371a7e59899e670b3443daf781c0943faa9d3bf3d82360ecd814b93cbe83a1f7

Sharing

Copy URL Twitter E-mail

General

Target

371a7e59899e670b3443daf781c0943faa9d3bf3d82360ecd814b93cbe83a1f7
Size

852KB
MD5

a50937c122dd140f02f213b2a8411ea5
SHA1

dee5570a775c6c3a3e1a914e92330671353f038e
SHA256

371a7e59899e670b3443daf781c0943faa9d3bf3d82360ecd814b93cbe83a1f7
SHA512

0696e2539648cfd979f953ef711a3d10b199bf08858b79932c18aaf535f6be9f1c46e84d7b70d454d612821f2b6aa3baf5f663988b6cd7fca087fe74012eb270
SSDEEP

24576:nfeFC7od6tIclu4IPpFPAhuGmf+ZlOdcoueNxuj:Uda1vXMcou

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
371a7e59899e670b3443daf781c0943faa9d3bf3d82360ecd814b93cbe83a1f7

Files

371a7e59899e670b3443daf781c0943faa9d3bf3d82360ecd814b93cbe83a1f7
.exe windows x86

5b07630e79060d9f0e905199437327f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
TerminateThread
Sleep
GetWindowsDirectoryA
GetVolumeInformationA
CreateMutexA
GetLastError
GetCurrentDirectoryA
SetCurrentDirectoryA
WinExec
GetExitCodeThread
GetDriveTypeA
CreateThread
GetCurrentThreadId
WaitForSingleObject
GetTickCount
GetModuleHandleA
ReleaseMutex
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetStartupInfoA

user32

GetDC
CreateWindowExA
GetSystemMetrics
RegisterClassA
RegisterClassExA
LoadImageA
LoadCursorA
LoadIconA
DefWindowProcA
DispatchMessageA
TranslateMessage
ReleaseDC
GetCursorPos
ScreenToClient
SetTimer
SetWindowTextA
MessageBoxA
EndDialog
PostMessageA
SendMessageA
GetParent
SendDlgItemMessageA
CallWindowProcA
SetWindowLongA
GetClientRect
SetDlgItemTextA
CreateDialogParamA
GetWindowRect
ClientToScreen
MoveWindow
KillTimer
GetDlgItem
SetFocus
PeekMessageA
UpdateWindow
GetDlgItemTextA
ShowWindow
DestroyWindow
wsprintfA
SetWindowPos
EnableWindow

gdi32

GetPixel
TextOutA
PatBlt
SetBkMode
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetTextMetricsA
DeleteDC
SetDIBitsToDevice
SetTextColor

advapi32

GetUserNameA
RegOpenKeyExA

comctl32

ord17

winmm

mciSendCommandA

wsock32

inet_addr
WSACleanup
gethostbyname
WSAStartup
closesocket
listen
gethostname
WSAAsyncSelect
bind
htons
htonl
socket
WSAGetLastError
connect
ioctlsocket
setsockopt
recv
sendto
recvfrom
send
accept
__WSAFDIsSet
select
ntohs

dsound

ord1

ddraw

DirectDrawCreate

ace

??1ACE_RW_Mutex@@QAE@XZ
??1ACE_Errno_Guard@@QAE@XZ
?sprintf@ACE_OS@@SAHPADPBDZZ
?strdup@ACE_OS_String@@SAPADPBD@Z
?strsncpy@ACE_OS_String@@SAPADPADPBDI@Z
?get_remote_addr@ACE_SOCK@@QBEHAAVACE_Addr@@@Z
?disable@ACE_IPC_SAP@@QBEHH@Z
?connect@ACE_SOCK_Connector@@QAEHAAVACE_SOCK_Stream@@ABVACE_Addr@@PBVACE_Time_Value@@1HHHHH@Z
??AACE_Synch_Options@@QBEHK@Z
??1ACE_Message_Block@@UAE@XZ
?max_time@ACE_Time_Value@@2V1@B
??0ACE_Message_Block@@QAE@IHPAV0@PBDPAVACE_Allocator@@PAVACE_Lock@@KABVACE_Time_Value@@422@Z
?copy@ACE_Message_Block@@QAEHPBDI@Z
?clone@ACE_Message_Block@@UBEPAV1@K@Z
?set@ACE_INET_Addr@@QAEHGQBDH@Z
??0ACE_Service_Object@@QAE@PAVACE_Reactor@@@Z
??0ACE_RW_Thread_Mutex@@QAE@PBDPAX@Z
?sap_any@ACE_Addr@@2V1@B
?defaults@ACE_Synch_Options@@2V1@A
??1ACE_Service_Object@@UAE@XZ
??1ACE_RW_Thread_Mutex@@QAE@XZ
??1ACE_SOCK_Connector@@QAE@XZ
??1ACE_Event@@QAE@XZ
??1ACE_Reactor_Notification_Strategy@@UAE@XZ
??0ACE_Reactor_Notification_Strategy@@QAE@PAVACE_Reactor@@PAVACE_Event_Handler@@K@Z
?notify@ACE_Reactor_Notification_Strategy@@UAEHPAVACE_Event_Handler@@K@Z
?notify@ACE_Reactor_Notification_Strategy@@UAEHXZ
??_7ACE_INET_Addr@@6B@
??1ACE_Addr@@UAE@XZ
?close@ACE_SOCK_Stream@@QAEHXZ
?instance@ACE_Reactor@@SAPAV1@XZ
??0ACE_SOCK@@IAE@XZ
??0ACE_INET_Addr@@QAE@XZ
??1ACE_SOCK_Stream@@QAE@XZ
??1ACE_INET_Addr@@UAE@XZ
??1ACE_Manual_Event@@QAE@XZ
??0ACE_Manual_Event@@QAE@HHPBDPAX@Z
?signal@ACE_Condition_Thread_Mutex@@QAEHXZ
?wait@ACE_Condition_Thread_Mutex@@QAEHPBVACE_Time_Value@@@Z
?broadcast@ACE_Condition_Thread_Mutex@@QAEHXZ
?dump@ACE_Condition_Thread_Mutex@@QBEXXZ
?total_size@ACE_Message_Block@@QBEIXZ
?total_length@ACE_Message_Block@@QBEIXZ
?release@ACE_Message_Block@@QAEPAV1@XZ
??0ACE_Task_Base@@QAE@PAVACE_Thread_Manager@@@Z
??_7ACE_Message_Queue_Base@@6B@
??0ACE_Condition_Thread_Mutex@@QAE@ABVACE_Thread_Mutex@@PBDPAX@Z
??1ACE_Message_Queue_Base@@UAE@XZ
?time_value@ACE_Synch_Options@@QBEPBVACE_Time_Value@@XZ
?arg@ACE_Synch_Options@@QBEPBXXZ
??0ACE_Time_Value@@QAE@ABU_FILETIME@@@Z
?normalize@ACE_Time_Value@@AAEXXZ
?cond_wait@ACE_OS@@SAHPAVACE_cond_t@@PAU_RTL_CRITICAL_SECTION@@@Z
?cond_timedwait@ACE_OS@@SAHPAVACE_cond_t@@PAU_RTL_CRITICAL_SECTION@@PAVACE_Time_Value@@@Z
?acquire@ACE_Recursive_Thread_Mutex@@QAEHXZ
?release@ACE_Recursive_Thread_Mutex@@QAEHXZ
?cond_destroy@ACE_OS@@SAHPAVACE_cond_t@@@Z
?cond_broadcast@ACE_OS@@SAHPAVACE_cond_t@@@Z
??1ACE_Task_Base@@UAE@XZ
?open@ACE_Task_Base@@UAEHPAX@Z
?close@ACE_Task_Base@@UAEHK@Z
?svc@ACE_Task_Base@@UAEHXZ
??0ACE_Thread_Mutex@@QAE@PBDPAUACE_mutexattr_t@@@Z
??0ACE_Recursive_Thread_Mutex@@QAE@PBDPAUACE_mutexattr_t@@@Z
?cond_init@ACE_OS@@SAHPAVACE_cond_t@@FPBDPAX@Z
?instance@ACE_Log_Msg@@SAPAV1@XZ
?conditional_set@ACE_Log_Msg@@QAEXPBDHHH@Z
?log@ACE_Log_Msg@@QAAHW4ACE_Log_Priority@@PBDZZ
??1ACE_Recursive_Thread_Mutex@@QAE@XZ
??1ACE_Thread_Mutex@@QAE@XZ
?get_handle@ACE_Event_Handler@@UBEPAXXZ
?set_handle@ACE_Event_Handler@@UAEXPAX@Z
?priority@ACE_Event_Handler@@UAEXH@Z
?priority@ACE_Event_Handler@@UBEHXZ
?handle_input@ACE_Event_Handler@@UAEHPAX@Z
?handle_output@ACE_Event_Handler@@UAEHPAX@Z
?handle_exception@ACE_Event_Handler@@UAEHPAX@Z
?handle_timeout@ACE_Event_Handler@@UAEHABVACE_Time_Value@@PBX@Z
?handle_exit@ACE_Event_Handler@@UAEHPAVACE_Process@@@Z
?handle_close@ACE_Event_Handler@@UAEHPAXK@Z
?handle_signal@ACE_Event_Handler@@UAEHHPAUsiginfo_t@@PAH@Z
?resume_handler@ACE_Event_Handler@@UAEHXZ
?handle_qos@ACE_Event_Handler@@UAEHPAX@Z
?handle_group_qos@ACE_Event_Handler@@UAEHPAX@Z
?reactor@ACE_Event_Handler@@UBEPAVACE_Reactor@@XZ
?reactor@ACE_Event_Handler@@UAEXPAVACE_Reactor@@@Z
?suspend@ACE_Task_Base@@UAEHXZ
?resume@ACE_Task_Base@@UAEHXZ
?module_closed@ACE_Task_Base@@UAEHXZ
?put@ACE_Task_Base@@UAEHPAVACE_Message_Block@@PAVACE_Time_Value@@@Z
?activate@ACE_Task_Base@@UAEHJHHJHPAV1@QAPAX1QAIQAK@Z
?wait@ACE_Task_Base@@UAEHXZ
?init@ACE_Shared_Object@@UAEHHQAPAD@Z
?fini@ACE_Shared_Object@@UAEHXZ
?info@ACE_Shared_Object@@UBEHPAPADI@Z
?fini@ACE_Init_ACE@@SAHXZ
?init@ACE_Init_ACE@@SAHXZ
?instance@ACE_Dynamic@@SAPAV1@XZ
?rw_unlock@ACE_OS@@SAHPAUACE_rwlock_t@@@Z
?rw_wrlock@ACE_OS@@SAHPAUACE_rwlock_t@@@Z
?mutex_unlock@ACE_OS@@SAHPAUACE_mutex_t@@@Z
?cond_wait@ACE_OS@@SAHPAVACE_cond_t@@PAUACE_mutex_t@@@Z
?mutex_lock@ACE_OS@@SAHPAUACE_mutex_t@@@Z
??0ACE_Handler@@QAE@XZ
??1ACE_Handler@@UAE@XZ
?handle_read_stream@ACE_Handler@@UAEXABVResult@ACE_Asynch_Read_Stream@@@Z
?handle_write_dgram@ACE_Handler@@UAEXABVResult@ACE_Asynch_Write_Dgram@@@Z
?handle_read_dgram@ACE_Handler@@UAEXABVResult@ACE_Asynch_Read_Dgram@@@Z
?handle_write_stream@ACE_Handler@@UAEXABVResult@ACE_Asynch_Write_Stream@@@Z
?handle_read_file@ACE_Handler@@UAEXABVResult@ACE_Asynch_Read_File@@@Z
?handle_write_file@ACE_Handler@@UAEXABVResult@ACE_Asynch_Write_File@@@Z
?handle_accept@ACE_Handler@@UAEXABVResult@ACE_Asynch_Accept@@@Z
?handle_transmit_file@ACE_Handler@@UAEXABVResult@ACE_Asynch_Transmit_File@@@Z
?handle_time_out@ACE_Handler@@UAEXABVACE_Time_Value@@PBX@Z
?handle_wakeup@ACE_Handler@@UAEXXZ
?handle@ACE_Handler@@UAEXPAX@Z
?handle@ACE_Handler@@UBEPAXXZ
??0ACE_Event_Handler@@IAE@PAVACE_Reactor@@H@Z
??1ACE_Event_Handler@@UAE@XZ
??1ACE_Sig_Set@@QAE@XZ
?check_reconfiguration@ACE_Reactor@@SAHPAX@Z
?signal@ACE_Event@@QAEHXZ
?wait@ACE_Event@@QAEHXZ
?instance@ACE_Allocator@@SAPAV1@XZ
??1ACE_Condition_Thread_Mutex@@QAE@XZ
?cond_signal@ACE_OS@@SAHPAVACE_cond_t@@@Z
?enable@ACE_IPC_SAP@@QBEHH@Z
?recv@ACE@@SAHPAX0IHPBVACE_Time_Value@@@Z
?send_n_i@ACE@@CAHPAXPBXIPAI@Z
?zero@ACE_Time_Value@@2V1@B

msvcrt

_strcmpi
fclose
__p__commode
__p__fmode
fseek
fopen
_adjust_fdiv
localtime
fread
rand
vsprintf
time
_tzset
fwrite
malloc
fgetc
free
__CxxFrameHandler
atoi
??3@YAXPAX@Z
??2@YAPAXI@Z
strtok
_itoa
strncmp
strncpy
srand
fprintf
strpbrk
strncat
ftell
strftime
_ftol
exit
memmove
_purecall
_errno
isdigit
memchr
__dllonexit
_onexit
_exit
_XcptFilter
_controlfp
_except_handler3
__set_app_type
_acmdln
_initterm
__setusermatherr
__getmainargs

msvcp60

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?pbackfail@strstreambuf@std@@MAEHH@Z
?overflow@strstreambuf@std@@MAEHH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1strstream@std@@UAE@XZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??1ostrstream@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Init@locale@std@@CAPAV_Locimp@12@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1istrstream@std@@UAE@XZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?freeze@strstreambuf@std@@QAEX_N@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?_Xlen@std@@YAXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1strstreambuf@std@@UAE@XZ
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

ws2_32

WSAEventSelect

Sections

.text
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��)J
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b07630e79060d9f0e905199437327f3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

comctl32

winmm

wsock32

dsound

ddraw

ace

msvcrt

msvcp60

ws2_32

Sections

.text Size: 528KB - Virtual size: 527KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 32KB - Virtual size: 1.9MB

.rsrc Size: 8KB - Virtual size: 5KB

��)J Size: 228KB - Virtual size: 228KB

.text
Size: 528KB - Virtual size: 527KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 32KB - Virtual size: 1.9MB

.rsrc
Size: 8KB - Virtual size: 5KB

��)J
Size: 228KB - Virtual size: 228KB