c95cb7f7fa8d3247a669fa2793cad3d4a17fb78624df9b47db14da6f500eb70e

Sharing

Copy URL

Twitter E-mail

General

Target

c95cb7f7fa8d3247a669fa2793cad3d4a17fb78624df9b47db14da6f500eb70e
Size

1.6MB
MD5

d9254ac97f52bd238ec150a6c40af3d1
SHA1

198a1183fc4c264d5d106cac04eb49cf301fa283
SHA256

c95cb7f7fa8d3247a669fa2793cad3d4a17fb78624df9b47db14da6f500eb70e
SHA512

06d0ff4342df96fa6bd2e548f99387e7cd01c45824e8bae051a30cca907a04329a3252a04d415de52df74f90179c34a93a4071c8f641c0f52435dc8f219dcc76
SSDEEP

24576:Jp+PXQ5huQbj+Y1J44IEVpSEw5jx8dEMS1Pwdb8pvBeWplZKYNOV/vu4t6W:OPbMj/J44IEWEw5jx8dEMSyifC6W

Score

N/A

Malware Config

Signatures

Files

c95cb7f7fa8d3247a669fa2793cad3d4a17fb78624df9b47db14da6f500eb70e
.exe windows x86

492cbb93c2e0d73dce9575d42c0a9957

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

zwwpfshowwrapper

?SetFileFullPathName@CZwWPFShowCppWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?SetRegKeyUserCode@CZwWPFShowCppWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?SetShortCodeRequest@CZwWPFShowCppWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?SetResultInfo@CZwWPFShowCppWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HHH@Z
??0CZwWPFShowCppWrapper@@QAE@XZ
?CreateWPFDialog@CZwWPFShowCppWrapper@@QAEXPAUHWND__@@@Z
?SetDongleAuthedInfo@CZwWPFShowCppWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@000@Z
?SetLicServerInfo@CZwWPFShowCppWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0@Z
?SetProductEdition@CZwWPFShowCppWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?SetLicenseTo@CZwWPFShowCppWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?SetSoftAuthedInfo@CZwWPFShowCppWrapper@@QAEXHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@000000HHHH@Z
?SetFeatureNoMatchAppTip@CZwWPFShowCppWrapper@@QAEXV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HH@Z
?SetIsNetWork@CZwWPFShowCppWrapper@@QAEXH@Z
?ShowWPFDialog@CZwWPFShowCppWrapper@@QAEHXZ
??1CZwWPFShowCppWrapper@@UAE@XZ

zwauthmanagedwrapper

?initApp@CHostAppService@@SAXP6GPAVCZwUnmanagedClass@@XZ@Z

fnp_act_installer

fnpActSvcUninstallWin
fnpActSvcInstallWin

mfc100

ord11190
ord11188
ord4373
ord4393
ord4389
ord4385
ord4377
ord4419
ord4398
ord11421
ord7837
ord2611
ord6678
ord12868
ord4785
ord3253
ord11107
ord8351
ord5803
ord381
ord7876
ord13348
ord4273
ord7582
ord867
ord11318
ord1479
ord2538
ord1266
ord1317
ord1437
ord1314
ord7177
ord4499
ord11439
ord1330
ord2084
ord2063
ord2067
ord13124
ord11627
ord265
ord13131
ord11781
ord4144
ord4143
ord422
ord3621
ord5627
ord978
ord13125
ord3839
ord1483
ord788
ord1210
ord10030
ord9475
ord11067
ord8137
ord10007
ord10360
ord3620
ord2974
ord2973
ord2752
ord5532
ord12531
ord2881
ord2878
ord7349
ord2416
ord14059
ord14061
ord14060
ord14058
ord14062
ord14045
ord13972
ord13973
ord8235
ord11025
ord3395
ord10883
ord13294
ord8070
ord11108
ord6217
ord9994
ord8330
ord2847
ord12644
ord1496
ord1503
ord1509
ord1507
ord1514
ord4410
ord4381
ord4415
ord4406
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord11060
ord3484
ord2945
ord2944
ord2846
ord11103
ord5123
ord9286
ord8305
ord5805
ord385
ord6680
ord948
ord946
ord1900
ord3390
ord4344
ord5776
ord5837
ord3439
ord4283
ord7141
ord1890
ord1316
ord2617
ord12672
ord316
ord11744
ord7487
ord1313
ord1982
ord1985
ord1981
ord1294
ord300
ord7581
ord5242
ord305
ord2626
ord4078
ord1288
ord7584
ord7510
ord11726
ord13767
ord4724
ord2163
ord11420
ord13301
ord7073
ord13299
ord8486
ord3676
ord3618
ord11806
ord7091
ord1732
ord14075
ord1296
ord409
ord1297
ord323
ord1867
ord1940
ord10922
ord13181
ord11413
ord7144
ord13483
ord13480
ord13485
ord13482
ord13484
ord13481
ord3409
ord5238
ord11172
ord11180
ord7355
ord9449
ord11184
ord11153
ord11787
ord4622
ord4903
ord5095
ord8439
ord4881
ord5098
ord4625
ord4774
ord4606
ord6897
ord6898
ord6888
ord4772
ord7357
ord9281
ord8304
ord6112
ord888
ord9399
ord6835
ord266
ord1929
ord901
ord310
ord906
ord13518
ord2090
ord322
ord2052
ord2050
ord2079
ord1979
ord2040
ord3406
ord408
ord1948
ord2089
ord2087
ord2088

msvcr100

memcpy
printf
sprintf_s
strcat_s
strncpy_s
_time64
fseek
ftell
malloc
fread
fopen_s
fwrite
fclose
free
_localtime64_s
_mktime64
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
memmove
rand
atoi
sscanf
_purecall
strcmp
memcmp
strlen
strcpy
_stat64i32
strcat
strspn
calloc
_setjmp3
_localtime64
strchr
tolower
strrchr
strncpy
realloc
sprintf
_strlwr
strftime
_vsnprintf_s
_vscprintf
srand
fflush
__iob_func
fprintf
vsprintf
_errno
abs
longjmp
__sys_errlist
__sys_nerr
_exit
isalnum
isalpha
iscntrl
isdigit
isgraph
islower
isprint
ispunct
isupper
strncmp
isxdigit
toupper
qsort
getenv
_findclose
_findnext64i32
_findfirst64i32
strtol
_setmbcp
clearerr
ungetc
fgets
fgetc
atol
exit
perror
fopen
_popen
getchar
_wfopen
freopen
_wfreopen
_wopen
_close
_wstat64i32
rename
__CxxFrameHandler
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_time32
_except_handler4_common
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_cexit
__getmainargs
_amsg_exit
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_unlink
_open
_getpid
_getcwd
_stricmp
_strdup
_access
isspace
strncat
_beginthread
_endthread
_putenv
_wunlink
_wremove
remove
_waccess
__CxxFrameHandler3
__argv
strcpy_s
memset
atof
strstr
_mbscmp
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_wrename

kernel32

GetEnvironmentStrings
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
GetEnvironmentVariableA
GetEnvironmentVariableW
SetErrorMode
SetHandleInformation
GetLocalTime
GetTimeZoneInformation
GetTickCount
GetProcessTimes
GetCurrentProcess
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
FindClose
GetWindowsDirectoryA
CreateEventA
SetEvent
SetLastError
CreateMutexA
VirtualAlloc
VirtualFree
LocalFree
LocalAlloc
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
HeapSetInformation
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetVersionExA
GetVersion
GetSystemDirectoryA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetCurrentDirectoryA
CopyFileA
WaitForSingleObject
GetDriveTypeA
ReleaseMutex
DeleteFileA
CreateFileA
CloseHandle
DeviceIoControl
CreateDirectoryA
lstrcpyA
lstrcmpA
GetVolumeInformationA
Sleep
lstrlenA
GetComputerNameA
GetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
LoadLibraryA
GetLastError
GetProcAddress
ResetEvent
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
FreeLibrary

user32

GetDlgItemTextA
EndDialog
GetActiveWindow
GetParent
GetFocus
SetFocus
GetDlgItemTextW
ShowWindow
MoveWindow
ScreenToClient
wsprintfA
CreateDialogIndirectParamA
DialogBoxIndirectParamA
SetDlgItemTextA
MessageBeep
GetWindowLongA
SetWindowTextA
GetDlgItem
GetWindowRect
LoadStringA
MessageBoxA
GetSystemMetrics
EnableWindow
LoadIconW
GetClientRect
AppendMenuA
IsIconic
GetSystemMenu
SendMessageA
DrawIcon

comdlg32

GetOpenFileNameA

advapi32

OpenServiceA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
RegOpenKeyA
RegEnumKeyExA
StartServiceA
CreateServiceA
DeleteService
ControlService
RegQueryInfoKeyA
CloseServiceHandle
OpenSCManagerA
RegEnumValueA
RegQueryValueExW
RegSetValueExW
GetUserNameA
GetUserNameW

shell32

SHGetSpecialFolderPathA
ShellExecuteA

comctl32

InitCommonControlsEx
ord17

shlwapi

PathFileExistsA

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
VariantInit
SysStringLen
SysAllocString
SysFreeString
VariantClear
VariantChangeType
VariantTimeToSystemTime

msvcp100

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

ws2_32

gethostname
gethostbyname
gethostbyaddr
htonl
inet_addr
WSACleanup
WSAGetLastError
WSAStartup
getsockname
getsockopt
__WSAFDIsSet
select
connect
socket
htons
getprotobyname
closesocket
recv
send
ioctlsocket
setsockopt
ntohs
ntohl
inet_ntoa

netapi32

Netbios

Exports

Exports

??0CZwWPFShowCppWrapper@@QAE@ABV0@@Z
??4CHostAppService@@QAEAAV0@ABV0@@Z
??4CZwWPFShowCppWrapper@@QAEAAV0@ABV0@@Z
??_7CZwWPFShowCppWrapper@@6B@

Sections

.text
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 876KB - Virtual size: 876KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_dir
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 512B - Virtual size: 257B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

492cbb93c2e0d73dce9575d42c0a9957

Headers

DLL Characteristics

File Characteristics

Imports

zwwpfshowwrapper

zwauthmanagedwrapper

fnp_act_installer

mfc100

msvcr100

kernel32

user32

comdlg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp100

ws2_32

netapi32

Exports

Exports

Sections

.text Size: 442KB - Virtual size: 441KB

.textidx Size: 876KB - Virtual size: 876KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 103KB - Virtual size: 121KB

.idata Size: 14KB - Virtual size: 13KB

.fnp_dir Size: 512B - Virtual size: 376B

.fnp_mar Size: 512B - Virtual size: 257B

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 46KB - Virtual size: 46KB

.text
Size: 442KB - Virtual size: 441KB

.textidx
Size: 876KB - Virtual size: 876KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 103KB - Virtual size: 121KB

.idata
Size: 14KB - Virtual size: 13KB

.fnp_dir
Size: 512B - Virtual size: 376B

.fnp_mar
Size: 512B - Virtual size: 257B

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 46KB - Virtual size: 46KB