a90a473254f86d5a0bc9c8e918a009d720d71505d2ad5d7768eb811921fb5f46

Sharing

Copy URL Twitter E-mail

General

Target

a90a473254f86d5a0bc9c8e918a009d720d71505d2ad5d7768eb811921fb5f46
Size

1.4MB
MD5

d7387b90231c301ce95ea7de371799dd
SHA1

ff2f04f2004defca9604d06359d21db1e087d3f6
SHA256

a90a473254f86d5a0bc9c8e918a009d720d71505d2ad5d7768eb811921fb5f46
SHA512

a96c72d4774effd06332a9146a6164aad21cf2ed7d03309114235ab9ecd7c1de4204b0a00fc4c6124b060c98242aeae8e7ce04a2fee08ff0452a40ff82ae4d34
SSDEEP

24576:Vk0yRvw0t0qigoiVLvOJb4REnrfhnv+nQpSZ5+rWtytmzEo2VFvpT0g+mqYzbx8u:VweYlVDTREnjhv+nQpSL+zqV38kKmqz

Score

N/A

Malware Config

Signatures

Files

a90a473254f86d5a0bc9c8e918a009d720d71505d2ad5d7768eb811921fb5f46
.exe windows x86

8e43ed012af212865aec886bf1599ea4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc70

ord3820
ord2253
ord2254
ord2800
ord5126
ord4685
ord2748
ord3917
ord4794
ord4790
ord2432
ord1765
ord2094
ord1424
ord4791
ord372
ord604
ord924
ord5113
ord957
ord3858
ord5233
ord788
ord4038
ord4045
ord4263
ord5791
ord5688
ord2581
ord2848
ord4003
ord1772
ord5255
ord2555
ord5178
ord4935
ord1866
ord5952
ord2438
ord2431
ord4347
ord2918
ord977
ord6020
ord3304
ord3458
ord377
ord499
ord683
ord508
ord692
ord576
ord4080
ord3816
ord5496
ord5617
ord5483
ord1992
ord1993
ord1853
ord4456
ord3562
ord4031
ord5811
ord4048
ord4948
ord4059
ord4980
ord1757
ord4929
ord3821
ord2255
ord832
ord2747
ord4091
ord4795
ord4792
ord1766
ord1456
ord3561
ord4252
ord4253
ord477
ord664
ord701
ord702
ord260
ord1088
ord1014
ord1083
ord532
ord528
ord1805
ord3886
ord1944
ord3051
ord956
ord1155
ord2200
ord5880
ord4054
ord1233
ord4932
ord3776
ord4642
ord4645
ord4160
ord4165
ord4162
ord4180
ord4182
ord4167
ord3953
ord4225
ord2232
ord2244
ord2221
ord2225
ord2227
ord2229
ord2219
ord5005
ord5007
ord1097
ord1409
ord5669
ord3747
ord1273
ord1756
ord4979
ord2021
ord1178
ord4058
ord1813
ord4046
ord833
ord3832
ord3814
ord5992
ord3609
ord5990
ord4107
ord1913
ord1868
ord5339
ord3614
ord899
ord4883
ord5933
ord5152
ord3640
ord1770
ord2741
ord4996
ord4998
ord2096
ord3750
ord4349
ord5002
ord4985
ord5322
ord2651
ord4262
ord4042
ord3140
ord4958
ord3993
ord4516
ord4671
ord4361
ord1523
ord1522
ord1403
ord5666
ord1472
ord1469
ord3748
ord1272
ord4025
ord4933
ord1760
ord4854
ord5989
ord3966
ord4975
ord3208
ord4503
ord4063
ord1452
ord5714
ord812
ord817
ord821
ord819
ord823
ord2239
ord2223
ord2242
ord2237
ord2214
ord2216
ord2234
ord2026
ord2020
ord1377
ord5993
ord3610
ord5991
ord3152
ord4748
ord1234
ord4954
ord1814
ord1508
ord1507
ord1451
ord4972
ord2356
ord2546
ord2648
ord4088
ord2529
ord2675
ord2359
ord2463
ord2352
ord3522
ord3523
ord3513
ord2461
ord1082
ord859
ord5759
ord3018
ord1784
ord2969
ord2259
ord3754
ord5201
ord892
ord785
ord3855
ord5230
ord5209
ord2827
ord316
ord559
ord5470
ord601
ord369
ord1052
ord3374
ord3313
ord4346
ord5555
ord1325
ord5338
ord3635
ord1539
ord1538
ord3879
ord2489
ord5218
ord850
ord2838
ord2576
ord3834
ord2750
ord4044
ord983
ord1180
ord2024
ord613
ord1013
ord3751
ord3303
ord4947
ord376
ord3255
ord1251
ord4633
ord4520
ord4486
ord2760
ord314
ord557
ord1901
ord5348
ord3318
ord5760
ord2148
ord2107
ord6017
ord5757
ord5474
ord1101
ord476
ord663
ord686
ord503
ord1072
ord1050
ord5439
ord4986
ord1936
ord1397
ord4013
ord2799
ord2972
ord518
ord5796
ord898
ord509
ord694
ord5969
ord5289
ord2666
ord2977
ord414
ord635
ord2412
ord3720
ord5166
ord403
ord5591
ord2893
ord3395
ord675
ord525
ord1827
ord1301
ord263
ord5601
ord492
ord530
ord3695
ord276
ord5147
ord3939
ord3937
ord3938
ord1212
ord1861
ord1981
ord404
ord1294
ord6006
ord617
ord519
ord389
ord3103
ord3094
ord2971
ord3012
ord5191
ord606
ord618
ord374
ord390
ord5223
ord1078
ord2973
ord274
ord529
ord5756
ord5198
ord3856
ord3861
ord2830
ord791
ord786
ord602
ord607
ord370
ord375
ord5197
ord2833
ord5236
ord5231
ord5194
ord1076
ord5758
ord5471
ord5472
ord3358
ord3667
ord5208
ord3359
ord5205
ord3662
ord3486
ord4224
ord4571
ord3985
ord4761
ord3962
ord4558
ord4953
ord511
ord697
ord4372
ord3379
ord3206
ord2474
ord3151
ord1896
ord1894
ord454
ord650
ord447
ord4133
ord4840
ord4345
ord4443
ord4669
ord4732
ord2850
ord1755
ord2884
ord3718
ord3488
ord3144
ord5950
ord4134
ord4101
ord5489
ord1645
ord1725
ord1744
ord2012
ord1872
ord337
ord5476
ord5859
ord3471
ord3472
ord3356
ord3246
ord3357
ord1199
ord4364
ord1434
ord4984
ord4061
ord1376
ord4053
ord662
ord2018
ord2257
ord1886
ord1781
ord1344
ord3884
ord1399
ord4015
ord2979
ord4852
ord4853
ord4851
ord4578
ord4398
ord4648
ord4625
ord3971
ord3994
ord4517
ord4983
ord4501
ord462
ord659
ord1152
ord3905
ord3801
ord1945
ord1443
ord4021
ord3124
ord682
ord1939
ord1406
ord3003
ord561
ord472
ord869
ord2196
ord964
ord1162
ord5397
ord2471
ord3724
ord1646
ord2712
ord5785
ord5485
ord5398
ord1626
ord504
ord687
ord1640
ord1643

msvcr70

_mbsninc
modf
log10
_mbscspn
_mbsnbcmp
_ismbcalnum
_mbsnbicmp
_ismbcprint
strncpy
_mbctype
_mbctolower
_mbctoupper
_mbstok
strcmp
_mbsdec
_mbspbrk
log
exp
_errno
acos
asin
atan
atan2
tan
cosh
sinh
tanh
isxdigit
fclose
fopen
calloc
_ismbclower
_ismbcupper
localeconv
_strdup
memchr
realloc
fwrite
_iob
strtoul
_mbsnset
_itoa
wcslen
_wtoi
iswxdigit
_HUGE
getenv
_strupr
_beginthreadex
_getpid
toupper
vfprintf
fprintf
ctime
strncat
strrchr
strchr
strtol
_setmbcp
__p__pctype
_isctype
__p___mb_cur_max
atol
sin
cos
fabs
pow
fmod
floor
_ismbcdigit
strtod
sqrt
_ismbcalpha
isdigit
_mbsspn
strcat
_ismbcspace
_mbsinc
ceil
_mbsrchr
_mbsspnp
_mbsicoll
_mbscoll
localtime
strftime
_mbclen
_mbsupr
memcmp
_mbslen
bsearch
qsort
abs
_mbscmp
_CxxThrowException
strcpy
atof
_mbsicmp
_mbsnbcpy
memset
_mbschr
_mbsstr
strlen
__RTDynamicCast
memcpy
free
malloc
setlocale
memmove
_purecall
_time64
sprintf
clock
time
srand
rand
_localtime64
_mbslwr
sscanf
atoi
vsprintf
_vscprintf
__CxxFrameHandler
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

kernel32

OpenMutexA
GetPrivateProfileIntA
DeviceIoControl
ResetEvent
WriteFile
ReadFile
LocalAlloc
GlobalUnlock
WaitForMultipleObjects
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
CreateFileA
CloseHandle
FindResourceA
LoadResource
LockResource
SizeofResource
GetProcAddress
GetModuleHandleA
GetFileAttributesA
GetVersion
GetVersionExA
GetThreadLocale
InterlockedExchange
lstrlenW
MultiByteToWideChar
GetACP
WideCharToMultiByte
GetLocaleInfoA
lstrlenA
SetEvent
OpenEventA
FlushViewOfFile
UnmapViewOfFile
GetFileSize
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
CreateEventA
ReleaseMutex
CreateMutexA
WaitForSingleObject
OpenFile
CopyFileA
DeleteFileA
GetTempPathA
GetLastError
FreeLibrary
LoadLibraryA
GetUserDefaultLCID
GetSystemTime
lstrcpyA
lstrcmpA
Beep
GlobalReAlloc
LocalFree
FormatMessageA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetNumberFormatA
GetCurrentProcess
SetProcessWorkingSetSize
GlobalAlloc
InterlockedDecrement
MulDiv
InterlockedIncrement
GlobalLock
GlobalSize
GlobalFree

user32

GetClipboardData
OpenClipboard
GetOpenClipboardWindow
CloseClipboard
EmptyClipboard
SetClipboardData
EqualRect
OffsetRect
GetMenuStringA
GetTopWindow
SetActiveWindow
PostQuitMessage
EnableScrollBar
DeferWindowPos
CreateWindowExA
EndDeferWindowPos
BeginDeferWindowPos
WindowFromDC
DispatchMessageA
TranslateMessage
MapWindowPoints
GetDC
ReleaseDC
HideCaret
ShowCaret
GetWindow
GetClassNameA
IsClipboardFormatAvailable
DrawEdge
GetUpdateRect
SetCursorPos
GetDesktopWindow
SetWindowPos
CreatePopupMenu
AppendMenuA
SetCaretPos
CreateCaret
DestroyCaret
AdjustWindowRectEx
GetWindowPlacement
SystemParametersInfoA
FindWindowA
DrawTextA
GetDCEx
GetDialogBaseUnits
RedrawWindow
GetSysColorBrush
MessageBoxA
IsCharAlphaA
SetCursor
DestroyCursor
InvertRect
IntersectRect
ReleaseCapture
SetCapture
MessageBeep
SubtractRect
ShowScrollBar
ClientToScreen
GetSubMenu
LoadMenuA
IsZoomed
wsprintfA
EnableWindow
UpdateWindow
PostMessageA
BringWindowToTop
CharLowerA
CharUpperW
RegisterWindowMessageA
GetDlgCtrlID
GetFocus
IsWindow
PeekMessageA
SetFocus
IsChild
GetKeyState
IsWindowVisible
GetSystemMetrics
GetClientRect
CopyRect
SetRect
GetCursorPos
ChildWindowFromPoint
KillTimer
SetTimer
InvalidateRect
ScreenToClient
DrawFocusRect
InflateRect
SetRectEmpty
PtInRect
IsRectEmpty
SendMessageA
UnregisterClassA
GetSysColor
LoadCursorA
RegisterClipboardFormatA
GetClassInfoA
RegisterClassA
DefWindowProcA
GetParent
IsIconic
ValidateRect
GetWindowRect
SetWindowLongA
CallWindowProcA
FillRect
LoadBitmapA
FrameRect
GetCapture

shell32

DragAcceptFiles

oleaut32

VarDateFromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
VarUdateFromDate
VariantClear
SafeArrayUnaccessData
SysFreeString
SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreate
VarR8FromStr

wsock32

closesocket
WSAGetLastError
getpeername
recv
send
connect
gethostname
bind
getsockname

covankutils16

ord2

gdi32

GetTextExtentPointA
SetPixel
Polygon
CreateRectRgn
PatBlt
Rectangle
GetTextAlign
GetMapMode
CreateBitmap
Ellipse
StretchDIBits
RectVisible
GetViewportExtEx
GetTextColor
SelectObject
FrameRgn
FillRgn
GetBkColor
CreatePolygonRgn
DeleteObject
GetTextExtentPoint32A
DPtoLP
ExtTextOutA
GetTextMetricsA
StretchBlt
GetWindowExtEx
BitBlt
SetBrushOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
CreatePen
SetMapMode
SetWindowExtEx
GetObjectA
GetStockObject
DeleteDC
GetDeviceCaps
EnumFontFamiliesA
EnumFontFamiliesExA
CreateICA
CreatePenIndirect
ExtCreatePen
CreateSolidBrush
CreateBrushIndirect
CreateFontIndirectA
SetViewportExtEx

advapi32

GetUserNameA
RegQueryValueA
RegOpenKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegQueryValueExA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA

comctl32

ord17

oledlg

ord3

ole32

OleCreateFromData
OleSave
StgCreateDocfile
OleConvertIStorageToOLESTREAM
StgIsStorageFile
StgOpenStorage
CreateDataAdviseHolder
CreateStreamOnHGlobal
CoCreateInstance
OleConvertOLESTREAMToIStorage
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleGetClipboard
ProgIDFromCLSID
CLSIDFromProgID
OleSetClipboard
ReleaseStgMedium
OleFlushClipboard

Sections

.text
Size: 960KB - Virtual size: 958KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 212KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 68KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SharedD
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.srdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8e43ed012af212865aec886bf1599ea4

Headers

File Characteristics

Imports

mfc70

msvcr70

kernel32

user32

shell32

oleaut32

wsock32

covankutils16

gdi32

advapi32

comctl32

oledlg

ole32

Sections

.text Size: 960KB - Virtual size: 958KB

.rdata Size: 212KB - Virtual size: 208KB

.data Size: 68KB - Virtual size: 87KB

.SharedD Size: 4KB - Virtual size: 4B

.rsrc Size: 72KB - Virtual size: 68KB

.srdata Size: 68KB - Virtual size: 68KB

.text
Size: 960KB - Virtual size: 958KB

.rdata
Size: 212KB - Virtual size: 208KB

.data
Size: 68KB - Virtual size: 87KB

.SharedD
Size: 4KB - Virtual size: 4B

.rsrc
Size: 72KB - Virtual size: 68KB

.srdata
Size: 68KB - Virtual size: 68KB