b279fc8109e424068b6498b92345f23cd082cb291840ebc79da2b2f615c55463

Sharing

Copy URL Twitter E-mail

General

Target

b279fc8109e424068b6498b92345f23cd082cb291840ebc79da2b2f615c55463
Size

416KB
MD5

0e5ab7003cd236cfb21539669eb02d27
SHA1

c44670de56365ef42d2963c6135820d0ff4d716f
SHA256

b279fc8109e424068b6498b92345f23cd082cb291840ebc79da2b2f615c55463
SHA512

ef1f93811ed0d12cc8195c0fa694ff41544e6d991a8a311dfa3d1224349d9d0979cb2afcf621b4425b1eb4cfb29b5552d4d78576540421b62ab55964f02e4888
SSDEEP

6144:udSP/QO1HTMLLx+ryHEk6kEJbBzzi0/aeW6Dl5aSo5T06/4Ss3OB:FPYO1zMt+rYEz/i0S4aSo5T0W4Ss

Score

N/A

Malware Config

Signatures

Files

b279fc8109e424068b6498b92345f23cd082cb291840ebc79da2b2f615c55463
.exe windows x86

f7ff1e43986b1feaaefe1f5df481efc8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

Netbios

skinplusplusdll

?InitializeSkin@@YGHPAD@Z

mfc80

ord4212
ord4735
ord4890
ord4580
ord2020
ord1671
ord1670
ord1551
ord354
ord3441
ord1892
ord1620
ord1617
ord4486
ord3946
ord4244
ord5152
ord1908
ord5073
ord6275
ord4185
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2862
ord2172
ord1522
ord6279
ord3802
ord6277
ord6236
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord1873
ord1793
ord2322
ord4261
ord2176
ord1308
ord3088
ord2021
ord630
ord385
ord6306
ord3110
ord6305
ord3109
ord2958
ord4238
ord658
ord2092
ord3875
ord3879
ord2866
ord5873
ord5866
ord3230
ord1794
ord709
ord501
ord1452
ord5097
ord744
ord5346
ord556
ord4234
ord591
ord1931
ord1483
ord605
ord2089
ord1547
ord3171
ord4749
ord4240
ord741
ord2095
ord1591
ord1084
ord3204
ord1091
ord1934
ord3210
ord2371
ord1880
ord1063
ord2991
ord6725
ord5915
ord1402
ord1903
ord5214
ord4353
ord2662
ord5833
ord2164
ord6067
ord2657
ord572
ord1781
ord5107
ord2804
ord421
ord5637
ord602
ord347
ord1279
ord6288
ord5089
ord384
ord1151
ord5287
ord5284
ord5661
ord2368
ord5613
ord6168
ord2838
ord4481
ord4038
ord3683
ord757
ord4014
ord5226
ord4568
ord5566
ord2248
ord3830
ord4541
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord5975
ord566
ord3333
ord1054
ord1920
ord2931
ord5224
ord3948
ord5230
ord5213
ord5529
ord746
ord2286
ord5438
ord1006
ord558
ord3182
ord3317
ord3761
ord655
ord5111
ord2174
ord5662
ord995
ord2451
ord5731
ord3576
ord1280
ord3684
ord2654
ord3401
ord2468
ord5490
ord5203
ord4262
ord1401
ord5912
ord6724
ord5182
ord3641
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2714
ord4307
ord2835
ord2731
ord2537
ord907
ord911
ord5563
ord383
ord5323
ord1439
ord629
ord2702
ord5493
ord1123
ord2882
ord2532
ord2794
ord3201
ord2703
ord876
ord1248
ord1247
ord2475
ord2902
ord3934
ord5403
ord310
ord297
ord304
ord578
ord781
ord784
ord5491
ord2272
ord4085
ord4108
ord4109
ord3997
ord4035
ord6118
ord1489
ord299
ord6703
ord1482
ord762
ord1185
ord1191
ord266
ord1187
ord1005
ord265
ord764
ord4098
ord1207

msvcr80

strncpy
strtol
strchr
memmove
strncat
isxdigit
realloc
islower
toupper
iscntrl
__isascii
isupper
_purecall
isalpha
isprint
tolower
ispunct
isalnum
isspace
strncmp
isgraph
memcpy
_localtime64
atol
strcmp
fflush
strstr
ceil
___mb_cur_max_func
fread
labs
memcpy_s
_stat64i32
exit
atoi
fclose
fprintf
fopen
_time64
strftime
isdigit
rand
memset
_recalloc
_invalid_parameter_noinfo
_access
_resetstkoflw
strcpy
strlen
_strdup
wctomb
strrchr
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
__dllonexit
_localtime64_s
malloc
calloc
free
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
sprintf
_read
_encode_pointer
_unlock
_CxxThrowException
__CxxFrameHandler3
strcat
_write
_setmbcp
mbtowc
strtoul
srand
_setmode

kernel32

InterlockedExchange
GetLastError
GetVersionExA
GlobalLock
GlobalAlloc
GetPrivateProfileIntA
TerminateThread
Sleep
LeaveCriticalSection
GlobalUnlock
EnterCriticalSection
CreateThread
lstrcpyA
WritePrivateProfileStringA
GetPrivateProfileStringA
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GetModuleFileNameA
CreateMutexA
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
WinExec
WaitForSingleObject
GetComputerNameA
GetProcAddress
LoadLibraryA
FreeLibrary
FindFirstFileA
GetExitCodeThread
FindNextFileA
SuspendThread
ResumeThread
FormatMessageA
SetLastError
LocalFree
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetLocaleInfoA
GetThreadLocale
GetCurrentDirectoryA
lstrlenA

user32

EnableWindow
SetClipboardData
GetSystemMetrics
GetSystemMenu
AppendMenuA
UpdateWindow
SendMessageA
OpenClipboard
SetCursor
SetTimer
ScreenToClient
KillTimer
MessageBeep
PtInRect
CopyIcon
LoadCursorA
GetMessagePos
GetWindowRect
CloseClipboard
EmptyClipboard
IsIconic
LoadIconA
DrawIcon
GetClientRect
MessageBoxA
InvalidateRect

gdi32

CreateDIBSection
SetDIBColorTable
DeleteDC
BitBlt
CreateFontIndirectA
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectA
GetStockObject

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHFileOperationA

comctl32

InitCommonControlsEx

oleaut32

VarDateFromStr
VariantClear
VariantTimeToSystemTime
VarUdateFromDate
SystemTimeToVariantTime

gdiplus

GdipBitmapLockBits
GdipCloneImage
GdipGetImageWidth
GdiplusStartup
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImageHeight
GdipCreateBitmapFromFileICM
GdipFree
GdipGetImagePaletteSize
GdipCreateBitmapFromFile
GdipDisposeImage
GdipAlloc
GdipDrawImageI
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdiplusShutdown
GdipDeleteGraphics

msvcp80

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?uncaught_exception@std@@YA_NXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?gcount@?$basic_istream@DU?$char_traits@D@std@@@std@@QBEHXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

wsock32

setsockopt
inet_ntoa
connect
WSAStartup
recvfrom
ntohl
ioctlsocket
select
WSAGetLastError
htons
accept
getsockopt
send
gethostbyname
closesocket
__WSAFDIsSet
socket
recv
sendto
shutdown

Sections

.text
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f7ff1e43986b1feaaefe1f5df481efc8

Headers

File Characteristics

Imports

netapi32

skinplusplusdll

mfc80

msvcr80

kernel32

user32

gdi32

shell32

comctl32

oleaut32

gdiplus

msvcp80

wsock32

Sections

.text Size: 324KB - Virtual size: 320KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 324KB - Virtual size: 320KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 12KB - Virtual size: 10KB