55bf26d90c71e2005a1eb57869eabc24cb7e2a47f99ebfbb320434a01fea73f9

Sharing

Copy URL Twitter E-mail

General

Target

55bf26d90c71e2005a1eb57869eabc24cb7e2a47f99ebfbb320434a01fea73f9
Size

160KB
MD5

1c85f40d2063a26de28206dc30619e38
SHA1

e571057624001815f49f26c6a9bd43cc9ddf3284
SHA256

55bf26d90c71e2005a1eb57869eabc24cb7e2a47f99ebfbb320434a01fea73f9
SHA512

eb7fb1c2d1bbf2122465112c145f7642b6a285d4bc12f79901af0cb6dc7724d9150e2423033066efd7a884c17611bd4abe4c5a497433bd8808337c8ccf73286f
SSDEEP

3072:qgOkrck2yEcSN9rVyKehmuqKfrf+Oh0IZDSC:wkLEcSdDw1IC

Score

N/A

Malware Config

Signatures

Files

55bf26d90c71e2005a1eb57869eabc24cb7e2a47f99ebfbb320434a01fea73f9
.dll windows x86

0548887de85f746f81880d1d90875875

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71

ord1191
ord1084
ord1098
ord371
ord1175
ord762
ord293
ord577
ord764
ord266
ord265
ord1917
ord1187

msvcr71

rand
_access
isspace
strchr
strpbrk
time
srand
sprintf
_CxxThrowException
__CxxFrameHandler
memmove
realloc
strncpy
_open
_lseek
_close
_write
_stricmp
strncmp
memset
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
atoi
malloc
free
_resetstkoflw
_except_handler3
_vscwprintf
vswprintf
wcslen
strstr
printf
_snprintf

kernel32

HeapReAlloc
HeapDestroy
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
LocalFree
LoadLibraryA
CopyFileA
MoveFileExA
MoveFileA
GetCurrentThreadId
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
FreeLibrary
GetModuleHandleA
lstrcmpA
GlobalAlloc
GlobalLock
GlobalUnlock
HeapAlloc
GetCurrentProcess
FlushInstructionCache
MulDiv
InterlockedDecrement
InterlockedIncrement
GetProcessHeap
HeapFree
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
lstrcmpiA
lstrlenW
lstrlenA
EnterCriticalSection
LeaveCriticalSection
GetPrivateProfileStringA
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
GetPriorityClass
OpenProcess
OutputDebugStringW
GetTickCount
WritePrivateProfileStringA
Sleep
CreateThread
GetModuleFileNameA
Thread32Next
Thread32First
GetProcessId
CreateProcessA
GetWindowsDirectoryA
DeleteFileA

user32

ShowWindow
RegisterClassA
LoadIconA
MessageBoxA
GetWindowThreadProcessId
PeekMessageA
SetTimer
IsChild
GetWindow
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
UpdateWindow
InvalidateRect
ReleaseDC
GetDC
PostQuitMessage
FillRect
SetCapture
ReleaseCapture
GetSysColor
DefWindowProcA
SendMessageA
CreateWindowExA
SetWindowLongA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetFocus
InvalidateRgn
DispatchMessageA
UnregisterClassA
GetWindowLongA
IsWindow
GetWindowTextLengthA
RegisterWindowMessageA
GetWindowTextA
SetWindowTextA
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
CreateAcceleratorTableA
CharNextA
GetParent
GetClassNameA
SetWindowPos
DestroyWindow
RedrawWindow
DestroyAcceleratorTable
GetDlgItem
GetClientRect
SetFocus
TranslateMessage

gdi32

DeleteObject
SelectObject
DeleteDC
CreateSolidBrush
GetStockObject
GetObjectA
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

shlwapi

PathFileExistsA

ole32

OleUninitialize
OleInitialize
CoTaskMemRealloc
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemAlloc
StringFromGUID2
CoInitialize
CoCreateInstance
CoTaskMemFree

oleaut32

LoadRegTypeLi
SysStringByteLen
SysStringLen
SysAllocString
SysAllocStringLen
VariantInit
VariantChangeType
VariantCopy
VariantClear
SysFreeString
LoadTypeLi
VarUI4FromStr
OleCreateFontIndirect

psapi

GetModuleFileNameExA

Exports

Exports

EngineProc
process1
process2
process3
process5

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HookData
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE

Sharing

General

Malware Config

Signatures

Files

0548887de85f746f81880d1d90875875

Headers

File Characteristics

Imports

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

shlwapi

ole32

oleaut32

psapi

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 71KB

HookData Size: 4KB - Virtual size: 4B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 71KB

HookData
Size: 4KB - Virtual size: 4B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 12KB - Virtual size: 11KB