0e65504f5dbc669a4a26de6b8ebe32618b286d97216b607ea9edf28183be110f

Sharing

Copy URL Twitter E-mail

General

Target

0e65504f5dbc669a4a26de6b8ebe32618b286d97216b607ea9edf28183be110f
Size

176KB
MD5

a124b90daa1d664957f26038d8a6e167
SHA1

3257cae8bdfd88a81b2070b73048de05fdc7513d
SHA256

0e65504f5dbc669a4a26de6b8ebe32618b286d97216b607ea9edf28183be110f
SHA512

2dec42f626c919632a19ca5938ba79236370f0b0f7441baf04a1aa990035ff16a72990f4eb35c91c8f91f274b1ff04d24469477dff121ee961fb4c8bd37e7469
SSDEEP

3072:shV7qMuudeuhuzlBuSwCkoAMgnyBaYOkrg7wkM3NV6PYqZ5hweobPe2ro:shVeMuiq3wCkoAMyAlrgXM3eg87xoq0o

Score

N/A

Malware Config

Signatures

Files

0e65504f5dbc669a4a26de6b8ebe32618b286d97216b607ea9edf28183be110f
.exe windows x86

98eea1c404515d969004b2998958904b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc120u

ord4459
ord4909
ord4874
ord4867
ord4905
ord4932
ord4883
ord4916
ord4928
ord4891
ord4895
ord4899
ord4887
ord4920
ord4879
ord1736
ord1727
ord1731
ord1723
ord1711
ord12132
ord12134
ord13738
ord3224
ord5022
ord2431
ord4984
ord5019
ord12430
ord286
ord1518
ord1684
ord1687
ord2954
ord12634
ord4621
ord12755
ord8601
ord8594
ord8638
ord8639
ord12792
ord8242
ord2967
ord285
ord293
ord5693
ord2948
ord2130
ord12094
ord12126
ord8099
ord10883
ord6875
ord8846
ord14447
ord11811
ord12114
ord3795
ord11964
ord9020
ord11601
ord11600
ord5557
ord10169
ord10165
ord10167
ord10168
ord10166
ord8092
ord10136
ord5821
ord3809
ord2163
ord12203
ord3806
ord545
ord11870
ord3260
ord3263
ord2847
ord1172
ord6758
ord992
ord266
ord2367
ord6252
ord14527
ord6253
ord9574
ord4451
ord3013
ord14449
ord7807
ord14455
ord6774
ord11592
ord14094
ord13991
ord13563
ord5838
ord2640
ord11999
ord3898
ord3330
ord3329
ord3223
ord12043
ord4843
ord2336
ord2343
ord6652
ord2204
ord8628
ord4184
ord14237
ord2484
ord4842
ord3889
ord6404
ord6510
ord2173
ord9137
ord8699
ord8658
ord2341
ord1447
ord14516
ord12276
ord14463
ord12219
ord280
ord5667
ord10131
ord9090
ord4692
ord4672
ord8059
ord5491
ord5488
ord1141
ord503
ord8352
ord7542
ord1467
ord8268
ord12122
ord10314
ord12799
ord12736
ord4546
ord7881
ord8206
ord5262
ord10260
ord2444
ord12412
ord12413
ord14448
ord7806
ord14454
ord9279
ord4109
ord4047
ord12818
ord7825
ord1992
ord11857
ord11858
ord14326
ord12402
ord7884
ord973
ord2347
ord501
ord1140
ord4050
ord5824
ord6219
ord6392
ord6469
ord3839
ord3122
ord3361
ord3362
ord4049
ord10353
ord11271
ord10896
ord8921
ord1108
ord9091
ord2718
ord13612
ord6121
ord12006
ord1110
ord887
ord1386
ord2262
ord7004
ord462
ord12048
ord9116
ord9299
ord7384
ord8101
ord5314
ord7600
ord7610
ord7609
ord5137
ord5316
ord5160
ord5430
ord9231
ord5664
ord5454
ord5157
ord4772
ord296
ord1042
ord1520
ord1521
ord14275
ord14269
ord265
ord1506
ord4985
ord316
ord310
ord1043
ord1525
ord1528
ord1691
ord8641
ord14528
ord6251
ord3790
ord14526
ord1508

msvcr120

_CxxThrowException
__CxxFrameHandler3
memcpy
_onexit
_controlfp_s
_invoke_watson
__crtSetUnhandledExceptionFilter
_except_handler4_common
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
??1type_info@@UAE@XZ
_except1
__dllonexit
_calloc_crt
_unlock
_lock
?terminate@@YAXXZ
_commode
_fmode
_wcmdln
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__crtGetShowWindowMode
_XcptFilter
memset
_time64
wcstok
srand
_waccess
rand
_snwprintf_s
wcstoul
memmove_s
memcpy_s
vswprintf_s
_wtoi
malloc
_purecall
memmove
sscanf
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
atoi
free

kernel32

WaitForSingleObject
GetModuleHandleW
GetTickCount
OpenProcess
WideCharToMultiByte
VirtualFreeEx
Sleep
ReadProcessMemory
GetVersionExW
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
GetTempPathW
GetProcAddress
VirtualAllocEx
FindClose
CreateDirectoryW
CloseHandle
WriteProcessMemory
lstrcpyW
CopyFileW
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
FindFirstFileW
GetCurrentProcess
CreateMutexW
GetCommandLineW
WritePrivateProfileStringW
GetPrivateProfileStringW
DeleteCriticalSection
DecodePointer
EnterCriticalSection
GetLastError
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
FindNextFileW

user32

EnableWindow
GetClientRect
SetCursor
SetTimer
IsIconic
KillTimer
LoadCursorW
DrawIcon
PtInRect
FindWindowW
FindWindowExW
SendMessageW
GetWindowThreadProcessId
PostMessageW
GetSystemMetrics
GetWindowRect
GetSubMenu
SetMenuItemBitmaps
SetForegroundWindow
LoadIconW
LoadMenuW
SystemParametersInfoW
GetSysColor
GetCursorPos
IsWindowVisible
GetParent

advapi32

CloseServiceHandle
RegCloseKey
ControlService
RegOpenKeyExW
QueryServiceStatus
ChangeServiceConfig2W
RegQueryValueExW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW

shell32

SHGetDesktopFolder
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHBindToParent

comctl32

InitCommonControlsEx

shlwapi

StrRetToStrW
StrRetToBufW
PathFileExistsW

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

urlmon

URLDownloadToFileW

gdiplus

GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipDrawImageRectRect
GdiplusStartup
GdipDeleteStringFormat
GdipReleaseDC
GdipCreateStringFormat
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipDrawString
GdipCreateFont
GdipCreateSolidFill
GdipDeleteFontFamily
GdipSetStringFormatAlign
GdipLoadImageFromFile
GdipDeleteGraphics
GdipDeleteFont
GdipDrawImageRectRectI
GdipDeleteBrush
GdipGetImageWidth
GdipGetImageHeight
GdipCloneImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdipDrawImageRect

xxuilib

?SetActive@XXItemBase@@QAEXH@Z
?GetActive@XXItemBase@@QAEHXZ
?SetEnable@XXItemBase@@QAEXH@Z
?GetEnable@XXItemBase@@QAEHXZ
?SetWallpaper@XXShellFunctions@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@K@Z
?GetWallpaper@XXShellFunctions@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?GetRuntimeClass@CXXDialogBase@@UBEPAUCRuntimeClass@@XZ
?SetMinMaxStyle@CXXDialogBase@@QAEXXZ
?MinXXDlg@CXXDialogBase@@QAEXXZ
?OnPaint@CXXDialogBase@@QAEXXZ
?OnLButtonDown@CXXDialogBase@@QAEXIVCPoint@@@Z
?OnLButtonUp@CXXDialogBase@@QAEXIVCPoint@@@Z
?OnTimer@CXXDialogBase@@QAEXI@Z
?WebGet@XXBaseFunctions@@QAEKV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AAV23@H@Z
?Tongji@XXBaseFunctions@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@000@Z
?Tongji2@XXBaseFunctions@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0000@Z
??0XXCheckBox@@QAE@XZ
??1XXCheckBox@@QAE@XZ
?SetText@XXCheckBox@@QAEXPB_W@Z
?SetTextMouseOnColor@XXCheckBox@@QAEXVColor@Gdiplus@@@Z
?SetTextMouseDownColor@XXCheckBox@@QAEXVColor@Gdiplus@@@Z
?SetTextColor@XXCheckBox@@QAEXVColor@Gdiplus@@@Z
?GetImage@XXButton@@QAEPAVImage@Gdiplus@@XZ
?OnMove@CXXDialogBase@@QAEXHH@Z
??0XXImage@@QAE@XZ
??1XXImage@@QAE@XZ
?SetImage@XXImage@@QAEHPB_W@Z
?GetImage@XXImage@@QAEPAVImage@Gdiplus@@XZ
?SetRect@XXItemBase@@QAEXHHHH@Z
?SetCallBack@XXItemBase@@QAEXPAVXXCallbacks@@@Z
??0XXButton@@QAE@XZ
??1XXButton@@QAE@XZ
?SetImage@XXButton@@QAEHPB_WW4XXBT_IMGS@1@W4XXBT_TYPE@1@@Z
?GetThisClass@CXXDialogBase@@SGPAUCRuntimeClass@@XZ
??0CXXDialogBase@@QAE@IPAVCWnd@@@Z
??1CXXDialogBase@@UAE@XZ
?UpdateView@CXXDialogBase@@UAEXXZ
?UpdateViewRect@CXXDialogBase@@UAEXPAUtagRECT@@@Z
?UpdateViewPt@CXXDialogBase@@UAEXAAUtagPOINT@@@Z
?CallBackInvalidate@CXXDialogBase@@UAEXXZ
?DrawSurface@CXXDialogBase@@UAEXPAUHDC__@@HHH@Z
?Set_OPAQUEDlg@CXXDialogBase@@QAEHH@Z
?SetNoMove@CXXDialogBase@@QAEXH@Z
?CloseXXDlg@CXXDialogBase@@QAEXXZ
?AddXXItem@CXXDialogBase@@QAEHPAVXXItemBase@@@Z
?DoDataExchange@CXXDialogBase@@MAEXPAVCDataExchange@@@Z
?GetThisMessageMap@CXXDialogBase@@KGPBUAFX_MSGMAP@@XZ
?OnInitDialog@CXXDialogBase@@UAEHXZ
?OnDestroy@CXXDialogBase@@QAEXXZ
?OnMouseMove@CXXDialogBase@@QAEXIVCPoint@@@Z
?PreTranslateMessage@CXXDialogBase@@UAEHPAUtagMSG@@@Z
?OnRButtonUp@CXXDialogBase@@QAEXIVCPoint@@@Z
??0CHtmlCtrls@@QAE@XZ
??1CHtmlCtrls@@UAE@XZ
?Navigate@CHtmlCtrls@@QAEXPB_WK00PAXK@Z
?CreateFromStatic@CHtmlCtrls@@QAEHIPAVCWnd@@@Z
?SetShow@XXItemBase@@QAEXH@Z

msvcp120

?_Winerror_map@std@@YAPBDH@Z
?_Syserror_map@std@@YAPBDH@Z
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

psapi

EnumProcesses
GetModuleFileNameExW

wininet

DeleteUrlCacheEntryW

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98eea1c404515d969004b2998958904b

Headers

DLL Characteristics

File Characteristics

Imports

mfc120u

msvcr120

kernel32

user32

advapi32

shell32

comctl32

shlwapi

ole32

urlmon

gdiplus

xxuilib

msvcp120

psapi

wininet

Sections

.text Size: 104KB - Virtual size: 104KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 1KB - Virtual size: 5KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 104KB - Virtual size: 104KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 1KB - Virtual size: 5KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 12KB - Virtual size: 12KB