e9aef86b6d5efc01ecf8b733e5d4547e1ae4983733ff0b38d55928bd70af07d1

Sharing

Copy URL Twitter E-mail

General

Target

e9aef86b6d5efc01ecf8b733e5d4547e1ae4983733ff0b38d55928bd70af07d1
Size

8.5MB
MD5

9ce3274ba700b12d5de4d664e60a1429
SHA1

19fec79ea144705dc6b1b257caaee64b07b32cbf
SHA256

e9aef86b6d5efc01ecf8b733e5d4547e1ae4983733ff0b38d55928bd70af07d1
SHA512

93dfca97a06e6c7644bf1711a1ea9a346f9107a16d4011ecc6f682bc67f2cb22fbf4aaf82b817852c3e81ee34324cbf28635237958bf254fb337c71ebde84fc6
SSDEEP

196608:r50dpBtej0Zavg6wjaM8jALLAuKd0mUn5hAJrE5uyhazBjvzmqbRUBTlz+QkHdIq:46wjaMbsuKdqazBjvzmqb+5zhF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e9aef86b6d5efc01ecf8b733e5d4547e1ae4983733ff0b38d55928bd70af07d1

Files

e9aef86b6d5efc01ecf8b733e5d4547e1ae4983733ff0b38d55928bd70af07d1
.exe windows:5 windows x86 arch:x86

5f6df1482c65baf0e0bdd6ba799d6f36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libmysql

mysql_fetch_field
mysql_num_fields
mysql_num_rows
mysql_free_result
mysql_store_result
mysql_affected_rows
mysql_real_query
mysql_select_db
mysql_real_connect
mysql_options
mysql_init
mysql_close
mysql_fetch_row

kernel32

VirtualQuery
WriteConsoleW
SetFilePointerEx
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetStdHandle
QueryPerformanceFrequency
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetStartupInfoW
FreeLibraryAndExitThread
ExitThread
GetFileType
SetStdHandle
GetACP
ReadConsoleW
GetConsoleMode
GetConsoleCP
RtlUnwind
LCMapStringW
GetCPInfo
GetStringTypeW
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
IsDebuggerPresent
WaitForSingleObjectEx
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetModuleHandleExW
ResetEvent
GetEnvironmentStringsW
FindFirstFileExW
GetDriveTypeW
GetOEMCP
IsValidCodePage
InterlockedDecrement
SizeofResource
LockResource
IsProcessorFeaturePresent
LoadResource
FindResourceW
InterlockedIncrement
MultiByteToWideChar
GetLocalTime
Sleep
GetLastError
LocalAlloc
FormatMessageW
WideCharToMultiByte
GetFileAttributesW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleHandleW
GetModuleFileNameW
CreateDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetTempPathW
LocalFree
LoadLibraryW
GetProcAddress
FreeLibrary
InitializeCriticalSection
GlobalAlloc
GlobalFree
WaitForSingleObject
TerminateProcess
LCMapStringA
CreateThread
CloseHandle
CreateFileW
WriteFile
lstrcmpiW
RaiseException
LoadLibraryExW
CopyFileW
CreateToolhelp32Snapshot
Process32FirstW
GetCurrentProcess
Process32NextW
HeapAlloc
GetProcessHeap
ExitProcess
GetTickCount
GetCurrentProcessId
HeapFree
GetUserDefaultLCID
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
FindResourceExW
GetTempFileNameW
SetErrorMode
VirtualProtect
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
GlobalGetAtomNameW
VerifyVersionInfoW
VerSetConditionMask
lstrcpyW
GetCurrentThread
GetFileTime
GetFileSizeEx
GetFileAttributesExW
HeapSize
HeapReAlloc
DecodePointer
DuplicateHandle
GetVolumeInformationW
lstrcmpA
FileTimeToLocalFileTime
GetVersionExW
SystemTimeToTzSpecificLocalTime
ResumeThread
SuspendThread
SetThreadPriority
CreateEventW
SetEvent
GlobalFindAtomW
GlobalAddAtomW
LoadLibraryA
lstrcmpW
GlobalDeleteAtom
GetModuleHandleA
FreeResource
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
OutputDebugStringA
GetThreadLocale
MulDiv
GlobalUnlock
GlobalLock
GlobalSize
GetTempPathA
GetVersionExA
GetSystemTimeAsFileTime
GetSystemTime
TlsSetValue
TlsGetValue
TlsAlloc
UnlockFile
SetEndOfFile
LockFileEx
LockFile
GetFullPathNameW
GetFullPathNameA
GetFileAttributesA
FlushFileBuffers
DeleteFileA
CreateFileA
CreateDirectoryA
MoveFileExW
UnmapViewOfFile
GetFileSize
FileTimeToSystemTime
CreateMutexW
OpenProcess
SetFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
SetFilePointer
SetLastError
FormatMessageA

user32

UpdateLayeredWindow
CreateAcceleratorTableW
LoadAcceleratorsW
MapVirtualKeyW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
GetUpdateRect
SetClassLongW
DestroyAcceleratorTable
ModifyMenuW
SetMenuDefaultItem
GetMenuDefaultItem
CopyIcon
GetIconInfo
GetDoubleClickTime
EnableScrollBar
LockWindowUpdate
CreatePopupMenu
BringWindowToTop
UnionRect
SetCursorPos
NotifyWinEvent
LoadMenuW
IsZoomed
TrackMouseEvent
LoadImageW
DestroyIcon
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
MonitorFromPoint
SetParent
MessageBeep
GetNextDlgGroupItem
KillTimer
SetTimer
DeleteMenu
WindowFromPoint
WaitMessage
GetAsyncKeyState
RealChildWindowFromPoint
SendDlgItemMessageA
CopyImage
IntersectRect
SetRect
InvalidateRgn
CopyAcceleratorTableW
ReleaseCapture
SetCapture
RegisterClipboardFormatW
DestroyMenu
InvalidateRect
SetCursor
ShowOwnedPopups
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
EnumDisplayMonitors
SystemParametersInfoW
GetDlgCtrlID
CopyRect
OffsetRect
PtInRect
GetWindowLongW
GetParent
TranslateAcceleratorW
InsertMenuItemW
LoadCursorW
SetRectEmpty
SetLayeredWindowAttributes
DrawIconEx
IsRectEmpty
InflateRect
FillRect
DrawFocusRect
GetSysColorBrush
SetWindowRgn
DrawStateW
DrawFrameControl
DrawEdge
MapDialogRect
SetWindowContextHelpId
CharUpperW
GetActiveWindow
TranslateMessage
GetMessageW
GetWindowThreadProcessId
IsDialogMessageW
IsWindowEnabled
CheckDlgButton
UnpackDDElParam
ReuseDDElParam
GetKeyNameTextW
SubtractRect
CharUpperBuffW
FrameRect
IsClipboardFormatAvailable
PostThreadMessageW
IsCharLowerW
MapVirtualKeyExW
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
GetComboBoxInfo
CreateMenu
HideCaret
InvertRect
DestroyCursor
GetWindowRgn
GetMenuItemInfoW
GetWindow
RegisterWindowMessageW
DispatchMessageW
PeekMessageW
GetMessagePos
GetMessageTime
DefWindowProcW
CallWindowProcW
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
IsMenu
IsChild
DestroyWindow
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
SetFocus
GetFocus
MessageBoxA
EnableWindow
GetWindowRect
MoveWindow
GetCursorPos
PostMessageW
keybd_event
SetWindowTextW
CharNextW
MessageBoxW
SetWindowPos
MonitorFromWindow
FindWindowW
GetSystemMetrics
PostQuitMessage
ClientToScreen
UnregisterClassW
wsprintfW
ShowWindow
LoadIconW
GetSystemMenu
AppendMenuW
SendMessageW
IsIconic
GetClientRect
DrawIcon
GetDesktopWindow
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetKeyState
GetCapture
InsertMenuW
RemoveMenu
IsWindow
GetDlgItem
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetWindowTextW
GetWindowTextLengthW
AdjustWindowRectEx
ScreenToClient
MapWindowPoints
GetSysColor
EqualRect
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoW
WinHelpW
GetScrollInfo
SetScrollInfo
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongW
SetWindowLongW

gdi32

EndPage
LineTo
MoveToEx
TextOutW
StartPage
StartDocW
ResetDCW
SetBkMode
SelectObject
CreateFontW
DeleteDC
GetTextCharsetInfo
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
EndDoc
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetRgnBox
GetMapMode
SetRectRgn
DPtoLP
RealizePalette
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateRoundRectRgn
Rectangle
OffsetRgn
RoundRect
GetPaletteEntries
EnumFontFamiliesExW
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
ExtFloodFill
SetPaletteEntries
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
GetTextFaceW
CopyMetaFileW
CreateDCW
GetDeviceCaps
GetBkColor
GetStockObject
GetTextColor
GetObjectW
SetBkColor
SetTextColor
CreateBitmap
CombineRgn
CreateEllipticRgn
CreateHatchBrush
CreateRectRgn
CreateRectRgnIndirect
CreateSolidBrush
Ellipse
GetTextExtentPoint32W
PatBlt
ExtTextOutW
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateFontIndirectW
CreatePen
CreatePatternBrush
DeleteObject
CreatePalette
EnumFontFamiliesW

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DocumentPropertiesW
ClosePrinter
ord204
ord203
OpenPrinterW
EnumPrintersW

advapi32

CryptDecrypt
RegQueryValueExW
SystemFunction036
RegCloseKey
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
CryptDuplicateKey
CryptDestroyHash
CryptHashData
CryptCreateHash
RegOpenKeyExW
CryptEncrypt
CryptDestroyKey
CryptDeriveKey
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW

shell32

ShellExecuteW
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHAppBarMessage
DragQueryFileW
DragFinish
ShellExecuteExW

comctl32

InitCommonControlsEx

shlwapi

StrToIntW
PathIsDirectoryW
PathFileExistsW
UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW

uxtheme

IsThemeBackgroundPartiallyTransparent
GetThemePartSize
GetWindowTheme
DrawThemeText
IsAppThemed
DrawThemeParentBackground
GetCurrentThemeName
GetThemeColor
DrawThemeBackground
CloseThemeData
OpenThemeData
GetThemeSysColor

ole32

CoInitialize
CLSIDFromString
CoRegisterMessageFilter
CoRevokeClassObject
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
CLSIDFromProgID
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CoInitializeEx
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
OleRun
CoCreateInstance
CoUninitialize

oleaut32

SafeArrayDestroy
VarBstrFromDate
OleCreateFontIndirect
GetErrorInfo
DispCallFunc
LoadTypeLi
LoadRegTypeLi
VariantChangeType
VarUI4FromStr
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
VariantCopy
VariantInit
SysStringByteLen
SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

gdiplus

GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDrawImageRectI
GdipGetImageWidth
GdipGetImageHeight
GdipSetInterpolationMode
GdipCreateFromHDC

xcgui

XList_SetItemHeightDefault
XEle_EnableDrawFocus
XList_AddColumn
XAdMap_Create
XList_BindAdapterHeader
XList_BindAdapter
XAdTable_DeleteItemAll
XAdTable_SetItemText
XList_RefreshData
XEle_RedrawEle
XDraw_SetBrushColor
XDraw_FillRect
XList_GetSelectItem
XAdTable_GetItemText
XList_HitTestOffset
XAdTable_GetItemTextEx
XAdMap_AddItemText
XList_GetTemplateObject
XC_GetObjectType
XList_GetItemData
XList_GetItemIndexFromHXCGUI
XList_SetItemData
XAdTable_GetCount
XWnd_EnableDragWindow
XBtn_SetText
XWnd_ShowWindow
XEle_SetTextColor
XWnd_GetHWND
XBtn_GetText
XEle_ShowEle
XEle_SetFont
XSView_ShowSBarV
XWnd_SetTimer
XWnd_KillTimer
XShapePic_SetImage
XImage_LoadRes
XRichEdit_EnableAutoWrap
XShapeText_SetLayoutWidth
XList_SetItemTemplateXML
XShapeText_SetTextAlign
XRichEdit_EnableReadOnly
XWnd_CloseWindow
XBtn_AddBkImage
XImage_LoadFile
XShapeText_SetTextColor
XList_GetHeaderHELE
XAdTable_DeleteItem
XBtn_ClearBkInfo
XAdTable_SetItemTextEx
XAdTable_InsertItemText
XSView_GetScrollBarV
XSBar_ScrollBottom
XC_UnicodeToAnsi
XWnd_SetFocusEle
XRichEdit_EnableMultiLine
XList_SetHeaderHeight
XList_GetHeaderTemplateObject
XShapeGif_SetImage
XC_LoadResource
XRes_GetFont
XProgBar_SetRange
XProgBar_SetPos
XEle_SetRect
XComboBox_SetDropHeight
XList_SetColumnWidth
XRichEdit_DeleteAll
XMenu_Create
XMenu_AddItem
XMenu_Popup
XList_SetSort
XLayout_SetLayoutHeight
XSView_ShowSBarH
XEle_SetAlpha
XProgBar_SetSpaceTwo
XInitXCGUI
XRunXCGUI
XExitXCGUI
XList_Create
XEle_GetClientRect
XWnd_GetBodyRect
XShapeText_GetText
XShape_Redraw
XRichEdit_EnableEvent_XE_RICHEDIT_CHANGE
XRichEdit_EnablePassword
XComboBox_GetSelItem
XModalWnd_DoModal
XBtn_IsCheck
XComboBox_SetSelItem
XBtn_SetCheck
XComboBox_EnableEdit
XAdTable_AddItemText
XAdTable_AddColumn
XComboBox_BindApapter
XAdTable_Create
XComboBox_SetItemTemplateXML
XEle_Enable
XBtn_SetType
_XWnd_RegEvent
_XEle_RegEvent
XC_IsHELE
_XEle_RemoveEvent
XModalWnd_EndModal
XWnd_RedrawWnd
XRichEdit_GetText
XRichEdit_SetText
XShapeText_SetText
XRichEdit_SetLimitNum
XRes_GetIDValue
XC_GetObjectByID
XWnd_AdjustLayout
XC_LoadLayout
XShapeText_SetLayoutHeight
XEle_SetLayoutHeight

desencrypt

ord4
ord2
ord5

libeay32

ord3782
ord3783
ord2644
ord2915
ord259
ord257

odbc32

ord13
ord9
ord208
ord26
ord207
ord75
ord24
ord43
ord31
ord236
ord18
ord211

sm9dll

ord11003
ord11007
ord11008
ord11004

ws2_32

sendto
WSAGetLastError
recvfrom
send
ntohl
recv
htons
socket
inet_ntoa
ioctlsocket
connect
getsockopt
select
__WSAFDIsSet
accept
closesocket
shutdown
inet_addr
gethostbyname
WSAStartup
bind
WSASocketW
setsockopt

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

wininet

InternetCrackUrlW
DeleteUrlCacheEntryW
InternetReadFile
InternetCloseHandle
InternetSetOptionW
InternetQueryOptionW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
FtpPutFileW
FtpGetFileW
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionExW
InternetCanonicalizeUrlW

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f6df1482c65baf0e0bdd6ba799d6f36

Headers

DLL Characteristics

File Characteristics

Imports

libmysql

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oledlg

urlmon

gdiplus

xcgui

desencrypt

libeay32

odbc32

sm9dll

ws2_32

oleacc

wininet

imm32

winmm

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 46KB - Virtual size: 73KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 346KB - Virtual size: 345KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 46KB - Virtual size: 73KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 346KB - Virtual size: 345KB