aa38e9be2999b9e3c04905326aa1ebce09f1488e92dcb4002c6d2a393d50ea03

Sharing

Copy URL Twitter E-mail

General

Target

aa38e9be2999b9e3c04905326aa1ebce09f1488e92dcb4002c6d2a393d50ea03
Size

496KB
MD5

acfb9d33aab35916cf4db1a6a221418a
SHA1

15e6e77892f98f113eff22cceeaa3ae95330e75f
SHA256

aa38e9be2999b9e3c04905326aa1ebce09f1488e92dcb4002c6d2a393d50ea03
SHA512

d55445071779cea166a9cc3b106112d4cc00b02d85fb3e442c1f99db52acf4734884f1c76819d1c98f513c6f6faf078a760f2095ad56ae71513ebd87384da670
SSDEEP

6144:8h+vjAGX9jjoDZnmCDyI/lpccYms9gmHDj9bvUvbxkpjw:m+vcwvG5mCDyINpoWk0u

Score

N/A

Malware Config

Signatures

Files

aa38e9be2999b9e3c04905326aa1ebce09f1488e92dcb4002c6d2a393d50ea03
.exe windows x86

534c46e3969156b1bd582d206180ed7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

spyxxhk

gfHookEnabled
gcSubclass
ghhkRetHook
_SpyxxCallWndRetProc@12
ghhkCallHook
_SpyxxCallWndProc@12
ghhkMsgHook
_SpyxxGetMsgProc@12
gmsgOtherProcessData
gopd
gpidSpyxx
gabMsgBuf
gaaClasses
gtidSpyxx
gfOnWindows5x
gcMsgPackets
goffWrite
goffRead
gfOnWindows4x
gfOnWindows9x
gfEnableSubclass

kernel32

GlobalLock
GlobalAlloc
SizeofResource
CloseHandle
WaitForSingleObject
SetEvent
MulDiv
GetLastError
SetFilePointer
Sleep
ReleaseMutex
ResetEvent
CreateEventA
CreateMutexA
WriteFile
WideCharToMultiByte
LoadResource
GetCurrentProcess
OpenProcess
HeapFree
GetProcessHeap
HeapAlloc
HeapSize
SetLastError
GetCurrentProcessId
FreeLibrary
GetProcAddress
GetVersion
IsDBCSLeadByte
LocalAlloc
LoadLibraryA
GetVersionExA
RaiseException
LockResource
GlobalUnlock
GlobalFree
InterlockedExchange
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeCriticalSection
MultiByteToWideChar
GetModuleHandleA
DeleteCriticalSection

user32

EnumChildWindows
IsIconic
IsZoomed
OffsetRect
GetWindowPlacement
GetWindowWord
IsWindowUnicode
GetClassLongA
InflateRect
SetRectEmpty
GetSysColor
CreatePopupMenu
DrawFocusRect
FrameRect
GetClassWord
DestroyWindow
GetClassNameA
GetClassInfoA
SetWindowsHookExA
UnhookWindowsHookEx
IsChild
GetFocus
EnumWindows
ReleaseCapture
WindowFromPoint
SetCursor
SetCapture
GetCapture
UpdateWindow
ClientToScreen
GetWindow
GetWindowRgn
PtInRect
IsWindow
GetWindowThreadProcessId
GetParent
InvalidateRect
GetKeyState
FillRect
GetDC
GetSystemMetrics
ReleaseDC
IsWindowVisible
ScreenToClient
GetWindowRect
SetActiveWindow
GetDesktopWindow
GetWindowDC
SetWindowPlacement
BringWindowToTop
SetForegroundWindow
ShowWindow
IsRectEmpty
SetRect
DeleteMenu
GetSystemMenu
SetTimer
KillTimer
GetLastActivePopup
AdjustWindowRectEx
TranslateMessage
EqualRect
MapWindowPoints
AdjustWindowRect
MessageBeep
UnpackDDElParam
GetClientRect

gdi32

CreateCompatibleDC
DeleteObject
SetBkMode
SelectObject
CreateSolidBrush
PtInRegion
CreateRectRgn
CreateBitmap
CreatePatternBrush
PatBlt
CreatePen
GetPixel
GetDeviceCaps
FrameRgn
CreateHatchBrush
Rectangle
SetROP2
GetStockObject
BitBlt

advapi32

RegQueryValueExA
RegCloseKey
LookupAccountSidW
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
PrivilegeCheck
RegOpenKeyExA

mfc71u

ord4846
ord4733
ord2736
ord2042
ord777
ord4035
ord1563
ord1548
ord2986
ord2895
ord1003
ord776
ord774
ord2657
ord2266
ord6063
ord1472
ord1542
ord1582
ord5398
ord293
ord4026
ord899
ord870
ord5803
ord896
ord577
ord1590
ord1646
ord1647
ord2397
ord2409
ord2386
ord2390
ord2392
ord2394
ord2384
ord5229
ord5231
ord1058
ord5636
ord326
ord3079
ord3344
ord4231
ord1561
ord2082
ord4093
ord5930
ord1476
ord283
ord1002
ord287
ord1536
ord2261
ord900
ord280
ord2460
ord2121
ord3927
ord290
ord2926
ord4320
ord2009
ord1007
ord5096
ord566
ord2260
ord5558
ord860
ord3756
ord1156
ord3990
ord281
ord5491
ord1198
ord6039
ord3752
ord605
ord3204
ord1925
ord3155
ord1271
ord1270
ord5633
ord5178
ord4206
ord4884
ord1662
ord1661
ord5908
ord1611
ord1608
ord3940
ord1392
ord4238
ord5148
ord1899
ord5067
ord6271
ord4179
ord5199
ord3397
ord4716
ord4276
ord1591
ord5956
ord920
ord925
ord929
ord927
ord931
ord2404
ord2388
ord2407
ord2402
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord3176
ord764
ord2651
ord4574
ord602
ord2361
ord347
ord4729
ord6086
ord3635
ord2011
ord2366
ord354
ord2086
ord5911
ord1393
ord4234
ord5210
ord4255
ord3311
ord741
ord760
ord676
ord587
ord2155
ord3922
ord1396
ord266
ord5801
ord5651
ord5829
ord2654
ord5443
ord2167
ord265
ord1299
ord6115
ord3678
ord1894
ord2985
ord572
ord1784
ord3630
ord4728
ord6232
ord4277
ord4205
ord2013
ord3199
ord391
ord3331
ord1079
ord3198
ord709
ord5638
ord6033
ord501
ord1920
ord3647
ord3493
ord4284
ord4538
ord3648
ord3494
ord635
ord3751
ord1595
ord2237
ord1905
ord2609
ord5005
ord5008
ord4304
ord4129
ord2933
ord4898
ord940
ord5352
ord2420
ord2418
ord4015
ord3939
ord5144
ord1896
ord5204
ord2164
ord1297
ord4272
ord4261
ord751
ord742
ord5165
ord4945
ord5004
ord1904
ord5003
ord5007
ord4303
ord2934
ord941
ord2419
ord4014
ord1895
ord5203
ord4271
ord5164
ord1954
ord4259
ord4923
ord762
ord553
ord562
ord431
ord1994
ord2136
ord2135
ord5855
ord4293
ord4244
ord3946
ord2424
ord4089
ord1475
ord4533
ord430
ord3639
ord3444
ord5733
ord2471
ord1461
ord4560
ord2608
ord2615
ord6234
ord2007
ord5152
ord5588
ord1370
ord5408
ord4251
ord1913
ord4216
ord3034
ord2762
ord2832
ord4476
ord4258
ord616
ord4699
ord368
ord4347
ord3157
ord4094
ord2085
ord3238
ord1946
ord1274
ord5723
ord5982
ord5981
ord5618
ord3346
ord3342
ord5983
ord1957
ord4882
ord6140
ord3676
ord3585
ord4438
ord4437
ord4784
ord4198
ord4775
ord4974
ord4166
ord4175
ord4585
ord4771
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4858
ord4855
ord3968
ord5147
ord3338
ord1352
ord5170
ord4267
ord756
ord565
ord4755
ord2362
ord4119
ord1959
ord4300
ord1176
ord5434
ord867
ord2077
ord4226
ord3158
ord4062
ord746
ord558
ord6000
ord862
ord444
ord998
ord4057
ord3508
ord677
ord5430
ord6227
ord660
ord423
ord4542
ord3677
ord757
ord2239
ord4562
ord1117
ord3822
ord758
ord567
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord5226
ord5209
ord5562
ord4475
ord3327
ord6059
ord956
ord437
ord4025
ord1403
ord3590
ord3435
ord5671
ord3232
ord428
ord356
ord6061
ord6278
ord5709
ord3281
ord2365
ord665
ord3018
ord3395
ord3249
ord443
ord2254
ord2264
ord4109
ord3690
ord6276
ord589
ord330
ord3855
ord3995
ord4117
ord5637
ord2648
ord2140
ord1386
ord2713
ord4762
ord5727
ord5048
ord657
ord1388
ord6262
ord1924

msvcr71

_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
__security_error_handler
_amsg_exit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_except_handler3
memset
strncpy
_vsnprintf
time
iscntrl
toupper
_getmbcp
wcsrchr
_wcsupr
swscanf
_wcsicmp
malloc
free
_vsnwprintf
__CxxFrameHandler
memmove
wcslen
_wsplitpath
_itow
wcstoul
_purecall
wcscmp
_itoa
_endthread
_beginthread

msvcp71

?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?_Fpz@std@@3_JA
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?freeze@strstreambuf@std@@QAEX_N@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QAEHH@Z
?setf@ios_base@std@@QAEHHH@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
?flags@ios_base@std@@QAEHH@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?setf@ios_base@std@@QAEHH@Z
??1ostrstream@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?overflow@strstreambuf@std@@MAEHH@Z
?pbackfail@strstreambuf@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JHH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z

Sections

.text
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 60KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

534c46e3969156b1bd582d206180ed7d

Headers

File Characteristics

Imports

spyxxhk

kernel32

user32

gdi32

advapi32

mfc71u

msvcr71

msvcp71

Sections

.text Size: 368KB - Virtual size: 367KB

.data Size: 60KB - Virtual size: 69KB

.rsrc Size: 64KB - Virtual size: 62KB

.text
Size: 368KB - Virtual size: 367KB

.data
Size: 60KB - Virtual size: 69KB

.rsrc
Size: 64KB - Virtual size: 62KB