e3b4e736e68e6500a109eb4d91e338d4376322814bd6b387d23b939b63da28e6

Sharing

Copy URL Twitter E-mail

General

Target

e3b4e736e68e6500a109eb4d91e338d4376322814bd6b387d23b939b63da28e6
Size

2.6MB
MD5

64e808145fe75d9d371074d962b79a33
SHA1

ce0e8940483bbc5a14cca9679c01950dfb7aaf73
SHA256

e3b4e736e68e6500a109eb4d91e338d4376322814bd6b387d23b939b63da28e6
SHA512

922e1b952612a7e1996d273eb824aa98c930a715a098a4f3c705bf3b3f7b9b45639d58020004df1dfc00c21ce57737040708fa99d4851eb778640887d3c014fb
SSDEEP

24576:eQpQkvrhErG9u57ln7hv8SVlh1elmCl883JYnhrEH22s7/NOFvQM2VTQ1arAE2fw:HpQkyl9relPuzEvUT+Fk/l

Score

N/A

Malware Config

Signatures

Files

e3b4e736e68e6500a109eb4d91e338d4376322814bd6b387d23b939b63da28e6
.exe windows x86

138008238924ab667563abfb60e3789f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord6865
ord6640
ord6921
ord2800
ord860
ord2910
ord539
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord561
ord1190
ord6113
ord617
ord5297
ord5208
ord296
ord2550
ord986
ord5910
ord411
ord4154
ord2613
ord1131
ord1202
ord2717
ord1148
ord3568
ord1634
ord3621
ord2406
ord4604
ord1172
ord3442
ord3191
ord1996
ord802
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4414
ord4947
ord2391
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord652
ord338
ord4817
ord4852
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4335
ord4343
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4103
ord5236
ord1719
ord4426
ord5256
ord6896
ord4211
ord3785
ord5641
ord5579
ord6489
ord542
ord2290
ord6871
ord6565
ord3180
ord798
ord6388
ord5188
ord533
ord2286
ord1567
ord2757
ord2574
ord4396
ord3635
ord693
ord4238
ord3296
ord4266
ord3298
ord1834
ord5097
ord5248
ord384
ord4146
ord3364
ord3618
ord686
ord4237
ord3566
ord2857
ord2088
ord3991
ord2092
ord6193
ord2371
ord2746
ord6898
ord3993
ord3605
ord2567
ord4390
ord3569
ord656
ord609
ord2070
ord2855
ord6437
ord5278
ord340
ord5568
ord896
ord665
ord354
ord2385
ord3806
ord2732
ord2793
ord879
ord882
ord703
ord603
ord1981
ord2446
ord6385
ord3313
ord1961
ord273
ord404
ord551
ord5852
ord1971
ord6381
ord5180
ord941
ord543
ord803
ord500
ord772
ord5856
ord6138
ord1824
ord5647
ord3121
ord350
ord3348
ord3574
ord614
ord1941
ord6567
ord2615
ord3025
ord4270
ord2631
ord6451
ord3792
ord6105
ord6331
ord2538
ord291
ord3490
ord755
ord470
ord2854
ord2559
ord5871
ord5783
ord283
ord3133
ord3701
ord3232
ord1594
ord924
ord3253
ord3998
ord826
ord824
ord640
ord1633
ord323
ord613
ord5777
ord2706
ord289
ord5781
ord290
ord1791
ord1263
ord3737
ord2606
ord6375
ord1230
ord859
ord4199
ord1173
ord1859
ord816
ord562
ord1226
ord4280
ord4118
ord1137
ord4272
ord6597
ord6466
ord4294
ord2372
ord4279
ord4119
ord3798
ord5627
ord2373
ord3084
ord1821
ord2081
ord5945
ord4042
ord2914
ord1214
ord1875
ord3079
ord2745
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord5142
ord3711
ord790
ord6107
ord2105
ord3614
ord2235
ord1231
ord6398
ord6399
ord3516
ord1252
ord366
ord402
ord805
ord6592
ord6150
ord2522
ord4051
ord5467
ord4116
ord2381
ord1702
ord5230
ord6365
ord5275
ord5244
ord2436
ord620
ord298
ord4225
ord4753
ord2705
ord4128
ord4292
ord2400
ord6376
ord3810
ord6595
ord6561
ord6793
ord6816
ord3517
ord2444
ord3706
ord783
ord2440
ord6022
ord6023
ord4197
ord6397
ord3515
ord2036
ord5830
ord1795
ord1709
ord4448
ord4749
ord2673
ord5147
ord6867
ord4524
ord4538
ord4536
ord4517
ord5681
ord3269
ord439
ord2089
ord736
ord5491
ord6238
ord6316
ord2563
ord3215
ord5047
ord4109
ord1857
ord979
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord6168
ord5869
ord5785
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord3688
ord2397
ord1168
ord1229
ord3491
ord764
ord3023
ord326
ord4704
ord6153
ord1258
ord1560
ord268
ord403
ord3723
ord6303
ord521
ord4162
ord834
ord836
ord2806
ord5210
ord1565
ord849
ord850
ord1989
ord845
ord957
ord1852
ord5445
ord6389
ord909
ord4200
ord3981
ord1769
ord884
ord886
ord463
ord876
ord878
ord2885
ord6568
ord5438
ord3933
ord6279
ord4158
ord4015
ord2719
ord2722
ord2721
ord3175
ord3178
ord3171
ord2144
ord4265
ord3000
ord2127
ord3727
ord556
ord809
ord2114
ord1932
ord1787
ord1794
ord3088
ord2558
ord6166
ord4334
ord4341
ord4714
ord4883
ord4957
ord4954
ord6050
ord5277
ord3743
ord1718
ord365
ord784
ord1833
ord4236
ord2680
ord5031
ord610
ord6285
ord6135
ord968
ord3465
ord455
ord287
ord1807
ord472
ord2442
ord1563
ord1194
ord5602
ord5784
ord3915
ord1863
ord1000
ord5585
ord394
ord696
ord3430
ord4180
ord4369
ord4846
ord1900
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord771
ord2033
ord498
ord3470
ord4254
ord5845
ord4709

msvcrt

_itoa
__CxxFrameHandler
wcscmp
memmove
_wcsicmp
_wtoi
_wcsdup
free
_wmkdir
rand
srand
time
sprintf
_vsnwprintf
wcslen
wcscat
_itow
_snwprintf
_wstrdate
_wstrtime
_wrename
_purecall
swscanf
_ftol
strchr
_beginthreadex
_CxxThrowException
wcschr
qsort
malloc
_CIpow
wcscpy
wcsstr
_wcslwr
wcstod
wcsncpy
calloc
iswxdigit
iswalnum
iswspace
iswdigit
iswprint
iswalpha
_wsplitpath
isprint
swprintf
isxdigit
_wtol
wcstok
wcsncmp
_snprintf
longjmp
fprintf
_iob
abort
_setjmp3
fread
strtod
_waccess
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp

kernel32

ReleaseMutex
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CreateMutexW
LoadLibraryW
ReleaseSemaphore
WaitForSingleObject
GetExitCodeThread
GetModuleFileNameW
ExitThread
MoveFileExW
lstrlenW
TerminateThread
GetCurrentThreadId
GetCurrentProcessId
DeleteFileW
CloseHandle
CreateFileW
FindClose
FindFirstFileW
InitializeCriticalSection
GetLocaleInfoW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
CreateSemaphoreW
LocalFree
lstrlenA
CreateDirectoryW
CreateEventW
WaitForMultipleObjects
ResetEvent
SetEvent
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedIncrement
GetProcAddress
GetModuleHandleW
FreeLibrary
LoadLibraryA
GetVersion
lstrcpynW
GetTickCount
GetCurrentDirectoryW
CompareStringW
MulDiv
GetFileAttributesW
LockResource
LoadResource
FindResourceW
Sleep
GetModuleHandleA
GlobalUnlock
GlobalLock
GetCPInfoExW
SizeofResource
GlobalAlloc
lstrcmpA
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
GetTempFileNameW
GetTempPathW
GetPrivateProfileStringW
EnumResourceNamesW
EnumResourceTypesW
EnumResourceLanguagesW
GetVersionExW
ResumeThread
SetThreadPriority
GlobalFree
InterlockedDecrement
GlobalSize
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationW
SuspendThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetNumberFormatW
lstrcpyW
GetDriveTypeW
GetPrivateProfileIntW
lstrcmpiW
EnumSystemCodePagesW
GetStartupInfoW

user32

GetMenuDefaultItem
GetIconInfo
CreateIconIndirect
CreatePopupMenu
GetMenuStringW
IsClipboardFormatAvailable
IsWindowVisible
SetParent
MapWindowPoints
SetFocus
GetClassNameW
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
IsDialogMessageW
LockWindowUpdate
GetDCEx
ReleaseDC
InvertRect
GetCursorPos
GetSystemMetrics
SetWindowLongW
SetCapture
GetCapture
OffsetRect
GetSystemMenu
GetMenuState
GetDlgItem
AdjustWindowRectEx
GetWindowLongW
SetWindowRgn
SetWindowPos
ReleaseCapture
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
WaitMessage
ClientToScreen
GetTopWindow
SystemParametersInfoW
EqualRect
CopyRect
PtInRect
GetWindowRgn
ScreenToClient
GetDlgCtrlID
WindowFromPoint
IntersectRect
HideCaret
LoadCursorW
SetCursor
ShowCaret
GetNextDlgTabItem
GetKeyState
IsChild
MapVirtualKeyW
EndDeferWindowPos
BeginDeferWindowPos
DestroyIcon
LoadIconW
DrawIconEx
GetClassLongW
MessageBeep
PostMessageW
IsRectEmpty
IsMenu
GetMenuItemCount
GetMenuItemInfoW
GetMenuItemID
SetTimer
KillTimer
SetRectEmpty
DrawStateW
CreateWindowExW
GetWindowTextW
EndDialog
DestroyCursor
GetCaretPos
DeleteMenu
AppendMenuW
EnableMenuItem
DestroyWindow
FindWindowW
InflateRect
LoadBitmapW
GetWindowRect
RegisterWindowMessageW
InvalidateRect
GetClientRect
GetSysColor
GetParent
wsprintfW
UpdateWindow
GetDesktopWindow
GetWindow
IsWindow
GetPropW
IsIconic
ShowWindow
SendMessageW
RedrawWindow
GetSubMenu
LoadMenuW
SetMenu
GetMenu
GetFocus
EnableWindow
GetLastActivePopup
SetMenuDefaultItem
TrackPopupMenu
DestroyMenu
InsertMenuW
GetTabbedTextExtentW
GetActiveWindow
SetActiveWindow
SetScrollPos
EnableScrollBar
ShowScrollBar
CreateCaret
SetCaretPos
DragDetect
DestroyCaret
SetForegroundWindow
GetScrollPos
LoadStringW
SetWindowTextW
GetMessagePos
EmptyClipboard
OpenClipboard
GetClipboardData
CloseClipboard
GetSysColorBrush
GetCursor
LookupIconIdFromDirectoryEx
SetClipboardData
CopyIcon
CreateIconFromResourceEx
LoadImageW
RegisterClipboardFormatW
CallWindowProcW
IsWindowUnicode
GetWindowLongA
SetWindowLongA
GrayStringW
DrawTextW
TabbedTextOutW
GetDialogBaseUnits
UnionRect
DeferWindowPos
MoveWindow
BringWindowToTop
SetClassLongW
IsZoomed
CharUpperW
GetKeyboardLayoutList
GetKeyboardState
ToUnicodeEx
GetKeyboardLayout
MapVirtualKeyExW
GetKeyNameTextW
IsCharLowerW
IsWindowEnabled
LoadAcceleratorsW
CopyAcceleratorTableW
DefWindowProcW
FillRect
DrawEdge
GetScrollInfo
GetDoubleClickTime
SendMessageTimeoutW
GetForegroundWindow
DrawFocusRect
DrawFrameControl
GetDC
SetCursorPos
SetRect
SetPropW

gdi32

EnumFontFamiliesW
FillRgn
RoundRect
CreatePolygonRgn
GetRgnBox
GetWindowOrgEx
GetBkColor
GetTextAlign
SetBoundsRect
GetCharWidthW
SetBrushOrgEx
SetBkMode
GetTextMetricsW
GetBitmapBits
GetDIBits
SetStretchBltMode
SetBkColor
CombineRgn
Escape
ExtTextOutW
RectVisible
PtVisible
CreatePen
Rectangle
Polyline
CreateFontW
SetTextColor
TextOutW
ExtCreateRegion
CreateDIBSection
StretchBlt
CreateFontIndirectW
GetCurrentObject
Polygon
GetPixel
DeleteDC
SetPixel
GetTextColor
GetDeviceCaps
CreateBitmap
CreatePatternBrush
GetViewportOrgEx
EnumFontFamiliesExW
GetTextExtentPoint32W
GetObjectW
CreateCompatibleBitmap
CreateRectRgnIndirect
CreateCompatibleDC
SelectObject
BitBlt
DeleteObject
CreateRectRgn
PtInRegion
PatBlt
GetStockObject
CreateSolidBrush

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW

shell32

SHBrowseForFolderW
SHGetFileInfoW
SHGetMalloc
SHGetSpecialFolderLocation
SHAppBarMessage
SHGetSpecialFolderPathW
DragQueryFileW
DragFinish
Shell_NotifyIconW
SHGetPathFromIDListW
SHGetDesktopFolder
ShellExecuteExW
ShellExecuteW

comctl32

ord17
ImageList_DrawIndirect
ImageList_GetImageInfo
ImageList_Add
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Destroy
ImageList_GetIcon
ImageList_Draw
_TrackMouseEvent
ImageList_AddMasked
ImageList_Create

ole32

CoCreateInstance
CoInitialize
OleInitialize
OleUninitialize
CoUninitialize
DoDragDrop
OleRun
CoInitializeEx

oleaut32

GetErrorInfo
SysStringLen
VariantChangeType
VariantInit
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantChangeTypeEx
SysAllocString
SysFreeString

gdiplus

GdiplusStartup
GdiplusShutdown

smartcontrols

?GetMessageMap@CSCPVC6FileDialog@@MBEPBUAFX_MSGMAP@@XZ
?OnNotify@CSCPVC6FileDialog@@MAEHIJPAJ@Z
?OnFileNameOK@CSCPVC6FileDialog@@MAEHXZ
?OnInitDone@CSCPVC6FileDialog@@MAEXXZ
?OnFileNameChange@CSCPVC6FileDialog@@MAEXXZ
?OnFolderChange@CSCPVC6FileDialog@@MAEXXZ
?OnTypeChange@CSCPVC6FileDialog@@MAEXXZ
?LangSmartControls@@YA_NK@Z
?GetRuntimeClass@CSCPVC6FileDialog@@UBEPAUCRuntimeClass@@XZ
??0CSCPNormalDialog@@QAE@IPAVCWnd@@@Z
?GetMessageMap@CSCPNormalDialog@@MBEPBUAFX_MSGMAP@@XZ
??0CSCPVC6FileDialog@@QAE@HPBG0K0PAVCWnd@@@Z
?DoModal@CSCPVC6FileDialog@@UAEHXZ
??1CSCPVC6FileDialog@@UAE@XZ
?SubClassButton@CSCPNormalDialog@@QAEXHHHHH@Z
?OnInitDialog@CSCPNormalDialog@@UAEHXZ
?messageMap@CSCPNormalDialog@@1UAFX_MSGMAP@@B
??1CSCPNormalDialog@@UAE@XZ
?ChangeCtrlFont@CSCPNormalDialog@@QAEXH@Z

smartconnecter

?CreateAccessDB@CFoDbApi@@SA_NABVCString@@@Z

smartpublic

?ExportData2Excel@CSPVDPSource@@QAEHABVCString@@@Z
??1CFoTabelInfo@@QAE@XZ
?CloseDataBase@@YAXXZ
?GetTableName@CFoTabelInfo@@SA_NAAVCStringArray@@@Z
?IsOpen@CSPVDPSource@@QAE_NXZ
?CreateTable@CFoTabelInfo@@QAE_NXZ
??0CFoTabelInfo@@QAE@ABVCString@@@Z
?AddColume@CFoTabelInfo@@QAE_NABVCString@@@Z
??1CFoRecordInfo@@QAE@XZ
?AddRecord@CFoTabelInfo@@QAE_NAAVCFoRecordInfo@@@Z
?UpdateRecord@CFoTabelInfo@@QAE_NAAVCFoRecordInfo@@@Z
??0CFoRecordInfo@@QAE@XZ
??1CSPLinesData@@UAE@XZ
??0CSPLinesData@@QAE@XZ
?GetText2Array@CSPLinesData@@SAHIVCString@@AAVCStringArray@@ABH@Z
?LangSmartPublic@@YA_NK@Z
??0CSPVDPSource@@QAE@XZ
??1CSPVDPSource@@UAE@XZ
?GetAllData@CSPVDPSource@@QAE_NHH@Z
?Connect@CSPVDPSource@@QAE_N_N@Z
?ChangeDatabase@CSPVDPSource@@QAE_NPAVCWnd@@@Z
?SetDataBase@CSPVDPSource@@QAEXABUstcHokDBSource@@ABVCString@@@Z
?SetCenterWnd@CSPVDPSource@@QAEXPAVCWnd@@@Z
?GetSQL@CSPVDPSource@@QAE?AVCString@@HH@Z
?GetRecordCount@CSPVDPSource@@QAEHXZ
?GetItemRecord@CSPVDPSource@@QAE?AVCString@@ABH0@Z
?ChangeSQLOrder@CSPVDPSource@@QAEXABVCString@@AB_N@Z
?ShowDataConsole@CSPVDPSource@@QAEHXZ
?ChangeSQLTable@CSPVDPSource@@QAEHXZ
?ChangeSQLWhere@CSPVDPSource@@QAEHXZ
?ChangeSQLOrder@CSPVDPSource@@QAE_NXZ
?ChangeCustSQL@CSPVDPSource@@QAE_NABVCString@@@Z
?OpenDataBase@@YA_NAAUstcHokDBSource@@ABVCString@@@Z
?ExportData2Text@CSPVDPSource@@QAEHABVCString@@@Z

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSAStartup
WSACleanup
htons
WSAGetLastError
WSACreateEvent
WSAEnumNetworkEvents
WSAResetEvent
WSAWaitForMultipleEvents
WSACloseEvent
WSAEventSelect
closesocket
WSAIoctl
setsockopt
WSASocketW
listen
bind
htonl
WSAAccept
WSARecv
WSASend

winmm

PlaySoundW

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 748KB - Virtual size: 746KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

138008238924ab667563abfb60e3789f

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

gdiplus

smartcontrols

smartconnecter

smartpublic

version

ws2_32

winmm

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 260KB - Virtual size: 257KB

.data Size: 100KB - Virtual size: 103KB

.rsrc Size: 748KB - Virtual size: 746KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 260KB - Virtual size: 257KB

.data
Size: 100KB - Virtual size: 103KB

.rsrc
Size: 748KB - Virtual size: 746KB