e250fbb42cb7cf8966594b9ffb483853c3582c1cd7b18ad830d1dc88091f3a3d

Sharing

Copy URL Twitter E-mail

General

Target

e250fbb42cb7cf8966594b9ffb483853c3582c1cd7b18ad830d1dc88091f3a3d
Size

2.9MB
MD5

97365d3dfc39bde02afdec28b965dc85
SHA1

27c797d7026e8e7d0e77ebd1ca2950ddf52a2956
SHA256

e250fbb42cb7cf8966594b9ffb483853c3582c1cd7b18ad830d1dc88091f3a3d
SHA512

5c74546125e789711e745570bbfae6ebe0138addc0b05f6b9fcc515565a47d30074a29e7d1da997a443e7b3b421b4d80056a164660baea44773ebe43079b3071
SSDEEP

49152:V4VBn1iQlg/bbMwLHF+7Xo6i+Y1pL15b9E1mfKnFrnoVDydEEQsCEJlTz5Yh6Il1:qzAbMwLHF+7Xli+Y1ppmH89ydEEQsCEU

Score

N/A

Malware Config

Signatures

Files

e250fbb42cb7cf8966594b9ffb483853c3582c1cd7b18ad830d1dc88091f3a3d
.dll windows x86

8e2a1673792a07486ff7d0be644dcc18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalLock
WideCharToMultiByte
GlobalUnlock
LoadLibraryW
QueryPerformanceFrequency
QueryPerformanceCounter
DisableThreadLibraryCalls
CloseHandle
CreateThread
GetCurrentProcess
K32GetModuleInformation
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreA
InitializeSRWLock
ResumeThread
VirtualProtect
ExitThread
Sleep
InterlockedCompareExchange
FlushInstructionCache
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcessId
GetCurrentThreadId
OpenThread
GetThreadContext
SetThreadContext
SuspendThread
CreateToolhelp32Snapshot
GlobalAlloc
Thread32Next
VirtualAlloc
VirtualFree
LocalFree
FormatMessageA
GetLocaleInfoEx
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileW
MultiByteToWideChar
VirtualQuery
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GlobalFree
GetProcAddress
Thread32First
GetModuleHandleA
InitializeSListHead
GetProcessHeap
FreeLibrary
InterlockedExchange

user32

GetAsyncKeyState
MessageBoxA
CallWindowProcA
SetClipboardData
GetClipboardData
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
ScreenToClient
SetWindowLongA
LoadCursorA

msvcp140

?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?good@ios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Random_device@std@@YAIXZ
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBE?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AAVios_base@2@DPBUtm@@PBD3@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
_Mtx_trylock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Mtx_unlock
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Xlength_error@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z

winmm

PlaySoundA

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

wininet

InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetReadFile
HttpOpenRequestA
InternetOpenA

vcruntime140

memcmp
__CxxFrameHandler3
__std_exception_destroy
__std_exception_copy
__std_type_info_compare
_purecall
memmove
strrchr
longjmp
memcpy
memset
memchr
_setjmp3
__current_exception
__current_exception_context
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
__vcrt_GetModuleFileNameW
__vcrt_LoadLibraryExW
strstr

api-ms-win-crt-stdio-l1-1-0

_wfopen
fwrite
__stdio_common_vsscanf
ftell
fopen
fgetc
__stdio_common_vsprintf_s
fgetpos
fclose
setvbuf
fflush
fseek
fputc
_get_stream_buffer_pointers
ungetc
_fseeki64
__stdio_common_vsprintf
fsetpos
fread

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-math-l1-1-0

_libm_sse2_sqrt_precise
_libm_sse2_tan_precise
_libm_sse2_atan_precise
_libm_sse2_sin_precise
_dsign
ceil
_libm_sse2_pow_precise
_libm_sse2_cos_precise
_fdclass
_libm_sse2_acos_precise
_libm_sse2_log_precise
_dclass
floor
roundf
fminf
fmax
fmaxf
_CIatan2
_CIfmod
remainderf

api-ms-win-crt-convert-l1-1-0

strtoull
strtod
strtol
atof
strtoul
atoi
strtoll

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_cexit
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
system
terminate
_crt_atexit
_errno

api-ms-win-crt-string-l1-1-0

isdigit
strcat_s
strncpy
strcpy_s
strncmp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_time64
_localtime64

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 626KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8e2a1673792a07486ff7d0be644dcc18

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

winmm

d3dx9_43

imm32

wininet

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 426KB - Virtual size: 425KB

.data Size: 626KB - Virtual size: 774KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 50KB - Virtual size: 50KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 426KB - Virtual size: 425KB

.data
Size: 626KB - Virtual size: 774KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 50KB - Virtual size: 50KB