e0c11377bc70f8958dc5f0ef48041ad10d2561ae7c14751c9a251ca96e2c47eb

Sharing

Copy URL Twitter E-mail

General

Target

e0c11377bc70f8958dc5f0ef48041ad10d2561ae7c14751c9a251ca96e2c47eb
Size

1.0MB
MD5

b136cd86b1520c7340af45e6bf96ee44
SHA1

0b39ee1742fcd4daaaae95fc91c2f55a19857b3e
SHA256

e0c11377bc70f8958dc5f0ef48041ad10d2561ae7c14751c9a251ca96e2c47eb
SHA512

ee433546be1d287e257cadfe9bf740400f9f0e7f244e986656985a5722c63bae1076bec38fbcbeffa05c850218f5deae659df41518337ccac40be6602786f3eb
SSDEEP

12288:K1xg7fsShAivFjOowJNJSNRLfUq8cNBmqbCe888dAFTTTTTTTTSl83:K1xg7fvmidjO7KNRrlBLbz

Score

N/A

Malware Config

Signatures

Files

e0c11377bc70f8958dc5f0ef48041ad10d2561ae7c14751c9a251ca96e2c47eb
.exe windows x86

ae357ccab0523cfdfdb1fa698816dc86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100u

ord12007
ord12548
ord12933
ord8036
ord12930
ord11933
ord12940
ord11936
ord4606
ord3428
ord11997
ord12948
ord4138
ord4909
ord2028
ord1299
ord1301
ord4725
ord6145
ord13605
ord322
ord13391
ord13392
ord1027
ord911
ord3497
ord325
ord480
ord3413
ord12821
ord337
ord13253
ord851
ord7636
ord4150
ord1474
ord277
ord2093
ord1442
ord4519
ord2085
ord1893
ord481
ord1491
ord6414
ord11348
ord13414
ord7880
ord7227
ord2421
ord290
ord287
ord291
ord2025
ord1410
ord1412
ord780
ord1403
ord1405
ord7876
ord1445
ord11530
ord5517
ord7913
ord7914
ord1019
ord11682
ord7661
ord7147
ord468
ord7630
ord7871
ord11838
ord6674
ord7276
ord4100
ord4103
ord4102
ord12504
ord1944
ord6699
ord880
ord6133
ord2850
ord2949
ord1282
ord3495
ord6862
ord2509
ord2119
ord5113
ord4676
ord2878
ord6649
ord1895
ord879
ord6131
ord3489
ord11090
ord10724
ord4412
ord11162
ord13370
ord11070
ord2307
ord2283
ord2308
ord3648
ord3710
ord3737
ord3776
ord3805
ord3779
ord3406
ord7507
ord11401
ord7348
ord8133
ord12817
ord2848
ord2947
ord5189
ord1280
ord7929
ord4802
ord10647
ord6860
ord6362
ord12147
ord7339
ord1013
ord8269
ord2618
ord3438
ord13366
ord2410
ord6398
ord5882
ord2780
ord3751
ord7902
ord7515
ord6289
ord3879
ord1899
ord3702
ord5074
ord10906
ord12153
ord11801
ord2981
ord4358
ord5826
ord1284
ord5461
ord6134
ord3996
ord2220
ord970
ord5846
ord3436
ord2617
ord7901
ord3749
ord2748
ord8266
ord11210
ord5468
ord5809
ord897
ord3397
ord7973
ord5799
ord2185
ord5855
ord3446
ord5862
ord6236
ord12413
ord7006
ord3978
ord13214
ord13220
ord4151
ord4805
ord12951
ord1298
ord1990
ord345
ord11021
ord11786
ord923
ord14203
ord868
ord10969
ord13434
ord2542
ord1987
ord1269
ord11374
ord2620
ord12753
ord3627
ord1978
ord1934
ord2614
ord5264
ord285
ord13127
ord1450
ord2629
ord921
ord948
ord1292
ord7624
ord7548
ord11784
ord13854
ord4744
ord2164
ord11476
ord11477
ord13381
ord7108
ord13387
ord8530
ord3684
ord3625
ord11864
ord7126
ord1739
ord14162
ord10976
ord13267
ord11469
ord7179
ord13570
ord13567
ord13572
ord13569
ord13571
ord13568
ord3416
ord5261
ord11228
ord11236
ord4086
ord7391
ord9498
ord11240
ord11209
ord11845
ord5118
ord9328
ord6140
ord890
ord9447
ord6869
ord11704
ord4890
ord4888
ord5852
ord417
ord1312
ord2068
ord2823
ord13415
ord11353
ord13181
ord1310
ord5229
ord4478
ord1308
ord5558
ord12610
ord2887
ord2884
ord7385
ord2418
ord14146
ord14148
ord14147
ord14145
ord14149
ord14132
ord14059
ord14060
ord8277
ord11081
ord3402
ord10937
ord13380
ord8112
ord6247
ord10045
ord8393
ord2853
ord12724
ord11246
ord11244
ord1501
ord1508
ord1514
ord1512
ord1519
ord4388
ord4425
ord4396
ord4408
ord4404
ord4400
ord4430
ord4421
ord4392
ord374
ord945
ord2184
ord4356
ord1225
ord7277
ord7524
ord5641
ord3846
ord6323
ord1938
ord892
ord1294
ord1440
ord3410
ord5302
ord5807
ord342
ord4113
ord4274
ord320
ord3150
ord2077
ord7399
ord7357
ord2030
ord8599
ord12012
ord1296
ord6661
ord3954
ord12775
ord12777
ord796
ord11974
ord341
ord11999
ord919
ord11954
ord6096
ord4355
ord12776
ord2763
ord1313
ord293
ord10409
ord788
ord12871
ord12182
ord4139
ord1212
ord10142
ord4806
ord4434
ord4413
ord4379
ord4383
ord4416
ord3999
ord14067
ord3992
ord2665
ord13382
ord7109
ord13388
ord6156
ord10725
ord12557
ord5276
ord2339
ord3491
ord2952
ord2951
ord2852
ord11159
ord4642
ord4923
ord5115
ord8483
ord4901
ord5143
ord4645
ord4794
ord4623
ord6931
ord6932
ord6922
ord4792
ord7393
ord9333
ord8346
ord869
ord1270
ord4360
ord1905
ord2188
ord4359
ord3482
ord7903
ord11870
ord11511
ord11493
ord12628
ord1911
ord12157
ord3754
ord5900
ord13396
ord265
ord4331
ord266
ord11330
ord2057
ord6036
ord13133
ord11998
ord7967
ord7529
ord3703
ord296
ord4290
ord280
ord11116
ord12801
ord2064
ord2062
ord286
ord7618
ord902
ord6080
ord6870
ord2980
ord2756
ord5556
ord12606
ord2417
ord11163
ord8347
ord5828
ord1006
ord920
ord7095
ord5164
ord5200
ord8509
ord12186
ord5227
ord10058
ord11940
ord13305
ord1986
ord4289
ord917
ord3746
ord2746
ord8264
ord5802
ord5801
ord7512
ord6243
ord1476
ord1479
ord3380
ord3361
ord8179
ord6711
ord422
ord4511
ord5563
ord11494
ord3628
ord5652
ord980
ord9525
ord13047
ord2773
ord381
ord457
ord11683
ord11123
ord7251
ord10412
ord3261
ord3258
ord1300
ord2089

msvcr100

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
?terminate@@YAXXZ
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_wmkdir
wcschr
qsort
iswalpha
iswdigit
iswspace
iswalnum
iswxdigit
iswprint
_wtol
calloc
wcsncpy_s
wcscpy_s
strchr
swscanf_s
memcpy
malloc
ldiv
_wcslwr_s
_CIsqrt
wcsstr
_purecall
_wtoi
memmove_s
free
_wcsdup
_time64
_localtime64_s
memset
memcpy_s
__CxxFrameHandler3
_CxxThrowException

kernel32

IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
DecodePointer
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
LocalFree
GetPrivateProfileIntW
GetModuleFileNameW
lstrcpynW
GetTickCount
GetVersionExW
WideCharToMultiByte
EnumResourceTypesW
EnumResourceLanguagesW
MultiByteToWideChar
EnumResourceNamesW
GetPrivateProfileStringW
lstrcmpA
WritePrivateProfileStringW
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SizeofResource
FindResourceW
LoadResource
LockResource
FreeResource
InterlockedIncrement
GetCurrentThreadId
GetModuleHandleA
FreeLibrary
MulDiv
lstrlenW
GlobalAlloc
GlobalLock
lstrcpyW
GlobalUnlock
GlobalFree
EnumSystemCodePagesW
GetCPInfoExW
ActivateActCtx
DeactivateActCtx
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
CreateMutexW
GetLastError
ReleaseMutex

user32

SetWindowRgn
wsprintfW
InflateRect
mouse_event
GetClassLongW
SetClassLongW
MessageBeep
ShowCaret
HideCaret
GetSysColorBrush
GetNextDlgTabItem
RedrawWindow
SetWindowPos
KillTimer
SetTimer
IsWindowVisible
EqualRect
GetCursor
WindowFromPoint
LookupIconIdFromDirectoryEx
RegisterClipboardFormatW
CreateIconFromResourceEx
CreateIconIndirect
DestroyIcon
CopyIcon
GetIconInfo
LoadImageW
SetWindowLongW
RegisterWindowMessageW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetWindowLongW
GetMessageW
DispatchMessageW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetCapture
ClientToScreen
IntersectRect
SetRectEmpty
SetRect
PtInRect
CopyRect
DefWindowProcW
GetForegroundWindow
UpdateWindow
DrawIconEx
DestroyCursor
FillRect
OffsetRect
IsRectEmpty
GetSystemMetrics
DrawStateW
LoadCursorW
SetCursor
SystemParametersInfoW
SetCapture
ReleaseDC
GetDC
InvertRect
GetFocus
GetKeyState
GetCaretPos
DrawFrameControl
DrawFocusRect
IsClipboardFormatAvailable
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
ReleaseCapture
GetSysColor
PostMessageW
SetPropW
GetCursorPos
LoadIconW
SetActiveWindow
ScreenToClient
GetClientRect
GetWindowRect
SendMessageW
LoadBitmapW
GetDesktopWindow
GetWindow
IsWindow
GetPropW
IsIconic
ShowWindow
SetForegroundWindow
GetLastActivePopup
EnableWindow
GetParent
InvalidateRect
LoadMenuW
GetSubMenu

gdi32

StretchBlt
ExtCreateRegion
GetBitmapBits
GetDIBits
SetStretchBltMode
SetBkColor
SetTextColor
CreateBitmap
CreateFontIndirectW
DeleteDC
CreateDIBSection
DeleteObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetPixel
BitBlt
PatBlt
Polygon
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetDeviceCaps
GetStockObject
GetTextMetricsW
GetTextExtentPoint32W
FillRgn
CreatePolygonRgn
CreateRectRgn
SelectObject
GetObjectW
GetTextColor
GetBkColor
CreatePen
CreateSolidBrush

advapi32

RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
DragQueryFileW
DragFinish

comctl32

ImageList_GetImageCount
ImageList_DrawIndirect
ImageList_GetIconSize
ImageList_DrawEx
ImageList_Destroy
_TrackMouseEvent

ole32

OleRun
CoCreateInstance

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VarBstrFromDate
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
GetErrorInfo

smartpublic

??1CSPBlockMainInfo@@UAE@XZ
?Serialize@CSPBlockMainInfo@@UAEXAAVCArchive@@@Z
??0CSPBlockMainInfo@@QAE@ABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
?GetDelimiter@CSPLinesData@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?SetQualifier@CSPLinesData@@QAEXABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?LoadCategory@CSPLinesData@@QAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetQualifier@CSPLinesData@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
?CleanCategory@CSPLinesData@@QAEXXZ
?SetFileName@CSPLinesData@@QAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SetPageCode@CSPLinesData@@QAEHABI@Z
??0CSPBlockTableInfo@@QAE@ABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
?GetText2Array@CSPLinesData@@QAEHABH@Z
?GetBtiFileName@CSPLinesData@@SA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABV23@@Z
?SaveCategoryData@CSPLinesData@@QAEHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetFileName@CSPLinesData@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ
??1SP_Fixed_Field_Info@@QAE@XZ
?RregEXLine@CSPLinesData@@SAHABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
?GetArrText@CSPLinesData@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@ABH@Z
??0CSPLinesData@@QAE@XZ
??1CSPLinesData@@UAE@XZ
?IsDataFileFixed@CSPLinesData@@QAEHABH@Z
?GetCategoryData@CSPLinesData@@QAEHAAVCStringArray@@AAV?$CArray@PAVCSPBlockData_Row@@PAV1@@@@Z
??1CSPBlockTableInfo@@UAE@XZ
?Serialize@CSPBlockTableInfo@@UAEXAAVCArchive@@@Z
??0SP_Fixed_Field_Info@@QAE@ABH00ABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?GetText2Array@CSPLinesData@@SAHIV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@AAVCStringArray@@ABH@Z
?SetDelimiter@CSPLinesData@@QAEXABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 631KB - Virtual size: 631KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae357ccab0523cfdfdb1fa698816dc86

Headers

DLL Characteristics

File Characteristics

Imports

mfc100u

msvcr100

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

smartpublic

Sections

.text Size: 266KB - Virtual size: 265KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 631KB - Virtual size: 631KB

.reloc Size: 56KB - Virtual size: 55KB

.text
Size: 266KB - Virtual size: 265KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 631KB - Virtual size: 631KB

.reloc
Size: 56KB - Virtual size: 55KB