3ff65e81e53f2898b6ac773d6273f47c5bea7ada1aec7149e33b2d765f745317

Sharing

Copy URL

Twitter E-mail

General

Target

3ff65e81e53f2898b6ac773d6273f47c5bea7ada1aec7149e33b2d765f745317
Size

3.5MB
MD5

2f51cfabd07f1764132b3a0542db1f70
SHA1

acfe99f322d8ccb845e7833d584db6ca0de12f6a
SHA256

3ff65e81e53f2898b6ac773d6273f47c5bea7ada1aec7149e33b2d765f745317
SHA512

c4d6f2293f5738e286f7f4151a6c0ecfd1e6911ceafc77774f1d355e9d2968f373923bfd048604fa2e708cc8fdd74eb973780416387994c45e5aedd21aaf7caf
SSDEEP

6144:K4GKlFoWhoDMoswSa/w/3XJNmODFfT9fT/bt:NlF/oIosK/wBv

Score

N/A

Malware Config

Signatures

Files

3ff65e81e53f2898b6ac773d6273f47c5bea7ada1aec7149e33b2d765f745317
.exe windows x86

13f39fa4ae63c5f45480eb13943df185

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord815
ord561
ord801
ord6199
ord2086
ord2864
ord668
ord924
ord5608
ord6883
ord3181
ord3178
ord4058
ord2781
ord2770
ord356
ord541
ord535
ord1175
ord1205
ord2621
ord860
ord1134
ord2725
ord926
ord773
ord501
ord5621
ord6143
ord6453
ord4160
ord2863
ord4083
ord2915
ord2135
ord567
ord5600
ord3870
ord4774
ord1176
ord6270
ord3706
ord2393
ord1979
ord1567
ord268
ord2860
ord6877
ord939
ord3337
ord3811
ord2614
ord2512
ord538
ord3922
ord711
ord6307
ord521
ord2764
ord5710
ord4129
ord6663
ord5861
ord6876
ord6385
ord4277
ord6930
ord6928
ord3619
ord3573
ord2243
ord5789
ord2754
ord5875
ord4476
ord940
ord3092
ord6172
ord1768
ord2450
ord6157
ord5782
ord4317
ord5873
ord1862
ord4220
ord2584
ord3654
ord2438
ord816
ord562
ord2567
ord5787
ord283
ord2763
ord5642
ord1644
ord1795
ord2575
ord5290
ord3402
ord3574
ord6055
ord1776
ord4396
ord809
ord609
ord556
ord4275
ord613
ord2380
ord3874
ord289
ord6880
ord1088
ord2431
ord2122
ord1200
ord2554
ord4486
ord6375
ord4274
ord413
ord5731
ord4673
ord941
ord2642
ord470
ord755
ord6215
ord4299
ord4287
ord4284
ord2302
ord6197
ord2859
ord354
ord5186
ord665
ord3318
ord5442
ord1168
ord1146
ord2379
ord4234
ord1576
ord4710
ord325
ord324
ord326
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord6394
ord6383
ord5440
ord5450
ord2107
ord2841
ord2818
ord1083
ord540
ord1641
ord323
ord1640
ord5785
ord2405
ord2452
ord640
ord2414
ord3626
ord3571
ord3663
ord537
ord858
ord800
ord5683
ord4278
ord922
ord825
ord5572
ord823

msvcrt

_ltoa
_setmbcp
__p__fmode
_mbsicmp
atoi
__CxxFrameHandler
sscanf
__set_app_type
_controlfp
_mbsnbcpy
_mbscmp
exit
atol
_beginthreadex
_mbsstr
sprintf
vsprintf
_mbclen
wcslen
_mbsnbcmp
_ismbcdigit
_mbsinc
_purecall
_CxxThrowException
fclose
fread
ftell
fseek
strerror
_errno
fopen
fwrite
_mbsncmp
_mbccpy
wctomb
strtol
memmove
time
strstr
free
_msize
malloc
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_mbschr

kernel32

GetProcAddress
lstrlenA
lstrcpyA
GetModuleHandleA
GlobalSize
GetStartupInfoA
GlobalLock
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
GetLastError
GetPrivateProfileStringA
GlobalUnlock
OutputDebugStringA
CreateProcessA
GetStdHandle
GetPrivateProfileIntA
CloseHandle
WaitForSingleObject
GetCommandLineA
SetEnvironmentVariableA
LoadLibraryA
Sleep
GetModuleFileNameA
FreeLibrary
GetLocalTime
GetTempPathA
CreateFileA
InterlockedDecrement
lstrcpynA
InterlockedIncrement
MultiByteToWideChar
WritePrivateProfileStringA
GetTickCount
GetCurrentProcessId
GlobalFree
LockResource
MulDiv
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
TerminateProcess
GetExitCodeProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
lstrcmpiA
DeleteFileA
CreateDirectoryA
GetVersionExA

user32

ShowWindow
EnumChildWindows
FindWindowA
UnhookWindowsHookEx
GetClassNameA
SetWindowRgn
CallNextHookEx
RegisterWindowMessageA
ModifyMenuA
PeekMessageA
EqualRect
GetCursorPos
ClientToScreen
GetSystemMetrics
DrawIcon
CopyRect
KillTimer
SetWindowPos
GetWindowThreadProcessId
IsWindowVisible
GetSystemMenu
AppendMenuA
GetForegroundWindow
GetTopWindow
GetMenuItemID
SetTimer
DestroyWindow
PostMessageA
OffsetRect
SetRect
GetParent
SetCursor
GetMenuItemCount
LoadCursorA
LoadIconA
wsprintfA
RedrawWindow
SetWindowLongA
GetWindowLongA
SendMessageA
BringWindowToTop
FillRect
CreatePopupMenu
LoadImageA
InvalidateRect
IsWindow
MessageBoxA
LoadBitmapA
SetWindowsHookExA
GetClientRect
ReleaseDC
GetDC
GetSubMenu
DestroyIcon
DrawIconEx
GetIconInfo
GetSysColor
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SystemParametersInfoA
GetDesktopWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
IsIconic
EnableWindow
GetWindowRect
CloseClipboard
SetClipboardData
PostQuitMessage
GetWindowDC
ScreenToClient
SetForegroundWindow
PtInRect

gdi32

BitBlt
CreateRectRgn
PatBlt
ExtCreateRegion
CreateDIBitmap
CreateBitmap
CreateRectRgnIndirect
GetDIBits
CreateCompatibleBitmap
CreateFontA
GetTextExtentPoint32A
GetStockObject
CreatePolygonRgn
CombineRgn
FrameRgn
CreateSolidBrush
CreateRoundRectRgn
GetDeviceCaps
CreateDIBSection
SelectObject
DeleteDC
StretchBlt
GetObjectA
CreateDCA
CreateCompatibleDC
GetPixel
DeleteObject

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA

shell32

Shell_NotifyIconA
ShellExecuteExA
SHGetFileInfoA
SHGetFolderPathA
ShellExecuteA

comctl32

_TrackMouseEvent

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CLSIDFromString

olepro32

ord251

gdiplus

GdiplusStartup
GdipCloneImage
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipFree
GdipCreateFromHDC
GdipDrawImagePointsI
GdipDrawImageRectI
GdipReleaseDC
GdipDeleteGraphics
GdipAlloc
GdipLoadImageFromStream
GdipGetImageWidth
GdipGetImageHeight

modbase

?SetGlobalContainer@@YAPAVIModContainer@@PAV1@@Z
?CreateContainer@@YAPAVIModContainer@@XZ
?GetGlobalContainer@@YAPAVIModContainer@@XZ

communicate

?CreateFileMap@CCommunicate@@SAHAAPAX@Z
?SetData@CCommunicate@@SAHHPAXH@Z
?GetData@CCommunicate@@SAHHPAXHAAH@Z
?LogError@CCommunicate@@SAXPBDZZ
?CleanFileMap@CCommunicate@@SAHPAX@Z
?PostMessageA@CCommunicate@@SAHIJ@Z

language

ord1

msgbase

?GetConn@CNetStateMsg@@QAEPAVINetConn@@XZ
?GetClass@CNetStateMsg@@SAPAXXZ
?GetEvent@CShareMsg@@QAEIXZ
?GetOldState@CNetStateMsg@@QAE?AW4ESTATE@INetConn@@XZ
?GetNewState@CNetStateMsg@@QAE?AW4ESTATE@INetConn@@XZ
?IsKindOf@CControlMsg@@UAEHPAX@Z
?GetRuntimeClass@CControlMsg@@UBEPAUCRuntimeClass@@XZ
??0CControlMsg@@QAE@K@Z
??1CControlMsg@@UAE@XZ
?GetClass@CShareMsg@@SAPAXXZ

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

singleton

?GetInstance@@YAPAXXZ

crashrpt

SetServerInfo
AddFile
Install

shlwapi

PathFileExistsA

msimg32

TransparentBlt

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

13f39fa4ae63c5f45480eb13943df185

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

gdiplus

modbase

communicate

language

msgbase

msvcp60

singleton

crashrpt

shlwapi

msimg32

Sections

.text Size: 212KB - Virtual size: 211KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 8KB - Virtual size: 6KB

.rsrc Size: 68KB - Virtual size: 68KB

.text
Size: 212KB - Virtual size: 211KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 68KB - Virtual size: 68KB