22c71bf6606001470a2b9c2c09a80c51bbeb77c8d98c44c0108e599624367da5

Sharing

Copy URL Twitter E-mail

General

Target

22c71bf6606001470a2b9c2c09a80c51bbeb77c8d98c44c0108e599624367da5
Size

1.2MB
MD5

46ac522f3ef8bca2a04314e76fac1b47
SHA1

7d48bf6c26ec65a817cb29cd93958e7ba5cb4b01
SHA256

22c71bf6606001470a2b9c2c09a80c51bbeb77c8d98c44c0108e599624367da5
SHA512

e34103cdf3424da09ab662dd6a5e653849536dd91366f58388c7eccf2f84c699ed93c593397f84360786854517d2937f05c48cf0c47af22fc9e0923b7e0a75c1
SSDEEP

24576:xnlw9xFLkRDWzyeGfRVfevPv72sdBSKqYRCieVs:xnlw9DQRDlfRVfevPvyuBn

Score

N/A

Malware Config

Signatures

Files

22c71bf6606001470a2b9c2c09a80c51bbeb77c8d98c44c0108e599624367da5
.exe windows x86

aca0300b9eaea38600869f807e48ec9d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ahclient

InitializeAdobeHelpClient
DisplayAdobeHelpClientPage

kernel32

LoadLibraryW
Beep
GetCurrentDirectoryW
GetLastError
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentProcessId
OpenProcess
LoadLibraryA
FreeLibrary
IsDebuggerPresent
GlobalGetAtomNameW
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
EnumSystemLocalesW
FindFirstFileW
CreateSemaphoreW
WaitForSingleObject
GetProcAddress
SetFileAttributesW
CloseHandle
CreateEventW
ReleaseSemaphore
SetEvent
SetUnhandledExceptionFilter
MoveFileW
RemoveDirectoryW
CreateDirectoryW
GetVersionExW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetCurrentProcess
GlobalAlloc
GlobalFree
GetProcessHeap
HeapAlloc
HeapFree
ReadFile
GetMailslotInfo
CreateFileA
WriteFile
CreateMailslotA
GetStdHandle
CreateProcessW
GetExitCodeProcess
GetCommandLineW
LocalFree
FindClose
FindNextFileW
GetSystemTimeAsFileTime
GetLocaleInfoA
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetVersion
GetFileAttributesW
GetModuleHandleW
GetModuleHandleA
DeleteCriticalSection
InitializeCriticalSection
Sleep
ResumeThread
CreateEventA
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
GetShortPathNameW
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultLangID
GetTickCount
DeleteFileW
CreateFileW
CopyFileW
GetACP
MultiByteToWideChar
WideCharToMultiByte

advapi32

CryptCreateHash
InitializeSid
GetSidIdentifierAuthority
GetSidLengthRequired
GetSidSubAuthorityCount
RegCreateKeyW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
CryptDestroyHash
CryptAcquireContextA
CryptGenRandom
FreeSid
RegCreateKeyExW
CryptGetHashParam
CryptHashData
EqualSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
GetSidSubAuthority

user32

BeginPaint
EndPaint
PostQuitMessage
MonitorFromRect
GetMonitorInfoW
CreateWindowExW
SetWindowLongW
SetPropA
SetClassLongW
LoadIconW
RegisterClassExW
GetAsyncKeyState
FindWindowW
SetForegroundWindow
SendMessageW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
EnumChildWindows
RegisterWindowMessageW
GetPropA
SetWindowPos
GetWindowPlacement
ShowWindow
SetFocus
LoadCursorW
SetCursor
DefWindowProcW
GetWindowRect
PostMessageW
PostThreadMessageW
GetWindow
GetWindowLongA
GetTopWindow
IsWindowEnabled
InvalidateRect
AttachThreadInput
GetForegroundWindow
EnumThreadWindows
GetWindowThreadProcessId
SystemParametersInfoA
wsprintfW
PeekMessageW
GetClientRect
IsIconic
DispatchMessageW

gdi32

RemoveFontResourceW
GetStockObject
AddFontResourceW

adobeowl

OWLFlashPlayerChangeAttributes
OWLInitialize
OWLFlashPlayerLoadMovie
OWLIsFlashPlayer

adobeowlcanvas

?read_request@flash_external_interface@owl_canvas@adobe@@YA?AUrequest_t@version_0@123@PBDK@Z
?flash_player_invoke_request@flash_external_interface@owl_canvas@adobe@@YA?AVany_regular_t@version_1@3@PAUHWND__@@ABUrequest_t@version_0@123@@Z

msvcp80

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?length@?$char_traits@_W@std@@SAIPB_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?eof@?$char_traits@_W@std@@SAGXZ
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
?close@?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?push_back@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEX_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0_Lockit@std@@QAE@H@Z
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?width@ios_base@std@@QAEHH@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?uncaught_exception@std@@YA_NXZ
??1locale@std@@QAE@XZ

mfc80u

ord1178
ord1182
ord6284
ord5319
ord2465
ord2299
ord911
ord6206
ord4049
ord2897
ord5873
ord5621
ord2111
ord2744
ord2747
ord2740
ord3088
ord3452
ord5416
ord6009
ord3383
ord5489
ord2697
ord2696
ord3195
ord380
ord1252
ord384
ord629
ord1248
ord772
ord2460
ord5398
ord3842
ord5712
ord1176
ord557
ord745
ord2282
ord5484
ord1906
ord2444
ord5705
ord4100
ord5524
ord2311
ord6167
ord6173
ord281
ord268
ord575
ord897
ord4074
ord2261
ord4101
ord5558
ord5083
ord1430
ord6700
ord282
ord6111
ord1479
ord1079
ord3927
ord2260
ord3990
ord899
ord896
ord2121
ord4026
ord5485
ord1472
ord764
ord577
ord283
ord776
ord1022
ord3629
ord762
ord3589
ord759
ord570
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5563
ord5209
ord5226
ord4563
ord3942
ord5223
ord5220
ord2925
ord1911
ord2240
ord860
ord2895
ord870
ord280
ord1236
ord2461
ord266
ord293
ord774
ord1476
ord284

msvcr80

strcpy
_localtime64
_time64
strftime
strtok
wcsncmp
wcsncpy
_ctime64
_wsplitpath
_getdrives
_swprintf
iswspace
strcspn
_mktime64
_localtime64_s
wcsstr
strncpy
wcstombs
memmove
exit
realloc
abort
wcstoul
calloc
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
wcscpy_s
wcscat_s
wcscmp
_access
fopen
fprintf
strrchr
strtod
_beginthreadex
_fpreset
_wtoi
_wcsicmp
wcschr
atof
rand
strtoul
toupper
tolower
memcpy
strchr
free
malloc
strstr
wcsrchr
wcscat
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
strlen
??8type_info@@QBE_NABV0@@Z
isalnum
memcmp
memmove_s
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBDH@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
wcscpy
memset
_purecall
strcmp
atoi
sprintf
__RTDynamicCast
wcslen
_wcsnicmp
__CxxFrameHandler3
_itoa
fclose

ole32

CoInitialize
CoCreateInstance
OleInitialize
CoUninitialize

shell32

SHGetMalloc
SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListW
CommandLineToArgvW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

aca0300b9eaea38600869f807e48ec9d

Headers

File Characteristics

Imports

ahclient

kernel32

advapi32

user32

gdi32

adobeowl

adobeowlcanvas

msvcp80

mfc80u

msvcr80

ole32

shell32

version

Exports

Exports

Sections

.text Size: 876KB - Virtual size: 875KB

.rdata Size: 196KB - Virtual size: 192KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 876KB - Virtual size: 875KB

.rdata
Size: 196KB - Virtual size: 192KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 92KB - Virtual size: 92KB