ba8e29ffc29ac50d665c8c81a239f8c9d19a36be05ea31d94fd7c6a0a8b72646

Sharing

Copy URL Twitter E-mail

General

Target

ba8e29ffc29ac50d665c8c81a239f8c9d19a36be05ea31d94fd7c6a0a8b72646
Size

1.0MB
MD5

9b1033a3a068f11121ff47b659d97d06
SHA1

57adcaa2c1e240ae03224e6d5c09f1dede70417e
SHA256

ba8e29ffc29ac50d665c8c81a239f8c9d19a36be05ea31d94fd7c6a0a8b72646
SHA512

610c36bef046567c7efd67f9336c0b811c78fc5be37c6ac96f2ef21f9f5ab6d0371fb8ac09a08f94cccba62653f3f5417a5cfc08e6dce803742cbc98328f3055
SSDEEP

12288:riilvmA+jdDhze0lwLYYaJW9jXiDJNpLnRcHWmGiV:rvlWjdhblwLfOR6tGi

Score

N/A

Malware Config

Signatures

Files

ba8e29ffc29ac50d665c8c81a239f8c9d19a36be05ea31d94fd7c6a0a8b72646
.exe windows x86

5b462a4972cbe072897654613fef9278

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71

ord5200
ord2862
ord4486
ord4262
ord709
ord501
ord1191
ord1187
ord762
ord266
ord6275
ord4580
ord2020
ord3835
ord5073
ord5203
ord605
ord354
ord356
ord4394
ord3684
ord3423
ord6065
ord2160
ord1545
ord4118
ord4115
ord6120
ord1377
ord2368
ord3204
ord2367
ord2372
ord1903
ord2086
ord5915
ord1402
ord4232
ord5214
ord2991
ord3164
ord572
ord587
ord347
ord5833
ord602
ord5710
ord865
ord1916
ord6172
ord6178
ord3761
ord1425
ord3596
ord2719
ord2469
ord760
ord589
ord4078
ord6037
ord330
ord3397
ord3989
ord3401
ord3934
ord4353
ord3174
ord747
ord559
ord5731
ord2168
ord1395
ord6283
ord6067
ord2164
ord577
ord1279
ord5637
ord280
ord1930
ord283
ord783
ord2131
ord774
ord2130
ord300
ord287
ord3641
ord3441
ord4648
ord4692
ord1968
ord6090
ord2264
ord2346
ord265
ord3287
ord3163
ord4100
ord2094
ord3244
ord1955
ord3255
ord758
ord567
ord5640
ord5641
ord2075
ord2234
ord1580
ord1929
ord2233
ord5642
ord5727
ord5331
ord6297
ord5320
ord6286
ord1486
ord2263
ord4125
ord2095
ord1591
ord4240
ord3317
ord741
ord1397
ord6266
ord1933
ord1484
ord4099
ord2091
ord1570
ord4237
ord3229
ord657
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord3171
ord591
ord1554
ord3195
ord620
ord1587
ord3307
ord731
ord1550
ord3178
ord599
ord1576
ord1575
ord3249
ord671
ord1652
ord1596
ord2985
ord3326
ord752
ord2097
ord1649
ord1593
ord4242
ord3319
ord743
ord2092
ord1641
ord5403
ord4238
ord2958
ord3230
ord658
ord1654
ord1598
ord2987
ord3328
ord754
ord1638
ord1559
ord3215
ord643
ord1647
ord1589
ord3315
ord739
ord1646
ord1588
ord3312
ord736
ord1643
ord1581
ord3292
ord715
ord2090
ord1637
ord1599
ord4236
ord3214
ord642
ord2098
ord1650
ord1594
ord4243
ord2983
ord3324
ord748
ord1635
ord1543
ord3157
ord583
ord1645
ord1586
ord3304
ord730
ord1644
ord1584
ord3298
ord1636
ord1548
ord3172
ord592
ord1639
ord1568
ord3227
ord656
ord1640
ord1569
ord3228
ord2370
ord2794
ord5613
ord2328
ord1265
ord777
ord2327
ord4032
ord282
ord2932
ord1264
ord293
ord2594
ord4036
ord4037
ord2321
ord1262
ord4033
ord4034
ord2319
ord1260
ord259
ord908
ord1283
ord2371
ord6017
ord1971
ord2938
ord2654
ord4109
ord1092
ord3233
ord423
ord660
ord4063
ord866
ord5466
ord3454
ord3348
ord2074
ord3474
ord2802
ord3563
ord5658
ord5991
ord4761
ord5491
ord4081
ord5994
ord2451
ord3406
ord3430
ord3488
ord4001
ord4123
ord502
ord5647
ord1966
ord5059
ord3551
ord3139
ord3571
ord3676
ord3583
ord3680
ord3587
ord3799
ord2876
ord3651
ord1979
ord3302
ord5634
ord326
ord2882
ord2873
ord5746
ord2495
ord4104
ord5871
ord3473
ord3574
ord3437
ord1655
ord2933
ord299
ord6118
ord1489
ord297
ord911
ord2248
ord310
ord2322
ord784
ord2902
ord2468
ord651
ord578
ord757
ord566
ord3333
ord4261
ord4481
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2838
ord2714
ord4307
ord2835
ord2731
ord2537
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord4185
ord1908
ord5152
ord4244
ord1401
ord3946
ord1617
ord1620
ord5912
ord1551
ord1670
ord1671
ord4890
ord4735
ord4212
ord5182
ord907
ord1084
ord1482
ord3997
ord781
ord416
ord3830
ord1054
ord4035
ord764
ord1063
ord1280
ord3161
ord1934
ord1558
ord3210
ord4014
ord4038
ord6168
ord4085
ord876
ord2272
ord304
ord1564
ord3683
ord1571
ord4541
ord1207

msvcr71

_mbscmp
_wcsdup
_setmbcp
__CxxFrameHandler
fprintf
fopen
fclose
fgets
__RTDynamicCast
malloc
free
_except_handler3
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@XZ
wcslen
memmove
_mbsnbcpy
sprintf
_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
memset
strtoul
atoi
strtol
_mbsicmp
vsprintf
_vscprintf
vswprintf
_vscwprintf

kernel32

GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
ExitProcess
GetCurrentThreadId
GetModuleHandleA
FindResourceExW
FindResourceW
SetLastError
VirtualProtect
GetCurrentProcess
WriteProcessMemory
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcmpA
FreeLibrary
LoadLibraryA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrcpynA
MulDiv
lstrcpyA
lstrlenA
lstrlenW
lstrcmpiA
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
CreateThread
Sleep
GetCommandLineA
WaitForSingleObject
FindFirstFileA
FindClose
GetSystemTime
SystemTimeToTzSpecificLocalTime
ReleaseMutex
OpenMutexA
CloseHandle
CreateMutexA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleFileNameA
LocalFree
GetSystemTimeAsFileTime

user32

DrawFocusRect
GetKeyState
GetAsyncKeyState
EndPaint
BeginPaint
GetWindowTextA
GetCapture
GetComboBoxInfo
GetSystemMetrics
EnableWindow
LoadIconA
GetClientRect
IsIconic
SendMessageA
DrawIcon
LoadBitmapA
GetWindowDC
ReleaseDC
SetParent
DestroyCursor
IsWindowVisible
LoadMenuA
IsWindowEnabled
SetFocus
EnableScrollBar
SetScrollPos
KillTimer
SetTimer
MapWindowPoints
CallWindowProcA
DestroyMenu
IsRectEmpty
IsZoomed
PostMessageA
GetMenuItemID
SetMenuDefaultItem
EnableMenuItem
AppendMenuA
CreatePopupMenu
SetRect
SetWindowsHookExA
CallNextHookEx
GetSubMenu
WindowFromPoint
UnhookWindowsHookEx
LoadImageW
LoadImageA
LoadCursorW
LoadIconW
LoadBitmapW
LoadStringW
LoadStringA
ClientToScreen
SystemParametersInfoA
GetSysColor
UpdateWindow
SetRectEmpty
GetMenuItemRect
UnionRect
TrackPopupMenuEx
TrackPopupMenu
FillRect
FrameRect
SetMenuItemInfoA
SetMenuItemBitmaps
GetMenuItemInfoA
GetMenuDefaultItem
OffsetRect
InflateRect
GetMenuItemCount
GetMenuState
IsMenu
InsertMenuItemA
FindWindowExA
ShowWindow
GetWindow
GetClassNameA
ScreenToClient
SetWindowRgn
GetSystemMenu
DrawStateA
CopyImage
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
GetDesktopWindow
keybd_event
GetFocus
SetWindowLongA
ValidateRect
DrawTextA
GetDlgCtrlID
ReleaseCapture
GetCursorPos
LoadCursorA
GetParent
SetCapture
RedrawWindow
InvalidateRect
GetDC
GetWindowRect
PtInRect
CopyRect
SetCursor
GetWindowLongA
DestroyIcon
IsWindow

gdi32

GetBkColor
CreateDIBitmap
CombineRgn
CreateRectRgn
CreateEllipticRgn
GetDIBits
LineTo
CreatePen
MoveToEx
CreateBrushIndirect
Rectangle
GetPixel
SetBitmapBits
GetBitmapBits
CreateSolidBrush
GetBkMode
GetMapMode
CreateBitmap
DPtoLP
SetStretchBltMode
CreateFontA
GetTextColor
GetTextMetricsA
CreateRectRgnIndirect
ExtCreatePen
PatBlt
SetBkColor
TextOutA
SetBkMode
SetTextColor
GetStockObject
GetTextExtentPoint32A
GetDeviceCaps
GetObjectA
CreateFontIndirectA
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
StretchBlt
DeleteDC
SetMapMode
DeleteObject
SetPixel

msimg32

AlphaBlend

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

_TrackMouseEvent
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_DrawEx
ord17
ImageList_AddMasked
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageInfo

shlwapi

PathCombineA
PathRenameExtensionA

ole32

CoCreateInstance
OleRun
CoUninitialize
CoInitialize

oleaut32

SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
VariantInit
SysStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString
SafeArrayDestroy

msvcp71

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 541B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 620KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b462a4972cbe072897654613fef9278

Headers

File Characteristics

Imports

mfc71

msvcr71

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp71

imagehlp

Sections

.text Size: 336KB - Virtual size: 335KB

.rdata Size: 92KB - Virtual size: 89KB

.data Size: 8KB - Virtual size: 7KB

.tls Size: 4KB - Virtual size: 541B

.rsrc Size: 620KB - Virtual size: 618KB

.text
Size: 336KB - Virtual size: 335KB

.rdata
Size: 92KB - Virtual size: 89KB

.data
Size: 8KB - Virtual size: 7KB

.tls
Size: 4KB - Virtual size: 541B

.rsrc
Size: 620KB - Virtual size: 618KB