a0b143fa2ff98548f7ac4a0b07d691cf3b51f51a6af3bb4d44d4e5d9e6d85b7f

Sharing

Copy URL

Twitter E-mail

General

Target

a0b143fa2ff98548f7ac4a0b07d691cf3b51f51a6af3bb4d44d4e5d9e6d85b7f
Size

532KB
MD5

e699c535bb595a07759c1af485653685
SHA1

f779caeb88f231cce6d004c998825d865c7366da
SHA256

a0b143fa2ff98548f7ac4a0b07d691cf3b51f51a6af3bb4d44d4e5d9e6d85b7f
SHA512

7bc97fa665de08df1b4e7709569885d1fc71b882e73442d2e8d885b56a078dbbd07395fd5c1817cdc279bf1a5895685bcf0c51a61066e8fefa4c75d7b3ae7b4c
SSDEEP

6144:C3SKhrQjVNYutV6wGFtc9RlIbO6sEUlovPtTBhPAl5tSeN2z2ePCfpEb70TocLK0:C3SKWNYuSw4c5ysXEPtTUJkyePCBEnc

Score

N/A

Malware Config

Signatures

Files

a0b143fa2ff98548f7ac4a0b07d691cf3b51f51a6af3bb4d44d4e5d9e6d85b7f
.exe windows x86

38d49c9710979bdc86ae736173a85010

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

skinhu

SkinH_AttachEx
SkinH_AdjustHSV
SkinH_SetAero
SkinH_Attach

winmm

timeGetTime
timeBeginPeriod
PlaySoundW

mfc71u

ord1271
ord3155
ord1270
ord5633
ord4117
ord3995
ord870
ord2895
ord4119
ord2366
ord1894
ord2255
ord602
ord347
ord1920
ord589
ord330
ord3793
ord631
ord1431
ord2271
ord386
ord1645
ord1589
ord4238
ord3322
ord754
ord3877
ord5864
ord762
ord3342
ord5637
ord502
ord577
ord5727
ord2878
ord1555
ord2870
ord3985
ord2872
ord709
ord501
ord5829
ord651
ord1921
ord416
ord3635
ord3435
ord5178
ord4206
ord4729
ord4884
ord2011
ord1662
ord1661
ord1542
ord5908
ord1392
ord5199
ord4256
ord605
ord591
ord587
ord1079
ord2077
ord1536
ord4226
ord3158
ord1922
ord1474
ord4092
ord2080
ord1538
ord4228
ord3165
ord1095
ord354
ord1785
ord4574
ord6086
ord6061
ord6063
ord2460
ord2311
ord293
ord2155
ord1386
ord5485
ord3756
ord748
ord2089
ord1641
ord1585
ord4237
ord2977
ord3318
ord3875
ord1299
ord2167
ord280
ord5484
ord774
ord4101
ord2260
ord776
ord2364
ord3363
ord899
ord896
ord4112
ord4535
ord3677
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord3327
ord566
ord757
ord5971
ord1049
ord1117
ord3824
ord1182
ord1178
ord4743
ord283
ord6059
ord1959
ord4109
ord3755
ord3176
ord3752
ord3678
ord3570
ord5398
ord2362
ord3395
ord266
ord3497
ord1586
ord562
ord751
ord3289
ord530
ord3198
ord265
ord6001
ord1176
ord1113
ord5710
ord1472
ord1244
ord3249
ord1086
ord3281
ord3157
ord2361
ord4035
ord2521
ord5607
ord6056
ord5604
ord6050
ord4155
ord6053
ord5884
ord6033
ord5723
ord5638
ord5643
ord5519
ord5584
ord5410
ord5397
ord5917
ord5715
ord3174
ord6058
ord3946
ord5440
ord2471
ord1461
ord2932
ord4100
ord894
ord3990
ord2121
ord5636
ord2066
ord2254
ord5327
ord6293
ord5316
ord6282
ord5524
ord3927
ord2261
ord4074
ord5705
ord277
ord4945
ord4642
ord753
ord5609
ord6251
ord1006
ord326
ord563
ord1627
ord1539
ord3166
ord592
ord3872
ord1545
ord3189
ord620
ord860
ord3644
ord3471
ord4126
ord1999
ord1293
ord4125
ord4668
ord4955
ord4501
ord4940
ord4643
ord4958
ord5047
ord4799
ord4358
ord4704
ord4790
ord4957
ord4371
ord4370
ord4281
ord4788
ord4942
ord4194
ord4667
ord4510
ord4965
ord4474
ord4523
ord4964
ord1198
ord4495
ord4362
ord4433
ord5043
ord4553
ord4914
ord4514
ord4513
ord4908
ord3734
ord4438
ord4437
ord4784
ord4198
ord4775
ord4383
ord4974
ord4165
ord4172
ord4581
ord4770
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4857
ord4854
ord3968
ord5910
ord1610
ord5202
ord3338
ord1351
ord5162
ord1553
ord2711
ord4267
ord648
ord4121
ord4347
ord2413
ord2414
ord2415
ord2412
ord2411
ord410
ord6115
ord3215
ord3645
ord3869
ord5862
ord5869
ord2876
ord1476
ord2083
ord1632
ord1562
ord4232
ord3224
ord658
ord3873
ord3983
ord3789
ord4558
ord5053
ord5791
ord2611
ord5989
ord5987
ord1636
ord1577
ord3298
ord730
ord2857
ord2827
ord1330
ord458
ord736
ord1637
ord1579
ord3306
ord5965
ord777
ord1925
ord3204
ord3674
ord6140
ord741
ord764
ord572
ord3311
ord4255
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2985
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4234
ord1393
ord3940
ord1608
ord1611
ord5911
ord1582
ord2086
ord1058
ord1274
ord2365
ord1946
ord3238
ord2085
ord4094
ord909
ord722
ord4840

msvcr71

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
__security_error_handler
_cexit
_XcptFilter
_exit
?terminate@@YAXXZ
memset
abort
perror
??1type_info@@UAE@XZ
__dllonexit
exit
_onexit
__CxxFrameHandler
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
fclose
fprintf
_controlfp
_c_exit
fopen
sprintf
fgets
atoi
sscanf
fwrite
fread
_mktime64
_localtime64
_except_handler3
free
malloc
wcscpy
wcslen
memmove
atof
fscanf
_resetstkoflw
mbstowcs
isprint
isspace
tolower
isalnum
strncpy
strstr
strncmp
rand

kernel32

LoadResource
GetModuleHandleA
GetStartupInfoW
ExitProcess
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
SetPriorityClass
CreateFileW
DeviceIoControl
GetLastError
CreateThread
Sleep
CloseHandle
EnterCriticalSection
InterlockedExchange
GetVersionExW
WideCharToMultiByte
GetCommandLineW
FreeLibrary
LoadLibraryW
GetWindowsDirectoryW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersion
MultiByteToWideChar
FreeResource
QueryPerformanceCounter
LockResource
FindResourceW
lstrcmpiW
lstrlenW
GetVersionExA
GetSystemDefaultLangID
LeaveCriticalSection
GetCPInfo

user32

DrawTextExW
GrayStringW
DrawIconEx
SystemParametersInfoW
GetMenuItemInfoW
DrawStateW
IsMenu
GetIconInfo
InflateRect
OffsetRect
FrameRect
DrawFocusRect
GetNextDlgTabItem
WindowFromPoint
DestroyCursor
LoadImageW
UpdateWindow
SetWindowLongW
MessageBoxA
DrawEdge
GetSysColorBrush
FillRect
GetSysColor
CopyRect
SetRect
GetMessagePos
ScreenToClient
PtInRect
LoadCursorW
CopyIcon
SetCursor
GetCursorPos
GetActiveWindow
FlashWindow
CreateIconIndirect
DestroyIcon
ShowWindow
DrawIcon
SetWindowPos
GetSystemMetrics
FindWindowW
RedrawWindow
IsIconic
SetForegroundWindow
GetDesktopWindow
IsWindowVisible
LoadIconW
GetWindowRect
GetParent
PostMessageW
GetWindowLongW
SendMessageW
GetFocus
KillTimer
SetTimer
InvalidateRect
ClientToScreen
GetClientRect
LoadBitmapW
DrawTextW
TabbedTextOutW
ReleaseDC
GetDC
wsprintfW
EnableWindow
CreateMenu
CreatePopupMenu
DeleteMenu
AppendMenuW
GetSubMenu
GetMenuState
ModifyMenuW
SetMenuItemBitmaps
LoadMenuW
GetMenuItemCount
GetMenuItemID

gdi32

CreateBitmap
SetBkColor
SetTextColor
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetPixel
GetPixel
PatBlt
Ellipse
GetBkMode
GetDeviceCaps
CreatePen
CreateDIBSection
SelectObject
CreateSolidBrush
DeleteDC
GetStockObject
CreateFontIndirectW
DeleteObject
GetTextExtentPoint32W
StretchBlt
BitBlt
CreateCompatibleDC
GetObjectW
CreateCompatibleBitmap
CreateFontW
SetDIBColorTable

msimg32

GradientFill
TransparentBlt

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteExW
CommandLineToArgvW
Shell_NotifyIconW
ShellExecuteW

comctl32

ImageList_Replace
ImageList_GetIcon
ImageList_ReplaceIcon
ord17
ImageList_Draw
_TrackMouseEvent
ImageList_AddMasked
ImageList_GetImageCount

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleCreateStaticFromData

ws2_32

WSAStartup
inet_addr
gethostbyname
closesocket
listen
bind
socket
setsockopt
ioctlsocket
WSAGetLastError
WSASendTo
WSARecvFrom
__WSAFDIsSet
select
htonl
htons
ntohs
WSACleanup
ntohl

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

gdiplus

GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePaletteSize
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown
GdipFree
GdipGetImageGraphicsContext
GdipDrawImageI
GdipAlloc
GdipCloneImage
GdipDeleteGraphics

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 212KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38d49c9710979bdc86ae736173a85010

Headers

File Characteristics

Imports

skinhu

winmm

mfc71u

msvcr71

kernel32

user32

gdi32

msimg32

advapi32

shell32

comctl32

ole32

ws2_32

msvcp71

gdiplus

iphlpapi

Sections

.text Size: 252KB - Virtual size: 251KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 4KB - Virtual size: 157KB

.rsrc Size: 212KB - Virtual size: 210KB

.text
Size: 252KB - Virtual size: 251KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 4KB - Virtual size: 157KB

.rsrc
Size: 212KB - Virtual size: 210KB