ba24dd1d794797eb10c0646060c9d303585114d326c49d32530c0df26f28fecf

Sharing

Copy URL Twitter E-mail

General

Target

ba24dd1d794797eb10c0646060c9d303585114d326c49d32530c0df26f28fecf
Size

282KB
MD5

00e1a65b658935a779c526401557ef80
SHA1

e8464bbee443acd2e0f27d1737e1bcae29ce333f
SHA256

ba24dd1d794797eb10c0646060c9d303585114d326c49d32530c0df26f28fecf
SHA512

b5c2feb04113932fbb2315afd508ab1b3d5f505d67006d34de63a02ac9b73fcd0ccd2918cc3e0eb779882fd782ff0387d80315e4884aeb86cc3b1d3b8104c611
SSDEEP

6144:Gl5dculq3OrS+bj1ZIzWQWOhgiAsLSzZMFOujXpPDSsQLH5Adv:dAqgS+bpZKWQtAUSOvprSsPdv

Score

N/A

Malware Config

Signatures

Files

ba24dd1d794797eb10c0646060c9d303585114d326c49d32530c0df26f28fecf
.exe windows x86

8998af28d04794a705313934eb60b252

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

mfc90

ord3223
ord2262
ord4396
ord4527
ord2469
ord4264
ord712
ord1003
ord6148
ord301
ord321
ord2143
ord2243
ord4042
ord339
ord1067
ord455
ord3570
ord4671
ord5603
ord3217
ord6355
ord4683
ord1384
ord2369
ord5638
ord5581
ord4330
ord1684
ord4415
ord2645
ord2646
ord3278
ord5787
ord978
ord6361
ord3222
ord6359
ord3221
ord5323
ord3224
ord4539
ord4716
ord5435
ord5432
ord2855
ord2079
ord2445
ord5339
ord4970
ord1702
ord1777
ord1701
ord376
ord456
ord3571
ord5786
ord450
ord3564
ord2138
ord5601
ord5640
ord2070
ord4416
ord979
ord3225
ord5436
ord1700
ord5433
ord415
ord3531
ord5598
ord451
ord3565
ord4673
ord5602
ord4684
ord5641
ord2071
ord4417
ord2647
ord6362
ord6360
ord4717
ord5437
ord5434
ord2080
ord1734
ord4112
ord3387
ord3767
ord4727
ord5930
ord1490
ord777
ord3643
ord5647
ord4646
ord1720
ord2283
ord595
ord4030
ord6707
ord783
ord582
ord3491
ord571
ord2084
ord5759
ord2896
ord4337
ord3764
ord3676
ord6326
ord3762
ord3980
ord3611
ord769
ord614
ord2337
ord568
ord338
ord6081
ord6507
ord2594
ord590
ord794
ord5912
ord337
ord613
ord2753
ord6046
ord6552
ord6043
ord6546
ord4565
ord6549
ord6352
ord6527
ord6166
ord6079
ord6084
ord5957
ord6023
ord5846
ord5833
ord6398
ord6157
ord3504
ord367
ord6554
ord636
ord2130
ord4498
ord2282
ord3568
ord6074
ord1357
ord3627
ord3477
ord3528
ord1358
ord1144
ord888
ord3579
ord554
ord758
ord5913
ord1039
ord5898
ord4459
ord3557
ord443
ord1329
ord3346
ord6391
ord1497
ord3851
ord3842
ord3808
ord3847
ord643
ord704
ord3841
ord670
ord3848
ord3783
ord695
ord2470
ord1061
ord1087
ord900
ord1108
ord6493
ord3620
ord3845
ord2484
ord5877
ord3856
ord6114
ord3580
ord464
ord6153
ord781
ord580
ord524
ord333
ord6077
ord525
ord6078
ord744
ord6559
ord5167
ord6048
ord4529
ord1536
ord2587
ord3479
ord2588
ord3612
ord3534
ord2106
ord2539
ord4502
ord1938
ord4308
ord579
ord5528
ord6800
ord1568
ord3718
ord6503
ord780
ord2480
ord6684
ord4222
ord1321
ord2691
ord5835
ord266
ord2082
ord5923
ord5963
ord3726
ord1603
ord6462
ord4197
ord1156
ord4223
ord2447
ord589
ord1339
ord3666
ord2206
ord2327
ord6787
ord6557
ord553
ord757
ord6291
ord6584
ord1220
ord1607
ord4477
ord6152
ord1252
ord1114
ord1174
ord4311
ord4960
ord4952
ord4029
ord793
ord4001
ord4000
ord3999
ord3994
ord4002
ord5066
ord4752
ord4751
ord4707
ord5065
ord2815
ord1145
ord2591
ord5063
ord5110
ord1097
ord4749
ord5372
ord5008
ord4706
ord2146
ord1361
ord2069
ord2592
ord3987
ord2139
ord4760
ord2899
ord4431
ord4116
ord4993
ord2364
ord2057
ord1137
ord5615
ord4617
ord5152
ord5309
ord1810
ord1809
ord1678
ord3344
ord6388
ord1755
ord1752
ord4331
ord1496
ord4650
ord5585
ord2074
ord5497
ord6780
ord4589
ord5636
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord1792
ord1791
ord1728
ord5633
ord3135
ord4895
ord4668
ord3506
ord374
ord316
ord406
ord2490
ord2501
ord3167
ord1183
ord1556
ord665
ord945
ord4392
ord4506
ord941
ord1182
ord265
ord2208
ord2547
ord816
ord815
ord818
ord821
ord819
ord820
ord310
ord817
ord300
ord798
ord1254
ord1258
ord3213
ord305
ord3178
ord6613
ord1611
ord910
ord601
ord639
ord4434
ord4409
ord6783
ord4159
ord6781
ord4733
ord2251
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord5659
ord4333
ord4981
ord5663
ord5646
ord6001
ord2766
ord2978
ord3107
ord4714
ord2961
ord3110
ord2769
ord2888
ord2759
ord4066
ord4067
ord4057
ord2886
ord4334
ord4890
ord4667
ord3659
ord800
ord5924
ord2481
ord2263
ord6170
ord3621
ord942
ord605
ord1278
ord1233
ord322
ord801
ord6615
ord1276

msvcr90

memmove
realloc
exit
fprintf
__iob_func
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
wcslen
_beginthreadex
abs
memmove_s
srand
rand
strcmp
_mbsstr
_mbsnbcpy
strncpy_s
memcpy_s
_unlink
isspace
__CxxFrameHandler3
isxdigit
_ismbcdigit
isalpha
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
_invalid_parameter_noinfo
_mbctolower
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_recalloc
calloc
memcpy
_mbsinc
_mbsdec
_mbslen
_mbsnicmp
_mbsnbcmp
_mbscspn
fopen_s
fgets
fclose
_atoi64
_time64
atol
_localtime64_s
strftime
_strrev
_mbscmp
_mbsrev
malloc
strtol
fgetws
memset
atoi
strlen
free
strcpy
_mktime64
_setmbcp

kernel32

InterlockedCompareExchange
InterlockedExchange
LocalAlloc
LocalFree
CreateEventA
WaitForSingleObject
GetExitCodeThread
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryA
GlobalAddAtomA
GlobalFindAtomA
SetLastError
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleA
FindResourceA
LoadResource
LockResource
MulDiv
GetVersion
GetCurrentThreadId
ResetEvent
SetEvent
RemoveDirectoryA
lstrlenA
GetDateFormatA
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcessId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameA
SetCurrentDirectoryA
GlobalDeleteAtom
GetVersionExA
GetEnvironmentVariableA
GetTickCount
CreateMutexA
OpenMutexA
GetLastError
CloseHandle
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary

user32

EqualRect
IsIconic
BringWindowToTop
FindWindowA
GetLastActivePopup
SetForegroundWindow
LoadCursorA
DefWindowProcA
GetClassNameA
GetWindowRect
GetDesktopWindow
SetClassLongA
DestroyIcon
PostQuitMessage
PostMessageA
FillRect
GetClientRect
GetWindowDC
ReleaseDC
GetMenuInfo
GetMenu
SetWindowLongA
GetWindowLongA
GetSysColor
IsWindow
DrawStateA
SystemParametersInfoA
CopyRect
IsRectEmpty
SetRect
InflateRect
OffsetRect
IntersectRect
LoadMenuA
UnhookWindowsHookEx
CallWindowProcA
WindowFromDC
DrawEdge
DrawFocusRect
GetMenuDefaultItem
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuItemInfoA
GetSubMenu
ModifyMenuA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetSystemMetrics
GetMenuItemRect
GetKeyNameTextA
MapVirtualKeyA
CopyAcceleratorTableA
IsMenu
RedrawWindow
ClientToScreen
SetWindowPos
SetMenuInfo
SetLayeredWindowAttributes
RemovePropA
GetPropA
GetMessagePos
SetPropA
RegisterWindowMessageA
CallNextHookEx
SetWindowsHookExA
DestroyCursor
LoadImageA
PtInRect
SetCursor
DispatchMessageA
PeekMessageA
GetWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
LoadIconA
TranslateMessage
MsgWaitForMultipleObjectsEx
MenuItemFromPoint
GetCursorPos
DestroyMenu
GetSystemMenu
IsChild
GetFocus
EnableWindow
SendMessageA
KillTimer
SetTimer
IsWindowVisible

gdi32

CombineRgn
CreateRectRgnIndirect
CreateRectRgn
GetDeviceCaps
GetNearestColor
RoundRect
BitBlt
GetPixel
CreateCompatibleBitmap
CreateFontIndirectA
CreatePatternBrush
CreateSolidBrush
CreatePen
GetObjectA
DeleteObject
Rectangle
SetBrushOrgEx
CreateCompatibleDC
RealizePalette
SelectPalette
SetDIBitsToDevice
StretchDIBits
GdiFlush
UnrealizeObject
CreatePalette
SelectClipRgn
GetTextExtentPoint32A
SetWindowOrgEx
GetCurrentObject
GetTextAlign
GetTextMetricsA
SelectObject
GetLayout
SetTextAlign
MoveToEx
GetTextExtentPointA
GetCurrentPositionEx
GetTextColor
SetBkColor
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetPixel

advapi32

RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
GetUserNameA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteExA
ShellExecuteA

comctl32

ImageList_GetIconSize
ord17

shlwapi

PathMakeSystemFolderA

msvcp90

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8998af28d04794a705313934eb60b252

Headers

DLL Characteristics

File Characteristics

Imports

version

mfc90

msvcr90

kernel32

user32

gdi32

advapi32

shell32

comctl32

shlwapi

msvcp90

Sections

.text Size: 158KB - Virtual size: 158KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 11KB - Virtual size: 16KB

.rsrc Size: 66KB - Virtual size: 66KB

.text
Size: 158KB - Virtual size: 158KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 11KB - Virtual size: 16KB

.rsrc
Size: 66KB - Virtual size: 66KB