2ab94c12ebbe6ca19af99d41b7f452618ab730010e927f24cc397df052808426

Sharing

Copy URL

Twitter E-mail

General

Target

2ab94c12ebbe6ca19af99d41b7f452618ab730010e927f24cc397df052808426
Size

1.3MB
MD5

433c9fb6f0e5566793341dc7f5a89de4
SHA1

ec4680c9e0e98fbcad4e956e02e1557527131c48
SHA256

2ab94c12ebbe6ca19af99d41b7f452618ab730010e927f24cc397df052808426
SHA512

dc87c411058a84c1e8327225dc846c59f56fa4b5356116949433740d98b10b3c2aa7a5d5a5101bc15392204423502f3c45bc2995430dfdfbf74b130a1e95be5d
SSDEEP

24576:Yl2ZDBaZPAr1/wWeFbL888kaNeR7CjfM0ZBpQcYt+LmiG/a4R5V2b:zuOPq7f0ZBnYCsO

Score

1^/10

Malware Config

Signatures

Files

2ab94c12ebbe6ca19af99d41b7f452618ab730010e927f24cc397df052808426
.exe windows x86

776e1a020754b3f79cd2a9505b7fa751

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
FreeLibrary
InterlockedDecrement
lstrlenW
LoadLibraryW
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
CreateEventW
SetEvent
GetTickCount
GetFileSize
lstrcpyW
lstrcmpiW
CompareStringW
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
WriteFile
InterlockedIncrement
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
TerminateThread
WaitForSingleObject
GetLocalTime
OutputDebugStringW
GetCurrentProcessId
FreeResource
SizeofResource
LockResource
GetProcAddress
FindResourceW
GetVersionExW
ResetEvent
WaitForMultipleObjects
SetFileAttributesW
SetCurrentDirectoryW
CreateProcessW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetTempPathW
GetStdHandle
LoadLibraryExW
GetWindowsDirectoryW
GetSystemDirectoryW
SetFileTime
MoveFileW
CreateDirectoryW
GetShortPathNameW
GetFullPathNameW
GetCurrentDirectoryW
SearchPathW
GetTempFileNameW
FindCloseChangeNotification
FindFirstChangeNotificationW
GetLogicalDriveStringsW
SetFilePointer
GetFileInformationByHandle
SetEndOfFile
CompareFileTime
FileTimeToSystemTime
OpenProcess
TerminateProcess
GetCurrentProcess
FlushInstructionCache
CopyFileW
ExitProcess
CreateMutexW
GetLastError
EnterCriticalSection
LeaveCriticalSection
CreateFileW
ReadFile
CloseHandle
GetCommandLineW
GetUserDefaultLangID
GetSystemDefaultLangID
GetCurrentThreadId
Sleep
DeleteFileW
LoadResource
GetStartupInfoW

user32

EnableWindow
DrawTextW
MoveWindow
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
GetDC
OffsetRect
CharNextW
SetWindowTextW
UpdateWindow
EndDialog
GetDlgItem
ScreenToClient
SetDlgItemTextW
IsWindowVisible
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
CreateWindowExW
LoadStringW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowW
SetRectEmpty
GetCursorPos
ReleaseCapture
GetCapture
SetCapture
MessageBoxW
PostThreadMessageW
CreateDialogParamW
SetFocus
SetCursor
PtInRect
InvalidateRect
EndPaint
BeginPaint
GetDlgCtrlID
FillRect
DrawFocusRect
GetFocus
GetSysColor
IsWindowEnabled
CharLowerW
GetForegroundWindow
GetParent
GetActiveWindow
ShowWindow
PostMessageW
SetTimer
IsDialogMessageW
PostQuitMessage
DestroyWindow
LoadImageW
GetSystemMetrics
KillTimer
SetForegroundWindow
SendMessageW
IsWindow
GetWindowLongW
DefWindowProcW
SetWindowLongW
CallWindowProcW
CharToOemW
CharUpperW
GetDesktopWindow
DrawIcon
ReleaseDC
FindWindowExW
GetWindowThreadProcessId

gdi32

SetBkMode
CreateBrushIndirect
SetTextColor
CreateCompatibleDC
DeleteObject
DeleteDC
GetStockObject
GetObjectW
CreateFontIndirectW
BitBlt
SelectObject
CreateSolidBrush

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantCopy
SysAllocString

shlwapi

PathRemoveFileSpecW
PathAddBackslashW
PathFindFileNameW
PathFileExistsW
PathCombineW
StrStrIW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

iphlpapi

GetAdaptersInfo

msvcp60

?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?_Refcnt@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEAAEPBG@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBGI@Z
??8std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??_7out_of_range@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Xlen@std@@YAXXZ
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ

psapi

EnumProcesses
EnumProcessModules
GetModuleFileNameExW
GetModuleBaseNameW

comctl32

InitCommonControlsEx
_TrackMouseEvent

wininet

InternetErrorDlg
InternetOpenW
HttpQueryInfoW
InternetSetStatusCallbackW
InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetReadFileExA
InternetConnectW

msvcrt

wcscat
vswprintf
_wcslwr
wcscmp
wcspbrk
wcschr
wcstok
swprintf
wcsncmp
wcsncpy
rand
malloc
_wtoi
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_ftol
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_beginthreadex
memmove
wcsstr
free
wcscpy
realloc
_wcsicmp
__CxxFrameHandler
wcslen
_purecall
tolower
wcsrchr
_exit
_controlfp
_onexit
__dllonexit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
_waccess
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ

Sections

.text
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 976KB - Virtual size: 976KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

776e1a020754b3f79cd2a9505b7fa751

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

iphlpapi

msvcp60

psapi

comctl32

wininet

msvcrt

Sections

.text Size: 300KB - Virtual size: 297KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 976KB - Virtual size: 976KB

.text
Size: 300KB - Virtual size: 297KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 976KB - Virtual size: 976KB