93eebf148d241c7f4ca10ae7f0ab23078696cb3909d9efa8fef1c8df3f4bf33c[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

93eebf148d241c7f4ca10ae7f0ab23078696cb3909d9efa8fef1c8df3f4bf33c.zip
Size

870KB
MD5

11c7cce32a2e4a8d296d0838a13a3a88
SHA1

40ee13121ee362108ba123763743d3f290337496
SHA256

e05e90ffdf11a1277bb1e1f9eb333465f4f683142f7c17c55ec0435b410daaa7
SHA512

7bf2533ed2b61482535c1410a6f0a53c142915722fe5db72c5cfc57820ea888a7ca87ccb939b4178bf178f2c7e0870ebcf0708bab3ede825be88931440058206
SSDEEP

24576:G7pZlzmFxQx4LMWgN9MythGipuzfNf5XBOzY0:G5mMT9V/Gi8h0

Score

1^/10

Malware Config

Signatures

Files

93eebf148d241c7f4ca10ae7f0ab23078696cb3909d9efa8fef1c8df3f4bf33c.zip
.zip

Password: infected
93eebf148d241c7f4ca10ae7f0ab23078696cb3909d9efa8fef1c8df3f4bf33c.exe
.exe windows x86

Password: infected

ebddef987d00a0bf7417138680873f98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

vfutil

??0CTokenString@@QAE@PBD@Z
?RecursiveDelete@@YAHPBD@Z
?SetApp@@YAXPAVCWinApp@@@Z
??0CTokenString@@QAE@ABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?GetToken@CTokenString@@QAE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@D@Z
??1CTokenString@@QAE@XZ
?EAfxMessageBox@@YAHPBDII@Z
?EAfxMessageBox@@YAHIII@Z

eaimfc_dll

??1CEAIString@@QAE@XZ
??4CEAIString@@QAEAAV0@ABV0@@Z
?GetToken@CEAIString@@QAE?AV1@PBD@Z
?ResetTokenizer@CEAIString@@QAEXXZ
??4CEAIString@@QAEAAV0@ABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?Left@CEAIString@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?ReverseFind@CEAIString@@QBEHPBD@Z
??0CEAIString@@QAE@XZ
?Find@CEAIString@@QBEHPBD@Z
??0CEAIString@@QAE@ABV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@@Z
?CompareNoCase@CEAIString@@QBEHPBD@Z
?EAIGetMainWnd@@YAPAVCWnd@@XZ
?EAI_PumpMessages@@YAXPAUHWND__@@@Z
??4CEAIString@@QAEAAV0@PBD@Z
?Mid@CEAIString@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HH@Z
?GetCharacterAt@CEAIString@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
?GetCharCount@CEAIString@@QBEHXZ
?Compare@CEAIString@@QBEHPBD@Z
??0CEAIString@@QAE@ABV0@@Z
?SpanExcluding@CEAIString@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBD@Z
?Mid@CEAIString@@QBE?AV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@H@Z
??0CEAIString@@QAE@PBD@Z

eaicomcreate

EAIGetCreateGUID
EAICoCreateInstance

monikerutil_dll

?DoModal@CMonikerFileDialog@@QAEHXZ
?GetMoniker@CMonikerFileDialog@@QAEJPAPAUIEAIDataMoniker@@H@Z
??1CMonikerFileDialog@@QAE@XZ
?MkGetPath@@YA?AVCEAIString@@PAUIEAIDataMoniker@@@Z
??0CMonikerFileDialog@@QAE@HPBDPAUIEAIDataMoniker@@K0KPAVCWnd@@@Z

mfc90

ord3213
ord6613
ord2364
ord5165
ord2470
ord524
ord3953
ord3762
ord338
ord4890
ord3227
ord614
ord2449
ord2452
ord2451
ord5307
ord4760
ord5372
ord3788
ord5877
ord646
ord384
ord993
ord3027
ord3323
ord5530
ord6016
ord1573
ord3356
ord2236
ord1387
ord2372
ord1136
ord1039
ord758
ord554
ord2916
ord1185
ord2480
ord617
ord5997
ord341
ord3851
ord1070
ord457
ord4669
ord3110
ord3025
ord3321
ord996
ord5886
ord2914
ord1825
ord1826
ord4192
ord6017
ord1574
ord6244
ord4978
ord707
ord1226
ord1115
ord5557
ord2481
ord1607
ord4029
ord4875
ord4878
ord4882
ord793
ord513
ord589
ord3659
ord6001
ord4333
ord5659
ord5657
ord3209
ord2087
ord4199
ord5813
ord6721
ord1046
ord4165
ord6018
ord2251
ord6781
ord4159
ord6783
ord4409
ord4434
ord736
ord5658
ord5817
ord4513
ord6757
ord5814
ord1619
ord2538
ord4427
ord4506
ord1222
ord1098
ord1186
ord5552
ord314
ord4733
ord4981
ord2447
ord5646
ord5486
ord2672
ord6682
ord3666
ord2345
ord6640
ord3946
ord3792
ord3991
ord650
ord1188
ord2337
ord388
ord4670
ord4891
ord6419
ord3030
ord3331
ord4627
ord2090
ord5270
ord5928
ord3004
ord5844
ord5589
ord2204
ord6742
ord2854
ord4979
ord1204
ord5852
ord2237
ord2505
ord1466
ord6027
ord5122
ord4663
ord6533
ord3935
ord4028
ord4880
ord588
ord4679
ord1445
ord3670
ord5584
ord5279
ord5282
ord4786
ord4791
ord4788
ord4806
ord4808
ord4793
ord5195
ord4585
ord4576
ord5209
ord4851
ord792
ord5607
ord5005
ord2232
ord4759
ord4713
ord791
ord6495
ord587
ord1655
ord6575
ord2189
ord2143
ord6810
ord3413
ord6155
ord6377
ord3980
ord3077
ord1062
ord3485
ord499
ord2057
ord5323
ord4281
ord3841
ord670
ord3216
ord5075
ord450
ord3999
ord3479
ord3568
ord2282
ord4498
ord2130
ord1361
ord3767
ord619
ord343
ord5049
ord3847
ord5045
ord2262
ord2469
ord794
ord4264
ord2431
ord590
ord6077
ord333
ord2677
ord6164
ord4746
ord6646
ord3982
ord2356
ord3627
ord3842
ord1855
ord1259
ord2188
ord5801
ord2487
ord1795
ord2908
ord5930
ord2595
ord4042
ord6527
ord5092
ord1066
ord1145
ord4690
ord4376
ord2647
ord4572
ord6162
ord451
ord4000
ord1258
ord2523
ord2458
ord3010
ord3414
ord4424
ord6811
ord6033
ord1280
ord311
ord1219
ord6042
ord6041
ord4089
ord3487
ord4640
ord1670
ord2277
ord4496
ord1604
ord2103
ord615
ord654
ord3519
ord5179
ord763
ord2267
ord6166
ord903
ord1099
ord446
ord4462
ord3313
ord1178
ord339
ord6449
ord6741
ord2243
ord382
ord644
ord5882
ord2906
ord3052
ord1471
ord2522
ord5802
ord2190
ord5022
ord1426
ord4200
ord1265
ord320
ord1294
ord753
ord539
ord3618
ord5137
ord5644
ord4594
ord5216
ord5493
ord5496
ord5494
ord5495
ord541
ord4618
ord5153
ord5032
ord5262
ord3895
ord4013
ord4557
ord4040
ord4014
ord3477
ord636
ord5350
ord1069
ord3787
ord5771
ord383
ord6472
ord3669
ord645
ord3620
ord3412
ord6809
ord6143
ord5384
ord6492
ord6151
ord711
ord643
ord463
ord381
ord1427
ord5410
ord2265
ord4307
ord1680
ord2909
ord1268
ord1180
ord6071
ord5874
ord2907
ord2676
ord6163
ord5869
ord2228
ord1430
ord3989
ord5909
ord1235
ord4516
ord305
ord2753
ord6740
ord1357
ord6074
ord367
ord704
ord5186
ord455
ord5603
ord5638
ord4415
ord5435
ord1702
ord1777
ord5798
ord983
ord4001
ord560
ord1050
ord4626
ord3053
ord3055
ord6645
ord3287
ord3612
ord3808
ord5598
ord6078
ord525
ord415
ord3994
ord4638
ord1668
ord3856
ord4234
ord4527
ord4396
ord3480
ord2274
ord611
ord3757
ord2263
ord2623
ord2635
ord2612
ord2616
ord2618
ord2620
ord2610
ord5666
ord5668
ord2609
ord1746
ord944
ord819
ord1303
ord306
ord307
ord1556
ord665
ord4392
ord899
ord5924
ord553
ord6493
ord4236
ord5880
ord757
ord3028
ord3324
ord4752
ord2966
ord4115
ord4329
ord2910
ord820
ord5876
ord5883
ord6152
ord1536
ord3663
ord5390
ord5641
ord4843
ord4117
ord5878
ord4237
ord1409
ord4996
ord1711
ord5645
ord4686
ord1643
ord4678
ord3619
ord547
ord1016
ord2224
ord756
ord1087
ord1117
ord321
ord4146
ord6726
ord5602
ord6616
ord4706
ord6555
ord1575
ord1184
ord1200
ord1213
ord3387
ord4112
ord1734
ord2080
ord4717
ord3224
ord6360
ord6362
ord978
ord4417
ord2071
ord580
ord1174
ord1137
ord1114
ord781
ord4956
ord2544
ord5835
ord945
ord6048
ord2587
ord3730

msvcr90

__CxxFrameHandler3
memcpy_s
memset
_strdup
free
strlen
_mbclen
strstr
strcmp
getenv
memcpy
strncpy
_ismbblead
qsort
_CxxThrowException
_itoa
strcat
_mbschr
strcpy
_mbsrchr
sprintf
fopen
rename
_access
perror
_unlink
fclose
fseek
ftell
fread
fwrite
feof
ferror
_chmod
atoi
strchr
_mbsicmp
_stat64i32
_mbsinc
memcmp
_mkdir
fgets
pow
_putenv
strtok
sscanf
_mbscmp
_tempnam
mblen
___mb_cur_max_func
_mbsnbicmp
wcscpy
wcslen
_mbslen
_setmbcp
setlocale
wcscmp
_wcsicmp
strspn
_mbsspn
strcspn
_mbscspn
strrchr
isspace
toupper
_mbsupr
tolower
_mbslwr
_vsnprintf
isdigit
malloc
_purecall
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_stricmp
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
_mbsstr

kernel32

lstrcpynA
GetLastError
GlobalUnlock
GetTickCount
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcmpA
GetModuleFileNameA
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
GlobalLock
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
LocalAlloc
LocalFree
MulDiv
LoadResource
LockResource
FindResourceA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcessId
VirtualAlloc
GetSystemInfo
VirtualFree
HeapFree
GetProcessHeap
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
Sleep
ResumeThread
SuspendThread
GlobalMemoryStatus
GetVersionExA
WaitForSingleObject
GetProcAddress
GetTempPathA
GlobalAddAtomA
MultiByteToWideChar
lstrlenW
WideCharToMultiByte
lstrcmpiA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary

user32

GetWindow
IsWindowVisible
EnableWindow
PostMessageA
LoadIconA
SendMessageA
GetTopWindow
TrackPopupMenu
GetSubMenu
GetMenuState
GetMenuItemCount
LoadMenuA
AppendMenuA
EnableMenuItem
InsertMenuA
DeleteMenu
IsZoomed
ScreenToClient
CreatePopupMenu
ReuseDDElParam
UnpackDDElParam
WaitMessage
GetCursorPos
PeekMessageA
TranslateMessage
GetCapture
DispatchMessageA
GetMessageA
GetDlgCtrlID
GetWindowTextA
SetWindowLongA
GetWindowLongA
DrawMenuBar
IsIconic
SetWindowPos
SetForegroundWindow
UpdateWindow
PtInRect
SetParent
LoadStringA
IsWindow
EnumWindows
DestroyWindow
MessageBoxA
OffsetRect
wsprintfA
DrawFrameControl
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetSystemMenu
RedrawWindow
GetForegroundWindow
SystemParametersInfoA
MapWindowPoints
GetKeyState
RegisterWindowMessageA
LockWindowUpdate
GetDesktopWindow
CopyRect
GetDialogBaseUnits
IntersectRect
SetActiveWindow
SetTimer
KillTimer
GetActiveWindow
WindowFromPoint
IsRectEmpty
EqualRect
GetDCEx
CopyImage
BringWindowToTop
DrawFocusRect
DrawTextA
DrawIconEx
SetCursor
GetSysColor
InflateRect
ReleaseDC
GetDC
AdjustWindowRectEx
GetFocus
GetClientRect
SetCapture
InvalidateRect
CreateWindowExA
ReleaseCapture
GetWindowRect
CopyIcon
LoadCursorA
MessageBeep
SetRectEmpty
GetSystemMetrics
DestroyMenu
ClientToScreen
MoveWindow
SetRect
GetParent

gdi32

CreateRectRgnIndirect
CreateFontA
Rectangle
CreateRectRgn
PatBlt
DeleteObject
GetDeviceCaps
GetTextExtentPoint32A
GetStockObject
GetTextExtentPointA
GetBkColor
CreateSolidBrush
ExtTextOutA
CreatePen
StretchDIBits
GdiFlush
GetCurrentObject
DeleteDC
GetDIBits
GetTextMetricsA
GetObjectA
SelectObject
SetDIBits
CreateDIBitmap
CreatePatternBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
CreateFontIndirectA

msimg32

AlphaBlend

advapi32

RegCreateKeyExA
RegEnumValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegSetValueExA
RegDeleteKeyA

shell32

ShellExecuteExA
DragAcceptFiles
ShellExecuteA

shlwapi

SHDeleteKeyA

ole32

CLSIDFromProgID
CoInitialize
CoUninitialize
CoCreateInstance
CoFreeUnusedLibraries
CLSIDFromString
StringFromCLSID
CoGetMalloc
CoTaskMemAlloc

oleaut32

GetErrorInfo
CreateErrorInfo
SysFreeString
VariantClear
VariantCopy
VariantInit
SetErrorInfo
SysAllocString
VariantChangeType

msvcp90

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?bad@ios_base@std@@QBE_NXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1strstreambuf@std@@UAE@XZ
?freeze@strstreambuf@std@@QAEX_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@HH@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAV?$basic_streambuf@DU?$char_traits@D@std@@@2@@Z
??0strstreambuf@std@@QAE@H@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ

Sections

.text
Size: 454KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 900KB - Virtual size: 904KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

ebddef987d00a0bf7417138680873f98

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

vfutil

eaimfc_dll

eaicomcreate

monikerutil_dll

mfc90

msvcr90

kernel32

user32

gdi32

msimg32

advapi32

shell32

shlwapi

ole32

oleaut32

msvcp90

Sections

.text Size: 454KB - Virtual size: 454KB

.rdata Size: 106KB - Virtual size: 105KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 900KB - Virtual size: 904KB

.text
Size: 454KB - Virtual size: 454KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 900KB - Virtual size: 904KB