAbort@CExtendedDB@@QAEHH@Z
?LockDB@CExtendedDB@@QAEHXZ
?GetPrevDateWithFiles@CExtendedDB@@QAEHVACDTime@@AAV2@@Z
?UnlockDB@CExtendedDB@@QAEHXZ

msvcp60

?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

msvcrt

_XcptFilter
vsprintf
_mbschr
_controlfp
__set_app_type
__p__fmode
__p__commode
??2@YAPAXI@Z
_purecall
__CxxFrameHandler
free
realloc
malloc
_beginthreadex
_mbsrchr
_ftol
_mbsnbcmp
sprintf
fclose
fputs
fopen
_mbscmp
atoi
strtok
_CxxThrowException
strtol
strchr
strncmp
toupper
_mbsbtype
__setusermatherr
_adjust_fdiv
wcslen
??1type_info@@UAE@XZ
_strdup
_stricmp
_exit
__dllonexit
_onexit
_except_handler3
__getmainargs
_acmdln
exit
_initterm

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Pn]
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f94d49c44202d4af1840b5ecf7b369a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shfolder

shell32

ole32

oleaut32

comctl32

mpr

extdb

msvcp60

msvcrt

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 68KB - Virtual size: 66KB

Pn] Size: 244KB - Virtual size: 244KB

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 68KB - Virtual size: 66KB

Pn]
Size: 244KB - Virtual size: 244KB