38db102ee889138a496615df9c9021627a96d159cd6dbacb5061c23f1a309a3a

Sharing

Copy URL

Twitter E-mail

General

Target

38db102ee889138a496615df9c9021627a96d159cd6dbacb5061c23f1a309a3a
Size

800KB
MD5

a9cfe4040cc9657586e409c9b89fa7f6
SHA1

32cf62abe17ab23cb27bffd666e5c872f456ad3a
SHA256

38db102ee889138a496615df9c9021627a96d159cd6dbacb5061c23f1a309a3a
SHA512

861647883197864a3e3ec9a01d506c494b03b23490ef9b7d7c0fc7d571564137435ac5c666a72b6143247b060ecd143f96af902c7f4bb48137c2937cc268a6dd
SSDEEP

12288:HM9ldj7OQ7gcMS0qJ/31n7T9hYTqVc1Hi:HuXjycMw5c1C

Score

N/A

Malware Config

Signatures

Files

38db102ee889138a496615df9c9021627a96d159cd6dbacb5061c23f1a309a3a
.exe windows x86

d9a48c70f292d2b5e7b2917625510a1a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetCompositionStringA
ImmSimulateHotKey
ImmGetContext
ImmReleaseContext

ndsparts

NdsKickModule
NdsSetTosApOption
??0NDSVersionDlg@@QAE@PAVCWnd@@@Z
??1NDSVersionDlg@@UAE@XZ
NdsMenuOpenHelp
NdsMenuAbortAll
NdsGetTosApOption

ndsapi

NDS_GetAerialCheck
NDS_IsInternalDevice
NDS_GetFireImageProfile
NDS_GetAllPFnameEx
NDS_GetCurrentProfile
?ComparePF@NDS_PF@@QAEKAAV1@@Z
?CopyFrom@NDS_PF@@QAEKPAV1@@Z
??0NDS_DEVICE@@QAE@XZ
NDS_GetKillSwStatus
?GetDeviceAt@NDS_PF@@QAEHKPAVNDS_DEVICE@@@Z
??0NDS_PF@@QAE@XZ
??1NDS_PF@@QAE@XZ
NDS_IsNetworkConfigurationOperator
NDS_IsAdministrator
NDS_ScanBssid
NDS_SetAerialCheck
NDS_CheckWCS_NIC
??1NDS_DEVICE@@QAE@XZ
NDS_GetFnF8Status
NDS_IsUnknownDevice

ndsnls

NdsLoadString

ipadrset

iasGetNetNameByDevID

cfgmgr32

CM_Locate_DevNodeA
CM_Get_DevNode_Registry_PropertyA

venapi

VENAPI_GetNetworkType
VENAPI_GetWepStatus

winmm

timeGetTime

ws2_32

listen
connect
WSAGetLastError

comctl32

ImageList_ReplaceIcon

kernel32

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateEventA
OpenEventA
GetLastError
CreateMutexA
SetProcessWorkingSetSize
GetCurrentProcess
lstrcatA
GetModuleFileNameA
CreateProcessA
GetStartupInfoA
IsDBCSLeadByte
Sleep
GetModuleHandleA
CloseHandle
GetTimeFormatA
GetDateFormatA
GetLocalTime
GetTickCount
Beep
DeviceIoControl
CreateFileA
DeleteCriticalSection
GetVersionExA
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateThread
GetShortPathNameA
WinExec
GetTempFileNameA
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
CompareFileTime
UnmapViewOfFile
SetEvent
ResetEvent
WaitForSingleObject
MapViewOfFile
CreateFileMappingA
GetWindowsDirectoryA
ResumeThread
lstrcpyA
SetEndOfFile
ReadFile
WriteFile
SetFilePointer
MulDiv
GetProcAddress
FreeLibrary
LoadLibraryA

user32

UpdateWindow
SetLayeredWindowAttributes
SetTimer
RegisterWindowMessageA
SetWindowLongA
GetWindowLongA
ReleaseDC
GetClientRect
GetDC
GetWindowRect
KillTimer
SetWindowPos
SetWindowRgn
SendMessageA
DrawStateA
DrawIcon
FillRect
GetSysColor
InvalidateRect
TrackMouseEvent
MessageBoxA
PostMessageA
SetForegroundWindow
FindWindowA
LoadIconA
AppendMenuA
GetSystemMenu
GetSystemMetrics
IsIconic
PostQuitMessage
GetDesktopWindow
IsWindowVisible
IsWindow
AttachThreadInput
GetParent
GetWindowThreadProcessId
GetWindow
GetMenu
DeleteMenu
GetMenuItemCount
SetWindowTextA
ShowWindow
IsWindowEnabled
wsprintfA
GetCursorPos
ModifyMenuA
WINNLSEnableIME
WINNLSGetEnableStatus
BringWindowToTop
GetForegroundWindow
LoadBitmapA
SetRectEmpty
LoadCursorA
SetCursor
SystemParametersInfoA
CopyRect
SetRect
GetClassNameA
WindowFromPoint
UnionRect
OffsetRect
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
LoadImageA
MoveWindow
DrawTextA
UpdateLayeredWindow
CreatePopupMenu
GetKeyState
GetActiveWindow
DrawFrameControl
IsZoomed
EnableWindow

gdi32

SelectObject
DeleteDC
GetDIBits
SetDIBits
CreateDIBSection
CreateCompatibleDC
SetBkMode
SetTextColor
SetBkColor
CreateFontIndirectA
GetStockObject
DeleteObject
ExtTextOutA
StretchBlt
GetBkColor
GetTextExtentPoint32A
CreateFontA
CreateSolidBrush
GetTextColor
GetObjectA
CreateRoundRectRgn
FillRgn
FrameRgn

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegFlushKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA

shell32

ShellExecuteA
DragAcceptFiles
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetSpecialFolderPathA
DragQueryFileA
SHAppBarMessage
SHGetFolderPathA

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysFreeString
VariantClear
SysAllocString

cfdropex

?m_posthWnd@@3PAUHWND__@@A
?m_sethWnd@@3PAUHWND__@@A
?fnSethook@@YAHPAUHWND__@@K0@Z
?fnFreehook@@YAHXZ
?fnClosehook@@YAHXZ

mfc42

ord4948
ord4905
ord5160
ord5162
ord5161
ord1907
ord6334
ord2370
ord5478
ord5796
ord4335
ord2077
ord4377
ord791
ord3717
ord5287
ord1995
ord4919
ord4975
ord4863
ord4447
ord4411
ord2032
ord5482
ord5811
ord4779
ord5308
ord2558
ord6270
ord2639
ord2122
ord1088
ord1644
ord2438
ord809
ord556
ord3654
ord2584
ord4220
ord6394
ord5450
ord6383
ord5440
ord4299
ord6458
ord6378
ord6379
ord1153
ord1232
ord1105
ord4480
ord2152
ord323
ord1640
ord5785
ord2405
ord640
ord3317
ord3181
ord790
ord3571
ord3716
ord6877
ord6662
ord354
ord350
ord5186
ord6385
ord1979
ord665
ord3616
ord4835
ord489
ord4258
ord6028
ord4358
ord4742
ord4976
ord1908
ord1690
ord5288
ord768
ord967
ord4439
ord2054
ord4431
ord771
ord1008
ord497
ord4259
ord4715
ord3708
ord781
ord3092
ord3996
ord2862
ord3127
ord5651
ord3178
ord6134
ord5937
ord3763
ord3812
ord3910
ord3771
ord4132
ord3286
ord3329
ord5810
ord5481
ord2031
ord1971
ord356
ord2770
ord2781
ord1980
ord668
ord5683
ord2763
ord4278
ord384
ord2096
ord2528
ord2864
ord5608
ord940
ord4129
ord922
ord2614
ord6883
ord5861
ord966
ord3570
ord605
ord278
ord523
ord5265
ord4376
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord324
ord825
ord641
ord4234
ord4853
ord2379
ord800
ord4224
ord860
ord3874
ord540
ord4710
ord755
ord470
ord2302
ord3663
ord3706
ord3626
ord2414
ord2422
ord2860
ord283
ord2859
ord5981
ord6197
ord6880
ord6199
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord4424
ord3721
ord795
ord609
ord567
ord3610
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord656
ord654
ord1200
ord2642
ord2818
ord858
ord3742
ord818
ord4275
ord2582
ord4402
ord3370
ord3640
ord693
ord801
ord541
ord941
ord2086
ord6907
ord6007
ord2764
ord823
ord5603
ord341
ord5858
ord6905
ord3301
ord2623
ord2486
ord4003
ord3573
ord5875
ord6654
ord5787
ord1641
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord6438
ord2621
ord1134
ord1199
ord1247
ord1146
ord1168
ord3619
ord6143
ord939
ord6140
ord4160
ord2863
ord537
ord535
ord6215
ord6453
ord2408
ord5710
ord6663
ord6380
ord1576

msvcrt

atoi
_strnicmp
_setmbcp
strncpy
__CxxFrameHandler
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
strrchr
memmove
_stricmp
_splitpath
remove
_getmbcp
_mbctype
realloc
_mbscmp
_access
_mkdir
localtime
_stat
time
free
_mbsicoll
_mbsicmp
malloc
calloc
_findfirst
exit
sprintf
strncmp

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

msimg32

AlphaBlend

Sections

.text
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d9a48c70f292d2b5e7b2917625510a1a

Headers

File Characteristics

Imports

imm32

ndsparts

ndsapi

ndsnls

ipadrset

cfgmgr32

venapi

winmm

ws2_32

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

cfdropex

mfc42

msvcrt

msvcp60

msimg32

Sections

.text Size: 412KB - Virtual size: 409KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 60KB - Virtual size: 5.4MB

.rsrc Size: 280KB - Virtual size: 280KB

.text
Size: 412KB - Virtual size: 409KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 60KB - Virtual size: 5.4MB

.rsrc
Size: 280KB - Virtual size: 280KB