b7b3f38288042d0cfb45bb79e875ae800166f922ba473fb6b9de032aaadf9b63

Sharing

Copy URL Twitter E-mail

General

Target

b7b3f38288042d0cfb45bb79e875ae800166f922ba473fb6b9de032aaadf9b63
Size

609KB
MD5

8c46d30c22042f05e79c62536016ed68
SHA1

fdd1074d13cb93e8f85a06d2723f43f0bc623d64
SHA256

b7b3f38288042d0cfb45bb79e875ae800166f922ba473fb6b9de032aaadf9b63
SHA512

6a4ffe0d245e9e863cb7fc3148bbb96f096e7efc77bffe51cedf2bb5ca54613b771c74bf6c499d648131f6c584fda53d5a0112c10d748bea4d1525bacd84f3c5
SSDEEP

12288:ZeBSiARD1fuZZxRgDCsk5WasCd8VQAcczHUOr83XfwoEb39sm+mHXTJ:ZBiARUZlgDCsk5WasCe0OrewoEbtsm+a

Score

N/A

Malware Config

Signatures

Files

b7b3f38288042d0cfb45bb79e875ae800166f922ba473fb6b9de032aaadf9b63
.exe windows x86

f2d09b50e50f410841d624a3b62202a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalHandle
GlobalUnlock
GlobalFree
FlushInstructionCache
VirtualProtect
HeapDestroy
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
RaiseException
GetCurrentThreadId
GetExitCodeThread
GetLastError
SetLastError
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ResumeThread
IsDebuggerPresent
DebugBreak
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
PulseEvent
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
LoadResource
SizeofResource
GetFileSizeEx
WriteFile
ReadFile
DeviceIoControl
SetFileTime
CloseHandle
DuplicateHandle
MulDiv
GetSystemTimeAsFileTime
GetSystemInfo
FileTimeToLocalFileTime
MultiByteToWideChar
FormatMessageW
lstrcpyW
lstrlenA
GlobalSize
WaitForMultipleObjectsEx
CreateEventW
CreateSemaphoreW
GetLogicalDriveStringsW
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
CreateProcessW
GetStartupInfoW
GetCommandLineW
OutputDebugStringW
FindResourceW
FindResourceExW
GetTempPathW
GetWindowsDirectoryW
GetCurrentDirectoryW
CreateFileW
CancelIo
SetPriorityClass
RegisterWaitForSingleObject
UnregisterWait
QueueUserWorkItem
GetVersionExW
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetThreadLocale
GetUserDefaultUILanguage
WriteConsoleW
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
LoadLibraryA
FreeLibrary
InterlockedExchange
GlobalLock
GlobalReAlloc
GlobalAlloc
LockResource
FreeResource
InterlockedDecrement
InterlockedIncrement
GetModuleHandleExW
GetProcAddress
lstrlenW
WideCharToMultiByte
GetTickCount

user32

TrackPopupMenu
InsertMenuItemW
UpdateWindow
AllowSetForegroundWindow
GetDC
ReleaseDC
InvalidateRect
RedrawWindow
SetPropW
GetPropW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBoxW
SetCursor
GetCursorPos
MapWindowPoints
GetSysColor
IntersectRect
GetWindowLongW
SetWindowLongW
SetProcessDefaultLayout
GetParent
EnumChildWindows
FindWindowW
CheckMenuItem
DestroyIcon
LoadImageW
IsDialogMessageW
SystemParametersInfoW
MonitorFromPoint
GetMonitorInfoW
CreateDialogParamW
IsZoomed
IsWindowVisible
GetWindowPlacement
SetWindowPos
ShowWindowAsync
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
CallWindowProcW
PostQuitMessage
PostMessageW
RegisterDeviceNotificationW
SendMessageW
GetMessageTime
PeekMessageW
DispatchMessageW
DestroyMenu
CreatePopupMenu
GetMenuState
GetMenu
GetSystemMetrics
TranslateAcceleratorW
DestroyAcceleratorTable
LoadAcceleratorsW
EnableWindow
MsgWaitForMultipleObjectsEx
GetKeyState
GetFocus
SetFocus
CharNextW
TranslateMessage
GetMessageW
TrackMouseEvent
RegisterWindowMessageW
wvsprintfW
LoadStringW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetDialogBaseUnits
GetDlgItem
LoadCursorW
CreateDialogIndirectParamW
DefWindowProcW

gdi32

CreateFontIndirectW
DeleteObject
GetDeviceCaps
GetTextExtentPoint32W
RestoreDC
SaveDC
SelectObject
GetTextMetricsW
DeleteDC

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

Shell_NotifyIconW
ShellExecuteExW
SHGetFileInfoW
SHParseDisplayName
ord24
ord23
ord17
ord18
SHGetDesktopFolder
SHBrowseForFolderW
SHOpenFolderAndSelectItems
SHGetPathFromIDListW
ShellExecuteW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysAllocString
SysStringLen
SysFreeString

shlwapi

SHAutoComplete

msvcp60

??0out_of_range@std@@QAE@ABV01@@Z
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1out_of_range@std@@UAE@XZ
?_Doraise@runtime_error@std@@MBEXXZ
btowc
wctob
??0bad_cast@std@@QAE@PBD@Z
_Tolower
_Toupper
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getctype@_Locinfo@std@@QBE?AU_Ctypevec@@XZ
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
??0locale@std@@QAE@XZ
??0locale@std@@QAE@ABV01@@Z
??1locale@std@@QAE@XZ
??4locale@std@@QAEAAV01@ABV01@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
?_Iscloc@locale@std@@QBE_NXZ
??0ctype_base@std@@QAE@I@Z
??1ctype_base@std@@UAE@XZ
?is@?$ctype@D@std@@QBEPBDPBD0PAF@Z
?tolower@?$ctype@D@std@@QBEDD@Z
?widen@?$ctype@D@std@@QBEDD@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??1?$ctype@D@std@@UAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
?fail@ios_base@std@@QBE_NXZ
?setf@ios_base@std@@QAEHHH@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?imbue@?$basic_ios@GU?$char_traits@G@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??0logic_error@std@@QAE@ABV01@@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@G@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1bad_cast@std@@UAE@XZ
?do_tolower@?$ctype@D@std@@MBEDD@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_toupper@?$ctype@D@std@@MBEDD@Z
?do_toupper@?$ctype@D@std@@MBEPBDPADPBD@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1facet@locale@std@@UAE@XZ
??0facet@locale@std@@IAE@I@Z
??0locale@std@@QAE@PBDH@Z
?flags@ios_base@std@@QBEHXZ
?precision@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?width@ios_base@std@@QAEHH@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?register_callback@ios_base@std@@QAEXP6AXW4event@12@AAV12@H@ZH@Z
?decimal_point@?$numpunct@G@std@@QBEGXZ
?thousands_sep@?$numpunct@G@std@@QBEGXZ
?grouping@?$numpunct@G@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?falsename@?$numpunct@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?truename@?$numpunct@G@std@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??0?$numpunct@G@std@@QAE@I@Z
??1?$numpunct@G@std@@UAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?init@?$basic_ios@GU?$char_traits@G@std@@@std@@IAEXPAV?$basic_streambuf@GU?$char_traits@G@std@@@2@_N@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
?do_decimal_point@?$numpunct@G@std@@MBEGXZ
?do_falsename@?$numpunct@G@std@@MBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?do_grouping@?$numpunct@G@std@@MBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?do_thousands_sep@?$numpunct@G@std@@MBEGXZ
?do_truename@?$numpunct@G@std@@MBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?nothrow@std@@3Unothrow_t@1@B
?id@?$numpunct@G@std@@2V0locale@2@A
??1logic_error@std@@UAE@XZ
?what@runtime_error@std@@UBEPBDXZ
?what@logic_error@std@@UBEPBDXZ
?_Xran@std@@YAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?_Xlen@std@@YAXXZ
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z

comctl32

ImageList_Create
ImageList_GetImageInfo
CreateStatusWindowW
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_GetImageCount

uxtheme

CloseThemeData
SetWindowTheme
OpenThemeData

msvcrt

_isatty
__CxxFrameHandler
??2@YAPAXI@Z
?terminate@@YAXXZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_except_handler3
memcpy
memmove
memset
_purecall
tolower
towlower
free
_ultow
_resetstkoflw
ceil
floor
malloc
realloc
_itow
_wgetenv
_wtoi
_ui64tow
_exit
fprintf
sprintf
fwprintf
_snwprintf
_vsnwprintf
strcspn
wcsncpy
_wcsicmp
iswdigit
_wunlink
_wopen
localeconv
clock
_beginthreadex
_msize
_close
_write
_get_osfhandle
_CIlog
memchr
__argc
__wargv
_iob
_callnewh
??1type_info@@UAE@XZ
__dllonexit
_onexit
_c_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

Sections

.text
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 73KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2d09b50e50f410841d624a3b62202a3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp60

comctl32

uxtheme

msvcrt

Sections

.text Size: 408KB - Virtual size: 408KB

.rdata Size: 72KB - Virtual size: 72KB

.data Size: 73KB - Virtual size: 138KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 22KB - Virtual size: 22KB

.text
Size: 408KB - Virtual size: 408KB

.rdata
Size: 72KB - Virtual size: 72KB

.data
Size: 73KB - Virtual size: 138KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 22KB - Virtual size: 22KB