0d292ae18137b62185d53b5db05da537

Sharing

Copy URL

Twitter E-mail

General

Target

0d292ae18137b62185d53b5db05da537
Size

1.9MB
MD5

0d292ae18137b62185d53b5db05da537
SHA1

e8abaf44499b78a6cc80de8199b0b9d980e546a7
SHA256

c6e37a504e7be9fa6b96e444b60651ffeef72a2a751857a3276488df2a22267e
SHA512

f2df41071135ac1cf76829ed0369d10f24b29830e54e67113e53560f6adf1cc54f06a8d7a5d5e8a4a1c6280bb272a59287edd935482708f14f883f0e227ddf14
SSDEEP

24576:x/NRaAxS8MS0AVIwUIrhDFWX6dGAX/Hngi4q6IB1volt78/8z:x/Dad8v1lhDoX6dB127P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d292ae18137b62185d53b5db05da537

Files

0d292ae18137b62185d53b5db05da537
.exe windows:4 windows x86 arch:x86

b84ae88c1af4d254b1004dee85fc39c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

shlwapi

PathIsSameRootA
PathCombineA
SHGetValueA
SHDeleteKeyA
SHSetValueA
PathIsDirectoryA
PathIsUNCA
PathFindExtensionA
PathAddBackslashA
PathCompactPathA
PathStripToRootA
StrTrimA
PathIsRootA
PathRemoveFileSpecA
PathSkipRootA
PathFileExistsA
PathIsURLA

wininet

InternetSetCookieA

mfc42

ord6242
ord2408
ord2453
ord6615
ord4497
ord1642
ord2862
ord1140
ord4277
ord6877
ord4278
ord6663
ord3708
ord781
ord801
ord541
ord6136
ord6134
ord3061
ord3089
ord3092
ord4476
ord3097
ord5953
ord5951
ord5981
ord6215
ord939
ord941
ord6883
ord6283
ord6282
ord6143
ord2642
ord6880
ord6197
ord4204
ord1200
ord861
ord6662
ord2380
ord5710
ord5861
ord3810
ord3759
ord920
ord5683
ord4129
ord1199
ord2915
ord3303
ord2301
ord3398
ord3733
ord810
ord4271
ord6008
ord4000
ord3287
ord3914
ord4506
ord1099
ord3742
ord818
ord2567
ord755
ord470
ord1175
ord1233
ord2100
ord693
ord1601
ord1194
ord798
ord2393
ord1997
ord6929
ord5465
ord532
ord1133
ord2411
ord2023
ord4218
ord4398
ord3582
ord3573
ord5788
ord1641
ord3317
ord5875
ord2754
ord2859
ord2513
ord293
ord6358
ord1088
ord2122
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord5289
ord5714
ord3738
ord561
ord815
ord538
ord1205
ord2621
ord1134
ord6438
ord2725
ord3499
ord2515
ord355
ord4698
ord1151
ord1193
ord6928
ord926
ord6930
ord1979
ord6385
ord5442
ord665
ord5186
ord354
ord6927
ord3706
ord4133
ord4297
ord472
ord3571
ord3619
ord556
ord1270
ord1232
ord1168
ord640
ord3797
ord3138
ord5785
ord1640
ord323
ord4299
ord1271
ord2431
ord3807
ord6178
ord6172
ord4287
ord2089
ord2298
ord3098
ord4220
ord2584
ord3654
ord2438
ord2362
ord4538
ord4774
ord6270
ord2863
ord2546
ord291
ord1644
ord1146
ord2578
ord6648
ord2297
ord2363
ord3873
ord500
ord772
ord6142
ord5860
ord1229
ord5232
ord2147
ord1180
ord1568
ord5268
ord2149
ord3297
ord5572
ord4171
ord6605
ord2582
ord3370
ord3286
ord6907
ord6007
ord3998
ord2292
ord2365
ord2289
ord3903
ord699
ord6888
ord3438
ord912
ord397
ord2096
ord6675
ord4268
ord6380
ord6442
ord4123
ord1829
ord2086
ord5789
ord1929
ord2450
ord2455
ord2763
ord816
ord562
ord2919
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord2879
ord2878
ord4151
ord4077
ord5237
ord2649
ord1665
ord674
ord366
ord4457
ord1113
ord6564
ord6565
ord6619
ord2117
ord5252
ord4427
ord1114
ord3906
ord4413
ord3403
ord955
ord5282
ord6379
ord5882
ord2920
ord4499
ord6828
ord4724
ord5030
ord3870
ord3021
ord5054
ord5805
ord4590
ord2817
ord4337
ord4436
ord2587
ord4406
ord3394
ord3729
ord804
ord6785
ord3719
ord2135
ord5794
ord2688
ord4400
ord3630
ord682
ord3693
ord6696
ord6654
ord3910
ord4243
ord2358
ord3318
ord1949
ord5782
ord1176
ord2714
ord3302
ord5431
ord3348
ord4351
ord2989
ord3353
ord3579
ord696
ord2625
ord297
ord394
ord619
ord4021
ord2033
ord4185
ord5590
ord3435
ord909
ord3443
ord3786
ord5628
ord1105
ord2078
ord3920
ord1572
ord465
ord4188
ord2097
ord6762
ord6876
ord5856
ord3220
ord697
ord910
ord4186
ord395
ord2580
ord2299
ord2652
ord1669
ord6407
ord3296
ord703
ord5445
ord404
ord3290
ord2123
ord668
ord3178
ord3181
ord4058
ord2781
ord2770
ord356
ord1795
ord3496
ord326
ord6130
ord4034
ord1154
ord4020
ord5148
ord5933
ord1576
ord2116
ord4148
ord4480
ord2574
ord3572
ord2452
ord2753
ord2639
ord2405
ord2713
ord5678
ord5736
ord6625
ord2921
ord2923
ord4454
ord4364
ord6862
ord6593
ord6594
ord6931
ord6860
ord6749
ord6491
ord620
ord6802
ord6820
ord2585
ord4365
ord1709
ord1714
ord4404
ord5258
ord3722
ord796
ord529
ord4265
ord6067
ord6000
ord3294
ord4115
ord4759
ord5039
ord5063
ord1871
ord654
ord5858
ord341
ord2064
ord5448
ord5606
ord3986
ord3273
ord786
ord2504
ord438
ord1706
ord430
ord2461
ord6389
ord519
ord5645
ord1265
ord3732
ord4270
ord5873
ord2784
ord6779
ord2152
ord6194
ord4333
ord6603
ord4083
ord6604
ord4284
ord2012
ord5885
ord5884
ord3289
ord2922
ord4163
ord554
ord384
ord807
ord3730
ord2444
ord5248
ord5064
ord5279
ord6369
ord5234
ord1715
ord1710
ord5086
ord2389
ord4121
ord5471
ord4056
ord4366
ord2530
ord6154
ord3295
ord3293
ord3996
ord6905
ord3640
ord4402
ord4275
ord3874
ord2107
ord2044
ord2448
ord2841
ord5834
ord809
ord3610
ord656
ord793
ord686
ord616
ord2614
ord2764
ord923
ord535
ord4202
ord940
ord4226
ord924
ord290
ord858
ord614
ord4622

msvcrt

memset
memcpy
__CxxFrameHandler
_strcmpi
_stricmp
_wcsicmp
_setmbcp
__p__commode
__p__fmode
__set_app_type
_controlfp
strlen
_mbsicmp
atoi
memmove
strcpy
_mbscmp
islower
isupper
isalpha
memcmp
wcscmp
_mbschr
__p___argv
_mbsnbicmp
__p___argc
_ftol
_beginthreadex
_CxxThrowException
_mbsnbcat
_itoa
_purecall
_mbsnbcpy
rand
srand
time
abs
strcmp
_mbctoupper
_strupr
_mbstok
sprintf
sscanf
_atoi64
_mbsnbcmp
strncpy
difftime
strcat
isalnum
_mbsstr
_wtoi
_mbsrchr
_ismbcalpha
_mbsinc
strchr
_mbsicoll
_snprintf
_except_handler3
localtime
_mbslwr
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv

kernel32

FreeLibrary
GetSystemDirectoryA
lstrcatA
LoadLibraryA
FindNextFileA
GetProcAddress
ReleaseMutex
CreateProcessA
SetPriorityClass
CreateMutexA
GetLastError
OpenEventA
SetEvent
GetPrivateProfileStringA
GetTickCount
GetCommandLineA
RemoveDirectoryA
OpenFileMappingA
MapViewOfFile
CloseHandle
FindFirstFileA
FindClose
GetCurrentProcess
TerminateProcess
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
lstrlenA
GetPrivateProfileIntA
lstrcmpA
lstrcpyA
lstrcmpiA
GetCurrentThreadId
MultiByteToWideChar
DeleteFileA
ReadProcessMemory
LocalFree
LocalAlloc
GetStartupInfoA
MoveFileA
GetFileAttributesA
CreateEventA
ResumeThread
SetThreadPriority
WaitForSingleObject
TerminateThread
GetExitCodeThread
Sleep
LockResource
LoadResource
FindResourceA
GetModuleHandleA
WritePrivateProfileStringA
CreateFileMappingA
UnmapViewOfFile
SetProcessWorkingSetSize
InitializeCriticalSection
DeleteCriticalSection
InterlockedExchange
CreateThread
LeaveCriticalSection
EnterCriticalSection
_lclose
WriteFile
ReadFile
CreateFileA
GetFileSize
OpenFile
GetFullPathNameA
IsBadReadPtr
CopyFileA
InterlockedIncrement
InterlockedDecrement
GetDiskFreeSpaceExA
GetModuleFileNameA
GlobalFree
GlobalSize
GetVersionExA
GetSystemDefaultLangID
SetFileAttributesA
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateDirectoryA
GetSystemInfo
Module32Next
Module32First
GetCurrentProcessId
VirtualQuery
WriteProcessMemory
VirtualProtectEx
GetTempPathA
GetSystemTime
WideCharToMultiByte
GetWindowsDirectoryA
EnumResourceNamesA
SizeofResource
SetUnhandledExceptionFilter
SetErrorMode
SetFilePointer
GetCurrentThread
GetLocalTime
GetThreadSelectorEntry
VirtualQueryEx

user32

SetWindowTextA
MessageBeep
CheckMenuRadioItem
FillRect
GetClipboardOwner
ChangeClipboardChain
SetClipboardViewer
MonitorFromPoint
GetMonitorInfoA
SystemParametersInfoA
IsZoomed
GetDlgCtrlID
SetWindowPos
RemoveMenu
InsertMenuA
GetWindowThreadProcessId
GetSystemMetrics
LoadBitmapA
GetMenuStringA
GetIconInfo
GetMenuItemInfoA
SetMenuItemInfoA
GetWindow
DrawTextA
SetForegroundWindow
IsIconic
GetLastActivePopup
GetCapture
GetFocus
ClientToScreen
IsWindowEnabled
GetActiveWindow
SetActiveWindow
PeekMessageA
DrawIcon
LoadMenuA
SendMessageA
EnableWindow
KillTimer
GetMenuItemCount
GetMenuItemID
IsClipboardFormatAvailable
GetClipboardData
GetSubMenu
LoadImageA
TranslateMessage
GetMessageA
DispatchMessageA
CopyIcon
GetDC
GetTopWindow
ReleaseCapture
MapWindowPoints
SetFocus
ExitWindowsEx
EnumChildWindows
AppendMenuA
RegisterClipboardFormatA
CreatePopupMenu
WindowFromPoint
keybd_event
TrackPopupMenuEx
EnableMenuItem
SetCapture
SetRectEmpty
SetRect
DrawFrameControl
GetCursor
DestroyCursor
GetClassInfoA
DefWindowProcA
GetWindowLongA
SetWindowLongA
MessageBoxA
FindWindowA
GetPropA
RegisterWindowMessageA
GetKeyState
DrawFocusRect
GetSysColor
InflateRect
GetDesktopWindow
GetMenu
SetMenu
GetSysColorBrush
EndDialog
CallWindowProcA
DrawEdge
DrawStateA
EnumThreadWindows
CheckMenuItem
SetParent
GetDlgItem
GetForegroundWindow
AttachThreadInput
GetDCEx
ScreenToClient
ShowWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
DeleteMenu
CopyRect
MoveWindow
GetClientRect
GetCursorPos
PtInRect
UpdateWindow
IsWindow
IntersectRect
IsRectEmpty
DrawIconEx
LoadIconA
DestroyIcon
GetWindowRect
UnhookWindowsHookEx
SetWindowsHookExA
GetClassNameA
CallNextHookEx
GetParent
LoadCursorA
SetCursor
PostMessageA
EqualRect
GetUpdateRect
InvalidateRect
OffsetRect
SetTimer
ValidateRect
FrameRect
BringWindowToTop
AnimateWindow
SetWindowRgn
ModifyMenuA
ReleaseDC

gdi32

CreateBitmap
FillRgn
CreateSolidBrush
Rectangle
SetPixel
SelectObject
RoundRect
SetBkMode
SetTextColor
CreatePolygonRgn
SetStretchBltMode
CreateFontA
GetTextColor
PatBlt
OffsetRgn
CreateRectRgnIndirect
GetTextMetricsA
CreatePen
CreateRectRgn
CreateRoundRectRgn
CombineRgn
GetTextExtentPoint32A
GetStockObject
GetTextExtentExPointA
StretchBlt
PtInRegion
CreateFontIndirectA
GetObjectA
GetPixel
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetSpecialFolderPathA
SHFileOperationA
Shell_NotifyIconA
SHChangeNotify
SHGetFileInfoA
SHGetMalloc
ShellExecuteExA
SHBrowseForFolderA
ShellExecuteA

comctl32

ImageList_DragShowNolock
ImageList_BeginDrag
ImageList_Destroy
ImageList_Remove
ImageList_Draw
ImageList_LoadImageA
ImageList_DragMove
ImageList_AddMasked
ImageList_GetImageInfo
ImageList_DragEnter
_TrackMouseEvent
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetImageCount
ImageList_EndDrag
ImageList_DragLeave

ole32

RegisterDragDrop
CLSIDFromProgID
CoCreateInstance
CLSIDFromString
ProgIDFromCLSID
StgOpenStorage
CoTaskMemFree
StgCreateDocfile
StringFromCLSID
RevokeDragDrop

oleaut32

SysFreeString
SysAllocString
VariantCopy
VariantClear
SysStringLen
SysAllocStringLen

msvcp60

??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0Init@ios_base@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?close@?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_fstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

ws2_32

inet_addr

imagehlp

SymInitialize
SymSetOptions
SymLoadModule
SymGetModuleBase
SymGetSymFromAddr
SymGetModuleInfo
StackWalk
ImageDirectoryEntryToData
SymFunctionTableAccess
CheckSumMappedFile

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 768KB - Virtual size: 766KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 748KB - Virtual size: 746KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.T�
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b84ae88c1af4d254b1004dee85fc39c9

Headers

File Characteristics

Imports

winmm

shlwapi

wininet

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp60

ws2_32

imagehlp

version

Sections

.text Size: 768KB - Virtual size: 766KB

.rdata Size: 176KB - Virtual size: 172KB

.data Size: 24KB - Virtual size: 39KB

.rsrc Size: 748KB - Virtual size: 746KB

.T� Size: 232KB - Virtual size: 232KB

.text
Size: 768KB - Virtual size: 766KB

.rdata
Size: 176KB - Virtual size: 172KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 748KB - Virtual size: 746KB

.T�
Size: 232KB - Virtual size: 232KB