2023-02-27_95274bcbbf888b2e1da305d6154a9253_darkside[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-02-27_95274bcbbf888b2e1da305d6154a9253_darkside.exe
Size

1.8MB
MD5

95274bcbbf888b2e1da305d6154a9253
SHA1

b908f338e9c2d5329a7ed49ced1f5c82caf9680c
SHA256

5ff1695eb390688a52a30183016dd456a70e3f7ec939ee0701cc26f0dffa6606
SHA512

ad1c348c59d1b5edd90b76bc20f19c8ef087782211980d620317e86391d2a5a4dc58f6ebbae8b73efd01edd7a64804bbbb92599b5c11c4edeefaea17e0b7a281
SSDEEP

49152:fCyiwTzYJOM41ZZIXGLQbtaLILLlfiu5C0h:fKu0X4pQb0LI/8ub

Score

1^/10

Malware Config

Signatures

Files

2023-02-27_95274bcbbf888b2e1da305d6154a9253_darkside.exe
.exe windows x86

52a6ce705214ba2f42cb507d6090607c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ewps_cl

??0CEwps_cl@@QAE@HHPA_WH@Z
??1CEwps_cl@@QAE@XZ
?CreateClipList@CEwps_cl@@QAEPAXPAVCWnd@@H@Z
?ShowClipList@CEwps_cl@@QAEXXZ
?HideClipList@CEwps_cl@@QAEXXZ
InitEwpsCl
?CloseClipList@CEwps_cl@@QAEHXZ

picsdk3w32

?PIC_SetPresetOfPresetID@CPicPresetLink@@UAEJJJ@Z
?PIC_SetPresetOfIndex@CPicPresetLink@@UAEJJJ@Z
?PIC_GetPresetOfPresetID@CPicPresetLink@@UAEJAAUPIC_PRESETDATAW@@J@Z
?PIC_GetDevMode@CPicLink@@UAEJPAU_devicemodeW@@AAJ@Z
?PIC_SetToDriver@CPicLink@@UAEJXZ
?PIC_GetPresetOfIndex@CPicPresetLink@@UAEJAAUPIC_PRESETDATAW@@J@Z
?PIC_GetPrintingInfo@CPicLink@@UAEJAAUPIC_PRINTINGINFW@@@Z
?PIC_PrintDialog@CPicLink@@UAEJAAH@Z
?PIC_SetDevMode@CPicLink@@UAEJPBU_devicemodeW@@@Z
?PIC_GetString@CPicLink@@UAEJAAY0BAA@_WJJ@Z
??0CPicPresetLink@@QAE@J@Z
??1CPicPresetLink@@UAE@XZ
?PIC_PrinterSpecifies@CPicPresetLink@@UAEJAAUPIC_PRINTERTYPEW@@AAY0CAA@$$CB_W@Z
?PIC_SetData@CPicLink@@UAEJAAY0EAA@_WABUPIC_DATAINFW@@@Z
?PIC_GetData@CPicLink@@UAEJAAY0EAA@_WAAUPIC_DATAINFW@@@Z
?PIC_GetRange@CPicLink@@UAEJAAUPIC_RANGEINFW@@@Z
?PIC_SelectPreset@CPicPresetLink@@UAEJAAJABUEPUTIL_FILESPECW@@ABUPIC_PRESETINFW@@@Z

ewps_com

?setCategory@ClipAppend@@QAEXPB_W@Z
?setURL@ClipAppend@@QAEXPB_W@Z
?setTitle@ClipAppend@@QAEXPB_W@Z
??1ClipAppend@@QAE@XZ
??0ClipAppend@@QAE@XZ
?getVerAlign@TextObjProperty@@QAE?AW4VerAlign@1@XZ
?setVerAlign@TextObjProperty@@QAEXW4VerAlign@1@@Z
?getHorAlign@TextObjProperty@@QAE?AW4HorAlign@1@XZ
?setHorAlign@TextObjProperty@@QAEXW4HorAlign@1@@Z
?isFontUnderLine@TextObjProperty@@QAE_NXZ
?setFontUnderLine@TextObjProperty@@QAEX_N@Z
?isFontItalic@TextObjProperty@@QAE_NXZ
?setFontItalic@TextObjProperty@@QAEX_N@Z
?isFontBold@TextObjProperty@@QAE_NXZ
?setFontBold@TextObjProperty@@QAEX_N@Z
?getFontColor@TextObjProperty@@QAEIXZ
?setFontColor@TextObjProperty@@QAEXI@Z
?getFontSize@TextObjProperty@@QAENXZ
?setFontSize@TextObjProperty@@QAEXN@Z
?getFontCharset@TextObjProperty@@QAEPB_WXZ
?setFontCharset@TextObjProperty@@QAEXPB_W@Z
??1TextObjProperty@@QAE@XZ
??0TextObjProperty@@QAE@XZ
??0ClipData@@QAE@W4Type@0@_NPAUGraphicEntity@@PAVClipAppend@@PAVTextObjProperty@@@Z
?setBrowser@ClipAppend@@QAEXW4Browser@@@Z
??1ClipData@@QAE@XZ
?getID@ClipData@@QAEHXZ
?getType@ClipData@@QAE?AW4Type@1@XZ
?isChecked@ClipData@@QAE_NXZ
?getGraphicEntity@ClipData@@QAEAAUGraphicEntity@@XZ
?getTextObjProperty@ClipData@@QAEPAVTextObjProperty@@XZ
?setTime@ClipAppend@@QAEXPAU_SYSTEMTIME@@@Z

ewps_comcl

?DeleteInstance@CLContentHandler@@SAXPAV1@@Z
?getClipData@CLContentHandler@@QAEJHPAPAVClipData@@@Z
?getAllClipData@CLContentHandler@@QAEJAAVCPtrList@@@Z
?load@CLContentHandler@@QAEJV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?NewInstance@CLContentHandler@@SAPAV1@XZ
?setGraphicEntity@CLContentHandler@@QAEJHPAUGraphicEntity@@@Z
?getClipCount@CLContentHandler@@QAEJPAH@Z
?unLoad@CLContentHandler@@QAEJXZ
?save@CLContentHandler@@QAEJXZ

ewps_comhp

?DeleteInstance@HPContentHandler@@SAXPAV1@@Z
?getHPInfo@HPContentHandler@@QAEJAAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
?NewInstance@HPContentHandler@@SAPAV1@XZ
?load@HPContentHandler@@QAEJV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?getPageDataInfo@HPContentHandler@@QAEJPAPAUGraphicEntity@@@Z

ewps_lm

?GetLocalizeData@CEwpsLocalizMan@@QAEKIPAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@Z
?GetLocalizeData@CEwpsLocalizMan@@QAEKIPB_WPAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0@Z
??0CEwpsLocalizMan@@QAE@XZ
??1CEwpsLocalizMan@@QAE@XZ
?GetAllLocalizeData@CEwpsLocalizMan@@QAEKPB_W@Z
?GetElementValue@CEwpsLocalizMan@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@IPB_W@Z
?GetLocalizeDataInt@CEwpsLocalizMan@@QAEHIPB_W0@Z

ewps_da

?GetTextByFile@CEwps_da@@QAEHHPAVCPtrArray@@@Z
?SetTextToFile@CEwps_da@@QAEHHPAVCPtrArray@@@Z
?SetTextObjProperty@CEwps_da@@QAEHHPAVTextObjProperty@@@Z
?AddSaveClipData@CEwps_da@@QAEHPAVClipData@@PAH@Z
?SetAllUnCheckClipData@CEwps_da@@QAEHHPAHH@Z
?SetDellClipData@CEwps_da@@QAEHPAHH@Z

mfc90u

ord3015
ord665
ord406
ord1188
ord5869
ord782
ord5895
ord6170
ord580
ord1204
ord757
ord553
ord4004
ord4684
ord4906
ord4994
ord2859
ord2867
ord6762
ord2204
ord2239
ord650
ord5606
ord6044
ord1462
ord5861
ord3009
ord5945
ord4677
ord5285
ord5171
ord5137
ord2090
ord4641
ord3340
ord3035
ord6439
ord6553
ord388
ord3803
ord4405
ord5979
ord3688
ord4410
ord4541
ord2431
ord6484
ord6095
ord525
ord3622
ord8248
ord9768
ord9523
ord12635
ord11036
ord10778
ord10697
ord11132
ord10872
ord13152
ord7773
ord7171
ord12278
ord8285
ord13049
ord6879
ord9365
ord9673
ord8435
ord8251
ord12255
ord2971
ord3741
ord2478
ord6130
ord711
ord463
ord3588
ord290
ord6687
ord287
ord4034
ord5372
ord5153
ord4701
ord6624
ord6622
ord6519
ord2264
ord6664
ord6668
ord3064
ord3109
ord4169
ord777
ord2241
ord2240
ord2205
ord984
ord1447
ord6159
ord2655
ord2089
ord2110
ord6616
ord6618
ord2121
ord554
ord5035
ord4818
ord5808
ord6485
ord1888
ord1880
ord1718
ord575
ord3932
ord772
ord1782
ord1715
ord3927
ord1119
ord1164
ord3794
ord1213
ord5068
ord5095
ord3380
ord6225
ord2762
ord4007
ord5363
ord4670
ord4985
ord5354
ord5598
ord4697
ord5615
ord2445
ord2079
ord5655
ord2860
ord5447
ord5450
ord4685
ord4344
ord670
ord4710
ord4553
ord3232
ord5338
ord2369
ord1380
ord3229
ord6379
ord3230
ord6381
ord6375
ord3225
ord980
ord5803
ord3287
ord2651
ord6160
ord2650
ord4429
ord1681
ord415
ord3819
ord4175
ord4351
ord4971
ord3236
ord4630
ord5166
ord3498
ord4654
ord615
ord2103
ord1601
ord4510
ord2277
ord1667
ord3496
ord2207
ord340
ord6760
ord654
ord3528
ord3807
ord1937
ord775
ord1783
ord1716
ord3651
ord3183
ord2045
ord2050
ord4774
ord1503
ord1496
ord6659
ord4990
ord6476
ord1108
ord3991
ord6635
ord2326
ord744
ord524
ord3933
ord1868
ord4518
ord2479
ord281
ord2470
ord4519
ord5939
ord899
ord2702
ord686
ord436
ord1156
ord766
ord4408
ord4407
ord6502
ord6260
ord6499
ord3198
ord3639
ord2676
ord4278
ord6089
ord1603
ord5886
ord1041
ord935
ord2452
ord2449
ord2451
ord3962
ord3235
ord3494
ord3978
ord1867
ord1866
ord721
ord1750
ord5762
ord1397
ord1387
ord2342
ord6310
ord6309
ord2359
ord4397
ord6603
ord6576
ord4542
ord6270
ord2900
ord4129
ord6578
ord4529
ord4526
ord4179
ord3739
ord6023
ord6450
ord3427
ord4293
ord3018
ord4296
ord2246
ord2125
ord1743
ord1744
ord474
ord520
ord519
ord1268
ord1228
ord6022
ord2800
ord1745
ord3953
ord4294
ord5859
ord484
ord4494
ord2496
ord758
ord6513
ord6169
ord4250
ord5893
ord3456
ord3729
ord266
ord1250
ord1243
ord265
ord1383
ord2372
ord2695
ord2901
ord2904
ord6577
ord6275
ord2646
ord2645
ord2647
ord2644
ord2643
ord4741
ord6755
ord6605
ord6496
ord1440
ord5209
ord4109
ord5293
ord5296
ord5371
ord4378
ord4800
ord4805
ord4802
ord4820
ord4823
ord4807
ord5214
ord4622
ord5224
ord4865
ord4866
ord3681
ord4693
ord5624
ord5601
ord4773
ord1938
ord3818
ord413
ord669
ord5016
ord1680
ord5654
ord4596
ord4589
ord6410
ord3354
ord4719
ord4006
ord790
ord6807
ord3487
ord4425
ord6607
ord2273
ord337
ord613
ord3486
ord3513
ord6174
ord6418
ord5850
ord5863
ord6040
ord5974
ord6101
ord6096
ord6183
ord6547
ord6372
ord6569
ord4579
ord6566
ord6060
ord6574
ord6572
ord6063
ord2758
ord4442
ord1533
ord6065
ord4815
ord6187
ord586
ord1047
ord6780
ord280
ord813
ord938
ord1607
ord285
ord3220
ord3674
ord4527
ord595
ord2597
ord5650
ord1727
ord1791
ord1792
ord2139
ord5625
ord1442
ord6579
ord3226
ord6376
ord4543
ord6604
ord5404
ord4398
ord2360
ord6311
ord3682
ord6804
ord4174
ord6802
ord1486
ord1641
ord2368
ord3140
ord2375
ord2630
ord2612
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5664
ord4603
ord6800
ord5512
ord2069
ord2074
ord5602
ord4664
ord797
ord1493
ord4345
ord4910
ord1751
ord1754
ord6411
ord3355
ord4044
ord3286
ord3488
ord333
ord3543
ord1354
ord2106
ord3627
ord1708
ord1779
ord750
ord1144
ord3537
ord1137
ord3654
ord1719
ord2283
ord778
ord4660
ord2592
ord6094
ord1183
ord3489
ord1665
ord2274
ord611
ord4652
ord4681
ord4348
ord2891
ord4071

msvcr90

?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_except_handler4_common
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
ceil
_initterm
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_encode_pointer
_wcmdln
exit
_XcptFilter
_exit
_cexit
_CxxThrowException
memset
__wgetmainargs
_amsg_exit
atof
__CxxFrameHandler3
memcpy
floor
_CIsqrt
_CIsin
_CIcos
_waccess
_wtol
_wtof
swprintf_s
_snwprintf_s
_invalid_parameter_noinfo
_errno
malloc
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
wcsncpy_s
memmove_s
_wcsdup
wcscpy_s
wcscat_s
_wsplitpath_s
free
_wtoi
memcpy_s
vswprintf_s
_purecall
_CIatan

kernel32

LoadResource
GlobalLock
GlobalAlloc
SizeofResource
GlobalUnlock
GlobalFree
GetVersionExW
LockResource
Sleep
GetLastError
GetExitCodeThread
CreateThread
lstrlenW
ReleaseMutex
CloseHandle
InitializeCriticalSection
lstrcpynW
GetLocalTime
RemoveDirectoryW
lstrcatW
DeleteCriticalSection
DeleteFileW
HeapFree
GetProcessHeap
LocalAlloc
FreeLibrary
RaiseException
LeaveCriticalSection
EnterCriticalSection
lstrcmpW
MulDiv
GetUserDefaultLCID
GetTempFileNameW
MoveFileExW
GetTickCount
MultiByteToWideChar
GetTempPathW
lstrcpyW
CreateMutexW
GetCurrentProcess
OpenMutexW
GetProcAddress
ExpandEnvironmentStringsA
LoadLibraryA
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
FindResourceW

user32

IntersectRect
OffsetRect
InflateRect
InvalidateRgn
SetCursor
ReleaseCapture
GetCursorPos
SetCursorPos
SetCapture
IsRectEmpty
SetRectEmpty
wsprintfW
DestroyMenu
GetClassNameW
GetFocus
IsCharAlphaNumericW
GetWindowLongW
LoadBitmapW
IsIconic
DrawFrameControl
DispatchMessageW
TranslateMessage
GetCapture
GetDesktopWindow
MessageBoxW
FillRect
DrawTextW
TabbedTextOutW
DrawTextExW
GrayStringW
EqualRect
InvalidateRect
CopyRect
GetWindowRect
PostQuitMessage
PostMessageW
SetForegroundWindow
GetParent
LoadCursorW
GetClientRect
PtInRect
SystemParametersInfoW
PeekMessageW
RedrawWindow
GetSysColor
IsWindow
GetSystemMetrics
IsWindowVisible
SendMessageW
UpdateWindow
EnableWindow
GetDC
ReleaseDC
IsWindowEnabled
SetRect
IsCharAlphaW

gdi32

GetObjectW
DPtoLP
CreateDCW
SetAbortProc
StartPage
EndPage
CreateEnhMetaFileW
CloseEnhMetaFile
SetBkMode
DeleteEnhMetaFile
CombineRgn
CreateRectRgnIndirect
CreatePolygonRgn
GetClipBox
SetStretchBltMode
PlayEnhMetaFile
GetEnhMetaFileHeader
GetEnhMetaFileW
ExtSelectClipRgn
PlayEnhMetaFileRecord
StartDocW
EnumEnhMetaFile
GetViewportExtEx
GetWindowExtEx
GetViewportOrgEx
EndDoc
GetCharABCWidthsW
CreateFontW
GetCharWidthW
EnumFontFamiliesExW
CreatePen
GetTextExtentExPointW
Rectangle
SetViewportOrgEx
SetTextColor
GetTextExtentPoint32W
CreateFontIndirectW
SelectClipRgn
CreateRectRgn
PatBlt
LPtoDP
DeleteDC
CreateDIBSection
GetDeviceCaps
StretchBlt
SetBrushOrgEx
RestoreDC
SaveDC
CreateCompatibleDC
AbortDoc
CreateSolidBrush
GetStockObject
BitBlt
CreateCompatibleBitmap
ExtTextOutW
SetICMMode
PtVisible
Escape
RectVisible
GetTextMetricsW
SelectObject
DeleteObject
TextOutW

msimg32

TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ord203
DocumentPropertiesW
EnumPrintersW
GetPrinterW
DeviceCapabilitiesW
SetJobW
ClosePrinter
GetJobW
OpenPrinterW

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFindFileNameW

ole32

CoTaskMemFree
OleRun
CoCreateInstance
CoInitializeEx
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

oleaut32

SysFreeString
SysStringLen
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantInit
SysAllocString
VarBstrCmp
SysAllocStringLen

gdiplus

GdipCreateImageAttributes
GdipCreateBitmapFromHBITMAP
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipDeletePen
GdipDrawImageRectRect
GdipGetImageWidth
GdipSaveImageToFile
GdipFillRectangle
GdipGetImageEncoders
GdipCreateBitmapFromFile
GdipGetImageEncodersSize
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipCreateMatrix
GdipDeleteBrush
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipSetCompositingMode
GdipCreateMetafileFromFile
GdipDrawLine
GdipDrawImageRect
GdipCreateFromHDC
GdipSetPageUnit
GdipDisposeImage
GdipAlloc
GdipFlush
GdipDrawImageRectI
GdipDeleteGraphics
GdipFree
GdipGetMatrixElements
GdipGetClipBoundsI
GdipGetDC
GdipGetWorldTransform
GdipDeleteMatrix
GdipReleaseDC
GdipDrawEllipse
GdipSetSmoothingMode
GdipSetPenWidth
GdipSetCompositingQuality
GdipDrawRectangleI
GdipSetImageAttributesNoOp
GdipResetImageAttributes
GdipCreatePen1
GdipSetPageScale
GdipSetClipRectI
GdipSetPenLineCap197819
GdipTranslateWorldTransform
GdipResetClip
GdipCloneImage
GdipDrawLineI
GdipRecordMetafileFileName
GdipLoadImageFromFile
GdipSaveGraphics
GdipCloneBrush
GdipRestoreGraphics

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

uxtheme

CloseThemeData
DrawThemeParentBackground
DrawThemeBackground
OpenThemeData

Sections

.text
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 635KB - Virtual size: 635KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 612KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

52a6ce705214ba2f42cb507d6090607c

Headers

DLL Characteristics

File Characteristics

Imports

ewps_cl

picsdk3w32

ewps_com

ewps_comcl

ewps_comhp

ewps_lm

ewps_da

mfc90u

msvcr90

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

ole32

oleaut32

gdiplus

msvcp90

uxtheme

Sections

.text Size: 437KB - Virtual size: 437KB

.rdata Size: 111KB - Virtual size: 110KB

.data Size: 11KB - Virtual size: 17KB

.rsrc Size: 635KB - Virtual size: 635KB

.reloc Size: 612KB - Virtual size: 616KB

.text
Size: 437KB - Virtual size: 437KB

.rdata
Size: 111KB - Virtual size: 110KB

.data
Size: 11KB - Virtual size: 17KB

.rsrc
Size: 635KB - Virtual size: 635KB

.reloc
Size: 612KB - Virtual size: 616KB