aa94dfc16af9dcaacdbdce0194eca8be1387f8dea1bc6ee102ae01ab4fe783d9

Sharing

Copy URL Twitter E-mail

General

Target

aa94dfc16af9dcaacdbdce0194eca8be1387f8dea1bc6ee102ae01ab4fe783d9
Size

556KB
MD5

4bcba1f117d70dd56b163ac5e88eed99
SHA1

3d7141daefca03ac1517b71919a84e5660fe1083
SHA256

aa94dfc16af9dcaacdbdce0194eca8be1387f8dea1bc6ee102ae01ab4fe783d9
SHA512

0494ffcdaf6939d59443d9a98e6995df77ac5b0998c2b2e9d004b3469a9eafdee494291353e9ed8db079faad16ae84c9377b6737009f57bfcfac05b325eaf0d0
SSDEEP

12288:930eqhlO4B7wFu4ao3/RH+mGQNZGuYlDfeHoxvV0igdx:9/67wFu48mFZGuYlDfeHKvV0H/

Score

N/A

Malware Config

Signatures

Files

aa94dfc16af9dcaacdbdce0194eca8be1387f8dea1bc6ee102ae01ab4fe783d9
.exe windows x86

d4a2d0a72d1cade0e1617a9bc032fcac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

PathCombineA
PathFileExistsA
PathIsURLA
PathFindFileNameA
PathRemoveFileSpecA
PathRenameExtensionA
PathFindExtensionA
PathRemoveBackslashA

kernel32

GetACP
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetTempFileNameA
GetCurrentThreadId
lstrcmpiA
CopyFileA
CreateThread
GetLastError
LocalFree
FormatMessageA
Sleep
ExitProcess
GetModuleHandleA
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
DeleteFileA
GetTempPathA
GetLocaleInfoA
GetThreadLocale
GetVersionExA
CreateDirectoryA

user32

CheckDlgButton
IsWindowVisible
MessageBoxA
GetDC
CallNextHookEx
TranslateAcceleratorA
EndDialog
UnhookWindowsHookEx
CreateWindowExW
SetDlgItemTextA
SetWindowTextA
SendMessageA
LoadIconA
DialogBoxParamA
ShowWindow
EnableWindow
GetDlgItem
RemoveMenu
GetMenu
SetWindowsHookExA
DestroyAcceleratorTable
LoadAcceleratorsA
IsDlgButtonChecked
GetDlgItemTextA
GetDlgItemInt
SetWindowPos
SetWindowLongA
GetWindowLongA
EndPaint
GetClientRect
BeginPaint
CallWindowProcA
InvalidateRect
GetWindowRect
KillTimer
SetTimer
GetDesktopWindow
CreateDialogParamA
DestroyWindow
SetFocus
SendDlgItemMessageA

ole32

CoUninitialize
CoInitialize
CoGetClassObject
OleSetContainedObject

msvcp71

?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?eof@?$char_traits@D@std@@SAHXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?open@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Xran@_String_base@std@@QBEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?clear@ios_base@std@@QAEXH_N@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?_Nomemory@std@@YAXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?uncaught_exception@std@@YA_NXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

msvcr71

isalnum
isalpha
tolower
strncmp
malloc
_snprintf
fgetc
fputc
calloc
_setjmp3
longjmp
_iob
_CIpow
exit
getenv
_callnewh
__security_error_handler
??1type_info@@UAE@XZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
fputs
fprintf
fgets
_purecall
??_V@YAXPAX@Z
strchr
strtod
strtol
isspace
isdigit
memmove
fseek
ftell
fread
sscanf
??0exception@@QAE@XZ
??1exception@@UAE@XZ
free
vsprintf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
_rmdir
sprintf
_mkdir
_except_handler3
fopen
fwrite
fclose
??3@YAXPAX@Z
_strcmpi
_stricmp
_strnicmp
memset

ws2_32

WSACleanup
WSAStartup
htonl
htons
ntohs
inet_ntoa
WSAGetLastError
closesocket
socket
bind
listen
gethostbyaddr
gethostbyname
getsockname
accept
connect
send
select
recv

gdi32

CreateDIBSection
CreateSolidBrush
GetStockObject
SelectObject
Rectangle
DeleteObject
CreateCompatibleDC
BitBlt
DeleteDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

shell32

ShellExecuteExW
ShellExecuteExA

oleaut32

SysFreeString
SysAllocStringLen

Sections

.text
Size: 304KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.urbrd
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d4a2d0a72d1cade0e1617a9bc032fcac

Headers

File Characteristics

Imports

comctl32

shlwapi

kernel32

user32

ole32

msvcp71

msvcr71

ws2_32

gdi32

comdlg32

shell32

oleaut32

Sections

.text Size: 304KB - Virtual size: 300KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 8KB - Virtual size: 731KB

.rsrc Size: 20KB - Virtual size: 16KB

.urbrd Size: 168KB - Virtual size: 168KB

.text
Size: 304KB - Virtual size: 300KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 8KB - Virtual size: 731KB

.rsrc
Size: 20KB - Virtual size: 16KB

.urbrd
Size: 168KB - Virtual size: 168KB