2df3da427d90e6e626cc49ad369caf8bf59bba9f59892be8efaf5fa3c2962f4f

Sharing

Copy URL

Twitter E-mail

General

Target

2df3da427d90e6e626cc49ad369caf8bf59bba9f59892be8efaf5fa3c2962f4f
Size

1.8MB
MD5

a5f6ba4de459cce6b00e8a6036a9f60e
SHA1

c01ae0288ff98fa2d2af1361bc1e887feab76d05
SHA256

2df3da427d90e6e626cc49ad369caf8bf59bba9f59892be8efaf5fa3c2962f4f
SHA512

e9469d281e5f762036444cb6029989cc1c11ca616001d2b52edd399c1e31ffa8243dfa5d9682879f10d911e5b1c335564300c50063e37e0da88b7c25638f3541
SSDEEP

24576:jV01yFcX1duDda4EDx9TGDGBv0AKy8a21Q8qRdG8kPytjSFh3V/:xFaFDxgRaMqS8k0jw3x

Score

N/A

Malware Config

Signatures

Files

2df3da427d90e6e626cc49ad369caf8bf59bba9f59892be8efaf5fa3c2962f4f
.exe windows x86

98947c02303630d6a575ea1e08599fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord6919
ord6640
ord3993
ord4124
ord2755
ord2810
ord6195
ord4215
ord2576
ord3649
ord2430
ord6266
ord1637
ord6918
ord535
ord2606
ord4219
ord3296
ord940
ord6688
ord942
ord3494
ord2507
ord355
ord538
ord4272
ord539
ord6003
ord665
ord1971
ord6381
ord5180
ord354
ord2756
ord537
ord3365
ord2574
ord4396
ord3635
ord693
ord4238
ord3991
ord6896
ord5977
ord3281
ord3728
ord810
ord4266
ord6654
ord2634
ord6655
ord5706
ord4197
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5679
ord4616
ord3733
ord815
ord561
ord804
ord6433
ord2613
ord1131
ord781
ord2579
ord4400
ord3389
ord3724
ord1143
ord2078
ord6777
ord1197
ord4155
ord2858
ord3605
ord656
ord6771
ord2403
ord2015
ord4213
ord2570
ord4392
ord6732
ord3393
ord686
ord6498
ord384
ord2400
ord3298
ord3282
ord6004
ord3995
ord6776
ord2857
ord2088
ord3909
ord6868
ord925
ord6697
ord861
ord2362
ord6330
ord6867
ord927
ord4273
ord922
ord2813
ord547
ord668
ord1972
ord3176
ord4053
ord2773
ord2762
ord356
ord3332
ord3806
ord551
ord6865
ord6414
ord3703
ord3084
ord2859
ord941
ord5438
ord3313
ord6921
ord6920
ord6898
ord1569
ord4229
ord2294
ord641
ord324
ord2910
ord795
ord609
ord3592
ord4419
ord5276
ord1767
ord6048
ord2506
ord4992
ord5261
ord3356
ord4704
ord4847
ord4370
ord3716
ord3397
ord3569
ord4390
ord2567
ord5286
ord6354
ord823
ord556
ord2631
ord2114
ord1088
ord3087
ord6871
ord6211
ord4294
ord858
ord1165
ord470
ord5871
ord6168
ord3871
ord1634
ord5785
ord2444
ord755
ord2406
ord3621
ord3614
ord3658
ord2371
ord3792
ord5273
ord4270
ord800
ord825
ord567
ord540
ord818
ord3737
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord5710
ord6051

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
fopen
fseek
ftell
fread
printf
__setusermatherr
realloc
isdigit
isxdigit
atoi
tolower
sprintf
strncpy
fwprintf
fwrite
towupper
isprint
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
strncmp
__CxxFrameHandler
_purecall
swscanf
malloc
wcstok
_except_handler3
_wcsicmp
_snwprintf
wcscpy
wcscat
wcsrchr
rand
wcslen
srand
fclose
wcscmp
sscanf
strstr
strchr
fgets
_wfopen
wcsncmp
_wcsnicmp
_wcsicoll
_wtoi
wcschr
wcsstr
wcsncat
swprintf
memmove
wcsncpy
free

kernel32

GetProcAddress
VirtualProtect
ExpandEnvironmentStringsW
MultiByteToWideChar
ExitProcess
GetUserDefaultLangID
DeviceIoControl
DefineDosDeviceW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
LockResource
LoadResource
SizeofResource
FindResourceW
GetDriveTypeW
Process32NextW
Process32FirstW
GetModuleHandleW
GetCurrentProcessId
DuplicateHandle
OpenProcess
MapViewOfFileEx
FlushFileBuffers
QueryDosDeviceW
GetLogicalDrives
MoveFileExW
RemoveDirectoryW
CreateDirectoryW
IsBadReadPtr
ResumeThread
SuspendThread
LoadLibraryW
FreeLibrary
GetExitCodeThread
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
GetSystemDirectoryW
InitializeCriticalSection
GetVersion
DeleteCriticalSection
GlobalUnlock
GlobalLock
LocalAlloc
CreateFileW
GetModuleFileNameW
WriteFile
WideCharToMultiByte
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetLastError
GetFileSize
SetLastError
GetTickCount
GetWindowsDirectoryW
ReadFile
GetLongPathNameW
Sleep
CreateThread
TerminateThread
WaitForSingleObject
GetProfileStringW
CreateToolhelp32Snapshot
GetCurrentProcess
GetPrivateProfileStringW

user32

GetFocus
UnhookWindowsHookEx
ScreenToClient
IsIconic
GetSystemMetrics
DrawIcon
GetSystemMenu
LoadIconW
DestroyIcon
SetWindowPos
EnableMenuItem
LoadImageW
IsWindowVisible
GetClassNameW
GetWindowThreadProcessId
GetWindowTextW
EnumWindows
DestroyWindow
PostMessageW
ShowWindow
CloseClipboard
OpenClipboard
EmptyClipboard
SetClipboardData
CreatePopupMenu
AppendMenuW
wsprintfW
GetParent
SetWindowLongW
SetCursor
InvalidateRect
GetClientRect
GetCursorPos
IsWindow
EnableWindow
SendMessageW
GetWindowRect
LoadCursorW

gdi32

CreateFontW

advapi32

OpenProcessToken
CloseServiceHandle
QueryServiceConfig2W
QueryServiceConfigW
OpenServiceW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCreateKeyW
RegSetValueExW
RegDeleteKeyW
CreateServiceW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
StartServiceW
ControlService
DeleteService
QueryServiceStatus
OpenSCManagerW
EnumServicesStatusW

shell32

ShellExecuteW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
StrStrIA
StrStrIW
ShellExecuteExW

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Remove
_TrackMouseEvent
ImageList_GetImageCount

ole32

CoUninitialize
CoTaskMemFree
CoInitialize
StringFromGUID2
CoInitializeEx
CoCreateInstance

msvcp60

??1_Lockit@std@@QAE@XZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetSetOptionW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetOpenW
InternetReadFile
InternetCloseHandle
InternetQueryDataAvailable
HttpSendRequestW
HttpQueryInfoW
InternetConnectW

ws2_32

inet_ntoa
ntohs

Sections

.text
Size: 545KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 473KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 758KB - Virtual size: 758KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xuetr0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98947c02303630d6a575ea1e08599fab

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

msvcp60

shlwapi

version

wininet

ws2_32

Sections

.text Size: 545KB - Virtual size: 544KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 473KB - Virtual size: 730KB

.rsrc Size: 758KB - Virtual size: 758KB

.xuetr0 Size: 16KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 28B

.text
Size: 545KB - Virtual size: 544KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 473KB - Virtual size: 730KB

.rsrc
Size: 758KB - Virtual size: 758KB

.xuetr0
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 28B