cfff6406386e4e04210b11f6d35dce67fab596f1064c8a66dca564488c03e629

Sharing

Copy URL Twitter E-mail

General

Target

cfff6406386e4e04210b11f6d35dce67fab596f1064c8a66dca564488c03e629
Size

944KB
MD5

0af98680d646f995199a18dfc20fdfcc
SHA1

40c3544c0a01ed54be495f5748ea20afe545dc19
SHA256

cfff6406386e4e04210b11f6d35dce67fab596f1064c8a66dca564488c03e629
SHA512

e4763294aea0519fb9b80d495ef553d0c491724a0456095ac8e2b7b35af7c52cf1f589129b7603d6b6f2eb424c132d9a52b614e87da7a32ce34e773968ada603
SSDEEP

12288:73GndygjzJsy6LVzeYPVFbzMbturJPwY4ItJWUJ8Yzujd3i4eKsk:QehjP4bMDDtBzujd3i4Lh

Score

N/A

Malware Config

Signatures

Files

cfff6406386e4e04210b11f6d35dce67fab596f1064c8a66dca564488c03e629
.dll windows x86

66863557d547d11d7893908781ffe398

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmGetContext
ImmGetCompositionStringA
ImmAssociateContext
ImmReleaseContext

pkpiflib

PKPIFL_Decode
PKPIFL_GetInLayoutFilesInfo
PKPIFL_GetInLayoutFileSizeInfo
PKPIFL_ReadInLayoutFileData
PKPIFL_PackageSpecifies
PKPIFL_GetPackageClassification
PKPIFL_GetMultiSizeInfo
PKPIFL_GetPIFHeaderInfo
PKPIFL_Encode
PKPIFL_EncodeMultiSize

pif_sdk3

?PIF_GetPackageBasicInfo@PIF_SDK@@UAEJAAUEPUTIL_PIF_FILESPEC@@AAUPIF_PACKAGE_BASIC_INFO@@@Z
?PIF_GetFileNameInPackage@PIF_SDK@@UAEJABUEPUTIL_PIF_FILESPEC@@JJAAY0CAC@E@Z
??0PIF_SDK@@QAE@J@Z
?PIF_SetTempDir@PIF_SDK@@UAEJABUEPUTIL_PIF_FILESPEC@@@Z
?PIF_LayoutSpecifies@PIF_SDK@@UAEJUEPUTIL_PIF_FILESPEC@@AAY0CAC@$$CBE_N2@Z
?PIF_GetBasicInfo@PIF_SDK@@UAEJAAUPIF_LAYOUT_BASIC_INFO@@_N@Z
??1PIF_SDK@@UAE@XZ
?PIF_ObjectDetailRead@PIF_SDK@@UAEJJAAUPIF_OBJECT_DETAIL_INFO@@@Z

epinet

?EnableCache@CEpPifHttpClient@@UAEH_N@Z
?ClearCache@CEpPifHttpClient@@UAEHPAVCEpPifFolder@@@Z
?ClearCache@CEpPifHttpClient@@UAEHXZ
?SetCachePath@CEpPifHttpClient@@UAEHPBD@Z
?ConfirmServerContents@CEpPifHttpClient@@UAEHPAVCEpPifFolder@@PBD@Z
?GetInformationList@CEpPifHttpClient@@UAEHXZ
?GetTimeoutTime@CEpClient@@MBEIXZ
?SetTimeoutTime@CEpPifHttpClient@@UAEHI@Z
?SetDownloadBufferSize@CEpPifHttpClient@@UAEHI@Z
?GetDownloadBufferSize@CEpClient@@UBEIXZ
?SetAgentName@CEpPifHttpClient@@UAEHPBD_N@Z
?GetRoot@CEpClient@@UAEPAVCEpFolder@@XZ
?Cancel@CEpPifHttpClient@@UAEHXZ
?Download@CEpPifHttpClient@@UAEHPAVCEpFile@@@Z
?GetEntryList@CEpPifHttpClient@@UAEHPAVCEpFolder@@@Z
?Logout@CEpPifHttpClient@@UAEHXZ
?Login@CEpPifHttpClient@@UAEHPBD00@Z
??0CEpPifHttpClient@@QAE@XZ
?IsCancel@CEpPifHttpClient@@MAE_NXZ
??1CEpPifHttpClient@@UAE@XZ

kernel32

WritePrivateProfileStringA
GetCurrentDirectoryA
RtlUnwind
RaiseException
GetACP
GetCommandLineA
ExitProcess
TerminateProcess
GetFullPathNameW
GetTimeZoneInformation
GetSystemTime
GetLocalTime
CreateThread
ExitThread
SetStdHandle
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetCurrentDirectoryW
GetDriveTypeA
UnhandledExceptionFilter
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoA
GetModuleFileNameA
GetFileAttributesA
CreateDirectoryA
CopyFileA
GetLastError
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
GetFileTime
GetFileSize
ReleaseMutex
lstrcmpA
GetCurrentThread
CreateEventA
SuspendThread
SetThreadPriority
SetEvent
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
EnterCriticalSection
lstrcpynA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
SetFileAttributesA
GetFileType
GetDiskFreeSpaceA
GetProcAddress
GetModuleHandleA
GlobalFree
GlobalAlloc
FreeLibrary
WideCharToMultiByte
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
MulDiv
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LockResource
FindResourceA
LoadResource
lstrcatA
MultiByteToWideChar
GetFullPathNameA
GetLongPathNameA
FindFirstFileA
FindNextFileA
FindClose
SetLastError
HeapDestroy
HeapCreate
HeapSize
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
GetVersion
IsBadReadPtr
LocalFree
CreateMutexA
CloseHandle
lstrcpyA
ResumeThread
Sleep
WaitForSingleObject
RemoveDirectoryA
DeleteFileA
IsBadWritePtr
lstrlenA
GlobalLock
GlobalUnlock
GetWindowsDirectoryA
GetVolumeInformationA
GetVersionExA
LoadLibraryA

user32

BeginPaint
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
ShowWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
CheckRadioButton
SendDlgItemMessageA
MapWindowPoints
SetFocus
AdjustWindowRectEx
GetScrollPos
SetScrollPos
IsChild
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
SetWindowPos
RegisterWindowMessageA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetSysColorBrush
CharNextA
CharPrevA
WindowFromDC
GrayStringA
DrawTextA
TabbedTextOutA
GetComboBoxInfo
MoveWindow
GetKeyState
DeferWindowPos
EqualRect
GetDlgCtrlID
GetUpdateRect
GetTopWindow
GetWindow
PtInRect
FrameRect
DrawEdge
DrawStateA
GetWindowDC
RedrawWindow
IsWindow
CreateIconIndirect
BeginDeferWindowPos
EndDeferWindowPos
ClientToScreen
ScreenToClient
GetCapture
GetSystemMetrics
LockWindowUpdate
SystemParametersInfoA
IsRectEmpty
CreateIcon
LoadIconA
LoadImageA
MessageBoxA
GetWindowRect
GetWindowLongA
GetSystemMenu
GetMenuState
DeleteMenu
KillTimer
SetTimer
GetIconInfo
DrawIconEx
FillRect
SetRect
PostMessageA
GetDC
FindWindowA
LoadStringA
GetClassNameA
UnregisterClassA
LoadCursorA
DestroyCursor
SetCursorPos
SetWindowLongA
SetCapture
ReleaseDC
CopyRect
OffsetRect
GetFocus
GetSysColor
InflateRect
DrawFocusRect
DestroyIcon
SetRectEmpty
GetClientRect
EnumChildWindows
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
IsWindowVisible
GetParent
InvalidateRect
UpdateWindow
PeekMessageA
TranslateMessage
DispatchMessageA
EnableWindow
SendMessageA
ShowOwnedPopups
PostQuitMessage
BringWindowToTop
UnpackDDElParam
ReuseDDElParam
SetMenu
LoadMenuA
SetCursor
ReleaseCapture
TranslateAcceleratorA
LoadAcceleratorsA
DestroyMenu
GetMessageA
ValidateRect
GetCursorPos
WindowFromPoint
GetDesktopWindow
CharUpperA
IsWindowEnabled
EndPaint
SetActiveWindow

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
MoveToEx
LineTo
GetDeviceCaps
CreatePen
CreatePatternBrush
SetBkMode
RestoreDC
SaveDC
DeleteDC
SetBkColor
SetTextColor
GetClipBox
CreateDIBSection
CreateFontIndirectA
CreateDIBPatternBrushPt
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SelectObject
GetStockObject
GetCurrentObject
CreateSolidBrush
GetDIBits
SetDIBits
DeleteObject
CreateBitmap
PatBlt
GetBitmapBits
GetTextExtentPoint32A
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
BitBlt
SetStretchBltMode
IntersectClipRect
StretchDIBits

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
CommDlgExtendedError

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

LookupAccountSidA
GetAce
GetAclInformation
GetSecurityDescriptorDacl
GetUserNameA
LookupAccountNameA
GetFileSecurityA
GetSecurityDescriptorOwner
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor
GetLengthSid
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
EqualSid
RegOpenKeyExA
RegSetValueExA

shell32

DragFinish
SHGetFolderPathA
ShellExecuteA
ord680
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
SHGetFileInfoA
DragQueryFileA

comctl32

ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_Draw
ImageList_Remove
ImageList_GetImageCount
ImageList_SetOverlayImage
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
ImageList_Duplicate

ole32

CoGetObject
StringFromGUID2
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen

wininet

InternetOpenUrlA
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetReadFile
InternetWriteFile
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetQueryOptionA
InternetOpenA
InternetCloseHandle
InternetSetStatusCallback
InternetSetFilePointer

Exports

Exports

PIFT_MovePIFFile
PIFT_RegistPIFFiles

Sections

.text
Size: 568KB - Virtual size: 564KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

66863557d547d11d7893908781ffe398

Headers

File Characteristics

Imports

imm32

pkpiflib

pif_sdk3

epinet

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 568KB - Virtual size: 564KB

.rdata Size: 120KB - Virtual size: 118KB

.data Size: 40KB - Virtual size: 70KB

.rsrc Size: 24KB - Virtual size: 20KB

.reloc Size: 68KB - Virtual size: 65KB

.text Size: 120KB - Virtual size: 120KB

.text
Size: 568KB - Virtual size: 564KB

.rdata
Size: 120KB - Virtual size: 118KB

.data
Size: 40KB - Virtual size: 70KB

.rsrc
Size: 24KB - Virtual size: 20KB

.reloc
Size: 68KB - Virtual size: 65KB

.text
Size: 120KB - Virtual size: 120KB