3c6fb92eaba61acd5ef533ccc17b7f7e51bc2006a3e62ba41dfd80c1937cd4f3

Sharing

Copy URL

Twitter E-mail

General

Target

3c6fb92eaba61acd5ef533ccc17b7f7e51bc2006a3e62ba41dfd80c1937cd4f3
Size

477KB
MD5

41c38cf1fecfbebb47174d6832cd26bd
SHA1

a4a1e984594448160035a617014a589f3ac0b0cd
SHA256

3c6fb92eaba61acd5ef533ccc17b7f7e51bc2006a3e62ba41dfd80c1937cd4f3
SHA512

995bec58b5155724bfac4b6e9eeba7f10623cf7306a9ae3502ae02a406357eb124bc7989f76b181524d95daa21824da8fa22068320e2b032e8984c0d1ea2f351
SSDEEP

6144:yDegN5t9IcVDt2F1kchkO7mCz6nC/f2tnDu4gAniGe0Wi16xtyeQuF6QBE3du8Uz:yD/5h2bNkO7WnC/f2tn9MxMMmt3w8W

Score

1^/10

Malware Config

Signatures

Files

3c6fb92eaba61acd5ef533ccc17b7f7e51bc2006a3e62ba41dfd80c1937cd4f3
.dll regsvr32 windows x86

8cb4f43ba064299b4c03883e3a4ef69b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kgiutil

?Parser@KGIUtil@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV23@V23@@Z
?Parser@KGIUtil@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV23@D@Z
?StringSplit@KGIUtil@@SAXABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAVCStringArray@@D@Z
?ParsingOption@KGIUtil@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V23@00@Z
?FormatPrice@KGIUtil@@SAHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@_N1@Z
?FormatTrimString@KGIUtil@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PADH@Z
?StringToDouble@KGIUtil@@SANV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?StringToInt@KGIUtil@@SAHV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?PriceStrToDouble@KGIUtil@@SANV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?IsBanOrder@KGIUtil@@SAHPAVCWnd@@@Z
?ToInt@KGIUtil@@SAHPAXH@Z
?Trim@KGIUtil@@SAXAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetMAC@KGIUtil@@SAHAAVCStringArray@@@Z
?AddComma@KGIUtil@@SA?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@V23@@Z
?Getalphanumeric@KGIUtil@@SAHPAEH0H@Z

dbghelp

MiniDumpWriteDump

kgilogger

?debug@KGILogger@@SAXAAUKGILoggerHdr@@PBDZZ
?info@KGILogger@@SAXAAUKGILoggerHdr@@PBDZZ
??1KGILoggerHdr@@QAE@XZ
??0KGILoggerHdr@@QAE@V?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@0II@Z
?error@KGILogger@@SAXAAUKGILoggerHdr@@PBDZZ

fx_misc

?LoadEGMCode@@YA_NABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@AAV?$CArray@PAUSCode@@PAU1@@@AAVCMapStringToString@@@Z
?Create@CfxImgButton@@QAEHPBDABUtagRECT@@PAVCWnd@@I_N@Z
?SetImgBitmap@CfxImgButton@@QAEXPAUHBITMAP__@@00@Z
?SetFont@CfxImgButton@@QAEXPAVCFont@@H@Z
??1CfxImgButton@@UAE@XZ
?GetMessageMap@CfxImgButton@@MBEPBUAFX_MSGMAP@@XZ
?PreSubclassWindow@CfxImgButton@@MAEXXZ
?WindowProc@CfxImgButton@@MAEJIIJ@Z
??0CfxImgButton@@QAE@PAVCFont@@@Z

mfc140

ord2986
ord12528
ord4655
ord4656
ord8717
ord8718
ord12863
ord8322
ord8713
ord3839
ord8679
ord6540
ord3874
ord6533
ord3597
ord4870
ord5398
ord14054
ord7783
ord13475
ord3825
ord6523
ord1131
ord13854
ord6851
ord6791
ord3238
ord1424
ord6803
ord3248
ord3355
ord1440
ord5401
ord6505
ord3159
ord3396
ord3395
ord458
ord4084
ord10421
ord11343
ord10963
ord8997
ord1109
ord12115
ord9167
ord2758
ord13677
ord6193
ord12074
ord7459
ord8426
ord14149
ord4468
ord9332
ord3689
ord12969
ord6814
ord3253
ord3358
ord4230
ord1451
ord9095
ord6092
ord14513
ord324
ord1050
ord10202
ord5742
ord12162
ord12194
ord8180
ord12182
ord5894
ord3844
ord6831
ord993
ord6323
ord14582
ord6324
ord14583
ord6322
ord14581
ord7964
ord12474
ord14380
ord11927
ord7677
ord2027
ord7905
ord12888
ord4082
ord4143
ord9353
ord14507
ord7886
ord14509
ord12484
ord12485
ord2484
ord5336
ord8285
ord4580
ord12806
ord12869
ord10383
ord12190
ord8347
ord1468
ord7618
ord8429
ord12475
ord14449
ord2195
ord2194
ord928
ord13197
ord12582
ord555
ord8468
ord1655
ord1184
ord262
ord259
ord13027
ord846
ord4640
ord4866
ord8776
ord10686
ord3166
ord5826
ord13584
ord6946
ord7475
ord2438
ord2520
ord6460
ord6502
ord2518
ord13202
ord13699
ord12501
ord301
ord450
ord12894
ord12808
ord13036
ord13028
ord13230
ord13966
ord13619
ord14032
ord8838
ord14029
ord12960
ord14044
ord14040
ord12963
ord5192
ord1106
ord13011
ord890
ord1389
ord4351
ord7413
ord7447
ord9422
ord10986
ord6563
ord5155
ord13278
ord4216
ord1178
ord9089
ord5960
ord6463
ord358
ord6785
ord3856
ord13003
ord8770
ord8326
ord362
ord1066
ord2860
ord983
ord7637
ord2022
ord3897
ord486
ord5388
ord8182
ord9166
ord4841
ord3230
ord2241
ord1447
ord974
ord1461
ord13200
ord13884
ord985
ord14571
ord12348
ord14518
ord12291
ord1140
ord2880
ord14520
ord6925
ord11907
ord500
ord5493
ord6529
ord4820
ord14328
ord14334
ord2992
ord5898
ord1693
ord1529
ord311
ord310
ord300
ord305
ord3005
ord12503
ord5095
ord12725
ord5491
ord494
ord6724
ord2387
ord2376
ord2381
ord2383
ord266
ord265
ord1507
ord8087
ord6290
ord4085
ord1141
ord501
ord6200
ord2298
ord6104
ord7619
ord6195
ord13681
ord3298
ord3295
ord10207
ord8173
ord2759
ord1472
ord14699
ord10237
ord10239
ord10238
ord10236
ord10240
ord5631
ord11671
ord11672
ord9096
ord12032
ord3830
ord11881
ord14502
ord8922
ord12163
ord6947
ord10950
ord9213
ord3259
ord13798
ord12205
ord1509
ord4807
ord1692
ord1526
ord1044
ord314
ord316
ord4315
ord1696
ord5059
ord1650
ord2403
ord1543
ord1544
ord884
ord883
ord2538
ord12512
ord12521
ord3309
ord12201
ord2397
ord2294
ord1717
ord1739
ord1765
ord1751
ord1772
ord4920
ord4987
ord4932
ord4950
ord4944
ord4938
ord4997
ord4981
ord4926
ord5003
ord4958
ord4896
ord4911
ord4972
ord4493
ord5769
ord9647
ord4485
ord3050
ord14510
ord7887
ord14508
ord6848
ord11663
ord14048
ord13628
ord5911
ord2680
ord12067
ord3933
ord3363
ord3364
ord3258
ord12111
ord1000
ord6836
ord5228
ord5528
ord5739
ord9305
ord5504
ord5231
ord5390
ord5210
ord7687
ord13234
ord7688
ord3841
ord1510
ord325
ord1051
ord2359
ord2406
ord2409
ord2372
ord2408
ord485
ord2263
ord2370
ord2178
ord11928

kernel32

GetLastError
HeapDestroy
WritePrivateProfileStringA
RaiseException
GetPrivateProfileStringA
GetPrivateProfileIntA
FormatMessageA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
QueryPerformanceFrequency
QueryPerformanceCounter
SetUnhandledExceptionFilter
CloseHandle
OutputDebugStringA
DeleteFileA
DecodePointer
OutputDebugStringW
HeapAlloc
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
LocalFree
LocalAlloc
LoadLibraryW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetLastError
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
CreateFileA

user32

GetClientRect
MessageBoxA
GetParent
InvalidateRect
SetScrollPos
SetRect
IsRectEmpty
GetWindowRect
SetRectEmpty
GetCursorPos
ScreenToClient
PtInRect
CreateCaret
ShowCaret
DrawTextA
EnableWindow
GrayStringA
TabbedTextOutA
InflateRect
IsIconic
GetSystemMetrics
DrawIcon
SetCapture
ReleaseCapture
SetTimer
KillTimer
GetScrollPos
SetCursor
EqualRect
GetDesktopWindow
LoadCursorA
UnregisterClassA
DestroyWindow
IsWindow
PostMessageA
DrawTextExA
SendMessageA

gdi32

CreateCompatibleDC
Escape
GetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
CreateCompatibleBitmap
TextOutA
ExtTextOutA
DPtoLP
LPtoDP
CreateRectRgn
FillRgn
RectVisible
Rectangle
GetTextExtentPoint32A
CreatePolygonRgn
BitBlt

comctl32

_TrackMouseEvent

ole32

CLSIDFromProgID

oleaut32

VariantClear
GetActiveObject
SysFreeString

vcruntime140

_purecall
memset
memcpy
__CxxFrameHandler3
memmove
__current_exception
__current_exception_context
_except_handler4_common
__std_type_info_destroy_list
__std_terminate

api-ms-win-crt-heap-l1-1-0

_recalloc
malloc
free

api-ms-win-crt-runtime-l1-1-0

terminate
_invalid_parameter_noinfo
_seh_filter_dll
_configure_narrow_argv
_errno
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
_cexit
_initialize_narrow_environment
_initterm_e
_initterm

api-ms-win-crt-string-l1-1-0

strncpy
strcpy_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atof
atoi
_itoa

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-math-l1-1-0

_libm_sse2_sin_precise
_libm_sse2_cos_precise
_except1
_CIatan2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
axCreate

Sections

.text
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8cb4f43ba064299b4c03883e3a4ef69b

Headers

DLL Characteristics

File Characteristics

Imports

kgiutil

dbghelp

kgilogger

fx_misc

mfc140

kernel32

user32

gdi32

comctl32

ole32

oleaut32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 346KB - Virtual size: 345KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 36KB - Virtual size: 36KB

.text
Size: 346KB - Virtual size: 345KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 36KB - Virtual size: 36KB