c7ed7064b35d30063c5600635a92f9ca9a8f8f4b143033e3b1f13910421a6c49

Sharing

Copy URL

Twitter E-mail

General

Target

c7ed7064b35d30063c5600635a92f9ca9a8f8f4b143033e3b1f13910421a6c49
Size

852KB
MD5

456a36338d804fdaa4b802df092b6af3
SHA1

5c6962d4c339b0991153b0a6279f582bd5dd4fd1
SHA256

c7ed7064b35d30063c5600635a92f9ca9a8f8f4b143033e3b1f13910421a6c49
SHA512

d762154b216ae8465dc1e254a01f9fe9a481edbdfc8a6f7c6af7f325b7dd58aae08414703504bdd8511197dd4415821a902912ee1de7548eb39b23e18c2ac8cf
SSDEEP

24576:4bE3WeSkz/LPtGbGQUf/Ug6EY7zujd3i4L8:4bE3VTPtGbGQUf/Ug6lo8

Score

N/A

Malware Config

Signatures

Files

c7ed7064b35d30063c5600635a92f9ca9a8f8f4b143033e3b1f13910421a6c49
.dll windows x86

ca46c84919aa92c2158ea7c0e2daf070

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetLastError
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
CreateMutexA
CloseHandle
ReleaseMutex
WaitForSingleObject
ResumeThread
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
LockResource
LoadResource
FindResourceA
GetTempPathA
GetFileAttributesA
GetFileSize
CreateFileA
CreateDirectoryA
CopyFileA
RemoveDirectoryA
DeleteFileA
GetTickCount
WideCharToMultiByte
InterlockedDecrement
lstrlenA
LocalAlloc
LocalFree
MultiByteToWideChar
lstrlenW
GlobalSize
GlobalFlags
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
GetExitCodeThread

user32

SetWindowLongA
CopyRect
GetClientRect
SendMessageA
IsChild
GetFocus
UpdateWindow
ShowWindow
LoadCursorA
ReleaseDC
GetDC
EndPaint
DrawTextA
BeginPaint
DestroyWindow
KillTimer
PtInRect
ScreenToClient
GetCursorPos
SetTimer
InvalidateRect
GetWindowLongA
DefWindowProcA
UnregisterClassA
RegisterClassExA
CreateWindowExA
DispatchMessageA
PeekMessageA
IsWindow

gdi32

SetTextColor
DeleteObject
GetDeviceCaps
CreateFontA
SelectObject
StretchDIBits
SetBkMode
GetTextExtentPoint32A

ole32

CLSIDFromString
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantChangeType
VariantCopy
VariantInit
SysAllocStringLen
SysAllocString

wininet

HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetGetConnectedState
InternetAutodial
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetReadFile

wsock32

WSAStartup
WSACleanup
gethostbyname
WSAGetLastError
WSASetLastError

shfolder

SHGetFolderPathA

axeparser

ord2
ord1

bib

ord5

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?rdbuf@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_filebuf@DU?$char_traits@D@std@@@2@XZ
?_Fpz@std@@3_JB
??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?clear@ios_base@std@@QAEXH_N@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1ostrstream@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1istrstream@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
??0locale@std@@QAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??1locale@std@@QAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?overflow@strstreambuf@std@@MAEHH@Z
?pbackfail@strstreambuf@std@@MAEHH@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0ABV12@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@PBD@Z
??_7bad_alloc@std@@6B@
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?freeze@strstreambuf@std@@QAEX_N@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ

msvcrt

_ultoa
strncpy
_itoa
_CxxThrowException
??0exception@@QAE@ABV0@@Z
strlen
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
free
strcat
strcpy
strtoul
_beginthreadex
?what@exception@@UBEPBDXZ
gmtime
??2@YAPAXI@Z
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
__RTDynamicCast
??0exception@@QAE@ABQBD@Z
strcmp
memset
strftime
_except_handler3
_stricmp
memcmp
ftell
atoi
strtod
_HUGE
_errno
_snprintf
sprintf
tolower
_vsnprintf
isspace
toupper
_ftol
time
_purecall
fread
strstr
fopen
wcslen
fclose
memcpy

Exports

Exports

OLSExecute
OLSGetSuite
OLSInitialize
OLSShutdown

Sections

.text
Size: 324KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ca46c84919aa92c2158ea7c0e2daf070

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ole32

oleaut32

wininet

wsock32

shfolder

axeparser

bib

msvcp60

msvcrt

Exports

Exports

Sections

.text Size: 324KB - Virtual size: 321KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 48KB - Virtual size: 48KB

.rsrc Size: 208KB - Virtual size: 206KB

.reloc Size: 52KB - Virtual size: 51KB

.text Size: 120KB - Virtual size: 120KB

.text
Size: 324KB - Virtual size: 321KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 208KB - Virtual size: 206KB

.reloc
Size: 52KB - Virtual size: 51KB

.text
Size: 120KB - Virtual size: 120KB