a3174a1e5461ab4308d4b166d91457227a717ac35a221ffeb65c103ab122cb29

Sharing

Copy URL Twitter E-mail

General

Target

a3174a1e5461ab4308d4b166d91457227a717ac35a221ffeb65c103ab122cb29
Size

541KB
MD5

d0b7ba37c72c4db12c292964797c8afc
SHA1

86bd015ef833e2db635158bf74fc6eec416325d2
SHA256

a3174a1e5461ab4308d4b166d91457227a717ac35a221ffeb65c103ab122cb29
SHA512

58bade0f219aced4fdcaa71959992a08fed9d6df558a2547defd819fb07b70608e18f406b07dcb8a7837bf4d90d440eb9525b3e6f78e9f729dfe3442346e3e2e
SSDEEP

12288:hO+SklBtbiZqIaO/kmESJzyAptq8W0V3:hO/gB8kmEiyAptq8D3

Score

N/A

Malware Config

Signatures

Files

a3174a1e5461ab4308d4b166d91457227a717ac35a221ffeb65c103ab122cb29
.exe windows x86

b9aa8f38b0a09b7e4b7f4137afe04fb3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

avifil32

AVIStreamRelease
AVIStreamWrite
AVIStreamSetFormat
AVIFileCreateStreamW
AVIFileInit
AVIFileOpenW
AVIFileExit
AVIFileRelease

mfc120u

ord3809
ord12114
ord12122
ord8099
ord10314
ord12126
ord12094
ord12799
ord5157
ord5454
ord5664
ord9231
ord5430
ord5667
ord5160
ord5316
ord5137
ord7609
ord7610
ord7600
ord5314
ord8101
ord10131
ord9090
ord6252
ord4546
ord2179
ord2204
ord2252
ord2214
ord5821
ord4049
ord2163
ord7881
ord2948
ord286
ord1467
ord992
ord887
ord1386
ord10919
ord7542
ord1506
ord280
ord8346
ord1042
ord501
ord1140
ord14527
ord5327
ord13331
ord13997
ord2173
ord8352
ord8268
ord12736
ord8206
ord5262
ord2444
ord12412
ord12413
ord14448
ord7806
ord14454
ord9279
ord4109
ord12818
ord7825
ord1992
ord11857
ord11858
ord14326
ord12402
ord6758
ord7884
ord4050
ord13333
ord6219
ord2262
ord2967
ord5824
ord285
ord5332
ord13404
ord5330
ord7704
ord11811
ord14526
ord3327
ord3221
ord7535
ord7319
ord6652
ord261
ord12276
ord14516
ord14459
ord12956
ord895
ord8233
ord2341
ord2343
ord1176
ord6491
ord9012
ord4181
ord8627
ord2952
ord3831
ord14432
ord2711
ord6922
ord358
ord3147
ord7059
ord1130
ord6452
ord1518
ord3129
ord8107
ord7020
ord1441
ord6735
ord9016
ord3215
ord4193
ord1457
ord982
ord1469
ord994
ord2308
ord7303
ord12893
ord13983
ord12890
ord13972
ord8763
ord13149
ord12966
ord12738
ord12824
ord12449
ord12429
ord13635
ord13121
ord6431
ord1063
ord6393
ord9007
ord3103
ord4176
ord14406
ord8247
ord8693
ord12957
ord6696
ord896
ord10961
ord6392
ord4528
ord13907
ord12958
ord6961
ord13987
ord8766
ord13975
ord13554
ord12941
ord2478
ord5119
ord6389
ord1105
ord450
ord2823
ord6032
ord6123
ord13616
ord2719
ord12095
ord6763
ord7543
ord6777
ord14094
ord8658
ord1471
ord999
ord7331
ord310
ord13153
ord4128
ord4838
ord4839
ord8655
ord6462
ord6251
ord14528
ord6751
ord6253
ord4606
ord2480
ord6469
ord3839
ord4772
ord300
ord1043
ord3790
ord9258
ord7382
ord13991
ord1108
ord460
ord5438
ord5324
ord12899
ord6870
ord4847
ord10793
ord10353
ord4843
ord14188
ord14336
ord9349
ord12977
ord1520
ord265
ord266
ord14265
ord12006
ord8921
ord10896
ord11271
ord3362
ord3361
ord3122
ord6121
ord13612
ord3263
ord3260
ord8092
ord2718
ord10166
ord10168
ord10167
ord10165
ord10169
ord5557
ord11600
ord11601
ord9020
ord11964
ord14447
ord8846
ord12047
ord6875
ord10883
ord9137
ord3224
ord13738
ord12134
ord296
ord1508
ord12132
ord1711
ord1723
ord1731
ord1727
ord1736
ord4879
ord4920
ord4887
ord4899
ord2367
ord4895
ord4891
ord4928
ord4916
ord4883
ord4932
ord4905
ord4867
ord4874
ord4909
ord4459
ord9574
ord4451
ord3013
ord14449
ord7807
ord14455
ord6774
ord11592
ord13563
ord5838
ord2640
ord11999
ord3898
ord3330
ord3329
ord3223
ord5693
ord10136
ord9091
ord6434
ord3795
ord12043

msvcr120

wcstoul
strchr
strpbrk
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
malloc
sprintf
sscanf
feof
strerror
strstr
__iob_func
fopen
_except1
fprintf
ferror
freopen
getc
_time64
fgets
modf
ldexp
rand
srand
frexp
_HUGE
isgraph
isspace
isalnum
ispunct
tolower
isalpha
isdigit
isupper
iscntrl
toupper
islower
isxdigit
strspn
fscanf
tmpfile
_ftelli64
_pclose
_popen
clearerr
rename
_mktime64
_gmtime64
tmpnam
system
remove
clock
strftime
setlocale
_localtime64
getenv
_difftime64
strrchr
strcoll
abort
longjmp
localeconv
fopen_s
ftell
fseek
strncmp
_CIatan2
_CIcosh
_CIfmod
_CIsinh
_CItanh
_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
_libm_sse2_acos_precise
memmove
wcstol
_ltow_s
_purecall
_wsplitpath_s
_wtof
_wmakepath_s
free
iswcntrl
_vsnprintf_s
memchr
wcsrchr
_vsnwprintf_s
fputc
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
_unlock_file
ungetc
fgetpos
_fseeki64
fflush
fgetc
vswprintf_s
fsetpos
setvbuf
_lock_file
_wctime64_s
memcpy_s
fwrite
_ftime64_s
fclose
fread
_errno
strnlen
strtod
vsprintf_s
realloc
qsort
wcsncpy_s
wcschr
?terminate@@YAXXZ
memset
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_libm_sse2_asin_precise
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_exp_precise
_libm_sse2_log10_precise
_libm_sse2_log_precise
_libm_sse2_pow_precise
_libm_sse2_sin_precise
_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
_setjmp3
ceil
floor
memcpy

kernel32

LoadLibraryExA
GetModuleFileNameA
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
GetProcAddress
LoadLibraryW
SetErrorMode
FreeLibrary
OutputDebugStringW
LocalFree
MultiByteToWideChar
GetModuleFileNameW
FormatMessageW
WideCharToMultiByte
FormatMessageA
DeleteCriticalSection
DecodePointer
InitializeCriticalSectionAndSpinCount
FindClose
FindNextFileW
FindFirstFileW
GetUserDefaultLCID
GetCommandLineW
GetCurrentThreadId
GetLastError
CreateMutexW
CloseHandle

user32

EndPaint
BeginPaint
FillRect
GetDesktopWindow
ChildWindowFromPoint
SetClassLongW
GetClassLongW
SetCapture
PtInRect
ScreenToClient
SetTimer
KillTimer
LoadCursorW
GrayStringW
DrawTextExW
TabbedTextOutW
GetNextDlgGroupItem
ReleaseCapture
ClientToScreen
SetRectEmpty
FindWindowExW
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
ShowWindow
SetWindowPos
SetForegroundWindow
BringWindowToTop
AllowSetForegroundWindow
LoadIconW
SendMessageW
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SetRect
PostMessageW
EnableWindow
GetDC
ReleaseDC
RedrawWindow
CallWindowProcW
CallNextHookEx
SetWindowLongW
UnhookWindowsHookEx
SetWindowsHookExW
MessageBoxW
GetWindow
GetClassNameW
GetWindowRect
IsWindow
InvalidateRect
GetWindowDC
OffsetRect
IntersectRect
GetParent
SetParent
SetPropW
GetFocus
DefWindowProcW
GetPropW
UpdateWindow
IsWindowVisible
GetWindowLongW
IsRectEmpty
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
CopyRect
MapWindowPoints
DrawTextW
InflateRect
FrameRect
GetCapture
GetCursorPos
WindowFromPoint

gdi32

GetStockObject
GetObjectW
GetDIBColorTable
SetDIBColorTable
CreateDIBSection
Polygon
GetTextExtentPoint32W
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
Rectangle
ExtCreatePen
BitBlt
DPtoLP
GetMapMode
CreateCompatibleBitmap
LPtoDP
CreateCompatibleDC
CreateSolidBrush
GetKerningPairsW
GetGlyphOutlineW
GetOutlineTextMetricsW
GetTextMetricsW
SelectObject
CreateFontIndirectW
DeleteObject
EnumFontsW
DeleteDC

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

comctl32

InitializeFlatSB
FlatSB_EnableScrollBar
_TrackMouseEvent
InitCommonControlsEx

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromFile
GdipCreateSolidFill
GdipSetPenColor
GdipDrawEllipseI
GdipFillEllipseI
GdipDrawLinesI
GdipDeletePen
GdipCreatePen1
GdipFillRectangleI
GdipCloneBrush
GdipDeleteBrush
GdipCreateLineBrushFromRectI
GdipDrawImageRectRectI
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipFree
GdiplusStartup
GdiplusShutdown
GdipDrawImageRectI

msvcp120

?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?_Winerror_map@std@@YAPBDH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_BADOFF@std@@3_JB
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?uncaught_exception@std@@YA_NXZ
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?getline@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??Bid@locale@std@@QAEIXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Syserror_map@std@@YAPBDH@Z

Sections

.text
Size: 397KB - Virtual size: 396KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9aa8f38b0a09b7e4b7f4137afe04fb3

Headers

DLL Characteristics

File Characteristics

Imports

avifil32

mfc120u

msvcr120

kernel32

user32

gdi32

advapi32

comctl32

gdiplus

msvcp120

Sections

.text Size: 397KB - Virtual size: 396KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 27KB - Virtual size: 27KB

.text
Size: 397KB - Virtual size: 396KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 27KB - Virtual size: 27KB