2b6a1c540e6e65db0f0f0658554a0288ab7e02ec295ebf5f89d2bf0289870a63[.]exe[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

2b6a1c540e6e65db0f0f0658554a0288ab7e02ec295ebf5f89d2bf0289870a63.exe.zip
Size

5.9MB
MD5

1e78d98fd59c4902c6bb629cedfd8f35
SHA1

4d57cd804b2f65381f8b829ddccdaee7c4ec3d4d
SHA256

4593a4b1096eb79bac01f716c0365418c451e11fa3b4a0c5d3cc0cdbcc61c26f
SHA512

4aa3b718cbb37f6968397cf70694e6db0b3f1af3425b09e2aca8c0045f1b9bab395ed5158bcd7bd7b6fadc098081b0d9bda32ef59de2659fb71ed18796bcc49e
SSDEEP

98304:m8I+6WGsLQPwEy3LHnF4Xzrj+TxjGuPV07epmiI+I3qjbE+bD8A:zI1LscwNq7+1oeNITSH8A

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/2b6a1c540e6e65db0f0f0658554a0288ab7e02ec295ebf5f89d2bf0289870a63.exe	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2b6a1c540e6e65db0f0f0658554a0288ab7e02ec295ebf5f89d2bf0289870a63.exe

Files

2b6a1c540e6e65db0f0f0658554a0288ab7e02ec295ebf5f89d2bf0289870a63.exe.zip
.zip

Password: infected
2b6a1c540e6e65db0f0f0658554a0288ab7e02ec295ebf5f89d2bf0289870a63.exe
.exe windows:5 windows x64 arch:x64

4bcd5551058bd4c1453941638acc892d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mfc90u

ord1110
ord3424
ord4596
ord2907
ord5696
ord5345
ord5362
ord4687
ord4050
ord2303
ord5358
ord5356
ord3005
ord1966
ord3932
ord5511
ord6363
ord5230
ord1025
ord5314
ord4322
ord4856
ord5013
ord2067
ord1714
ord1713
ord1582
ord3135
ord6053
ord1661
ord1658
ord4048
ord1429
ord4355
ord5284
ord5201
ord6421
ord4294
ord3494
ord4843
ord1635
ord6101
ord5367
ord5365
ord938
ord943
ord947
ord945
ord949
ord2455
ord2475
ord2459
ord2465
ord3906
ord5713
ord2463
ord2461
ord2478
ord2473
ord2457
ord2480
ord2468
ord2450
ord2452
ord2470
ord2233
ord2226
ord1553
ord6423
ord3902
ord6425
ord3436
ord5093
ord6027
ord3014
ord1389
ord5307
ord2010
ord1699
ord1698
ord1634
ord2602
ord2797
ord2904
ord2065
ord2110
ord4438
ord6424
ord3901
ord6422
ord4121
ord4145
ord1080
ord2214
ord1422
ord4419
ord2780
ord2932
ord2605
ord2711
ord2598
ord3818
ord3819
ord3516
ord3784
ord2133
ord1576
ord4343
ord3250
ord598
ord355
ord614
ord3247
ord1149
ord1980
ord296
ord3297
ord3291
ord5767
ord1975
ord2432
ord5861
ord3862
ord4222
ord336
ord600
ord1152
ord1306
ord1307
ord332
ord3249
ord290
ord3948
ord3947
ord4139
ord5619
ord1071
ord3930
ord1186
ord1103
ord772
ord577
ord3783
ord4658
ord6321
ord6315
ord722
ord512
ord6207
ord2515
ord2326
ord4187
ord2532
ord285
ord1519
ord6259
ord916
ord293
ord3008
ord4035
ord4699
ord5335
ord3740
ord617
ord362
ord3535
ord917
ord2325
ord4103
ord5532
ord791
ord2531
ord5692
ord1512
ord3861
ord2722
ord4432
ord3487
ord3173
ord2068
ord642
ord393
ord2218
ord6209
ord756
ord3408
ord4351
ord1626
ord2142
ord2437
ord602
ord583
ord775
ord3257
ord4372
ord6234
ord913
ord2433
ord394
ord643
ord2336
ord1469
ord2936
ord6000
ord6008
ord3979
ord5857
ord6023
ord391
ord2122
ord2592
ord3776
ord1596
ord763
ord3415
ord3065
ord4354
ord1629
ord1693
ord2145
ord3428
ord4683
ord744
ord3393
ord5186
ord6127
ord6128
ord3981
ord1840
ord5755
ord2977
ord632
ord3282
ord3548
ord1121
ord2951
ord2949
ord2958
ord5772
ord3899
ord4462
ord6429
ord4225
ord2785
ord6126
ord745
ord3396
ord1621
ord3662
ord1024
ord768
ord574
ord889
ord6159
ord3895
ord2957
ord3493
ord3443
ord3441
ord2956
ord3975
ord6264
ord2860
ord4054
ord3750
ord1603
ord671
ord3317
ord3039
ord3583
ord5966
ord6179
ord2139
ord4349
ord6006
ord4233
ord3439
ord2946
ord4108
ord4231
ord5771
ord3376
ord513
ord2320
ord655
ord3301
ord4347
ord1589
ord1677
ord2137
ord3567
ord4465
ord2012
ord2126
ord1454
ord3694
ord2184
ord6002
ord3983
ord6003
ord6349
ord559
ord570
ord762
ord3261
ord3809
ord2709
ord4051
ord4601
ord4373
ord3073
ord5332
ord5346
ord1954
ord4345
ord1430
ord6056
ord3137
ord1578
ord2136
ord4205
ord1977
ord286
ord280
ord5743
ord589
ord2380
ord316
ord4192
ord2534
ord4188
ord314
ord877
ord392
ord641
ord5217
ord6434
ord1468
ord5452
ord792
ord2378
ord789
ord2975
ord4393
ord2222
ord887
ord1949
ord588
ord2658
ord424
ord664
ord1976
ord1595
ord1061
ord2719
ord4096
ord3492
ord1308
ord1211
ord1215
ord5548
ord1633
ord2435
ord5225
ord759
ord567
ord2937
ord3780
ord769
ord3419
ord3069
ord3685
ord2015
ord5658
ord3391
ord1040
ord1514
ord1209
ord1233

msvcr90

sscanf
vsprintf_s
_atoi64
wcsncpy_s
_splitpath_s
_wsplitpath_s
_stricmp
strstr
tolower
vswprintf_s
toupper
memmove
atoi
atof
fprintf
fopen_s
fclose
fseek
ftell
fread
fputc
ferror
sscanf_s
_vsnprintf_s
isspace
isalpha
isalnum
strchr
strncmp
_wsplitpath
_snwprintf
swscanf
_wmkdir
wcstombs
_wtoi
strrchr
strncpy
mbstowcs
strtol
strcpy_s
_time64
_mktime64
_wcsnicmp
ldiv
_localtime64_s
_memicmp
_wtoi64
_ui64tow
_wfopen
fwrite
srand
rand
wcsncat
wcsncmp
memcpy
memset
free
realloc
malloc
memcmp
strtoul
getenv
_vsnwprintf
_vsnprintf
_exit
raise
__iob_func
strerror
strcmp
qsort
_localtime64
isdigit
fflush
fopen
_setmode
_fileno
feof
fgets
_errno
_strnicmp
isxdigit
_gmtime64
isupper
memchr
fputs
signal
_getch
ceil
floor
strtok
strcspn
printf
sqrt
fgetc
pow
asin
atan2
acos
sin
cos
log
log10
islower
_CxxThrowException
system
ungetc
longjmp
_setjmp
atol
_strupr
strcat
exit
strlen
_snprintf
strcpy
_vswprintf_c_l
strcat_s
_mkdir
__CxxFrameHandler3
wcslen
_endthread
_beginthread
setlocale
_strdup
_lseeki64
?_open@@YAHPEBDHH@Z
_read
_write
_close
asctime
wcschr
swscanf_s
wcstol
_vscwprintf
_wcsupr
wcscmp
wcscpy
wcscat
_mbsrchr
wcstok
iswdigit
wcstoul
_lseek
remove
_tempnam
_amsg_exit
__wgetmainargs
__C_specific_handler
_XcptFilter
_cexit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_wcsicmp
_splitpath
_vsnwprintf_s
wcsstr
wcsncpy
__RTDynamicCast
towupper
towlower
??8type_info@@QEBA_NAEBV0@@Z
_fdopen
_unlink
_wcslwr
??0exception@std@@QEAA@AEBV01@@Z
?what@exception@std@@UEBAPEBDXZ
??1exception@std@@UEAA@XZ
??0exception@std@@QEAA@AEBQEBD@Z
_invalid_parameter_noinfo
??0exception@std@@QEAA@XZ
wcscpy_s
memmove_s
wcscat_s
_vswprintf
sprintf_s
swprintf_s
_purecall
sprintf
memcpy_s
wcsrchr

kernel32

HeapDestroy
HeapReAlloc
HeapSize
GetUserDefaultLCID
GetStringTypeExA
GetStringTypeExW
LCMapStringA
LCMapStringW
DebugBreak
QueryPerformanceFrequency
SetEvent
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
DeleteFileA
lstrcmpiA
GetFileInformationByHandle
SetFileValidData
SetEndOfFile
RemoveDirectoryW
GetFileAttributesW
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemTime
QueryDosDeviceA
GetOverlappedResult
CancelIo
GetPrivateProfileIntA
GetDiskFreeSpaceA
ReleaseMutex
SetFileTime
CreateDirectoryW
GetFileSizeEx
SetFilePointerEx
SetFileAttributesA
SetVolumeMountPointW
GetVolumePathNamesForVolumeNameW
DeleteVolumeMountPointW
FindNextVolumeW
FindFirstVolumeW
GetExitCodeProcess
CreatePipe
GetDriveTypeA
GetModuleHandleA
WaitForMultipleObjects
CreateEventA
GlobalMemoryStatusEx
RaiseException
FindNextFileA
GetFileAttributesA
FindFirstFileA
GetFullPathNameA
GetCurrentDirectoryA
FlushConsoleInputBuffer
GlobalMemoryStatus
QueryPerformanceCounter
GetStdHandle
GetFileType
GetVersion
RtlVirtualUnwind
LocalFree
FormatMessageW
SetThreadLocale
ReadFile
CopyFileW
GetFileSize
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
FlushFileBuffers
WritePrivateProfileStringW
TerminateProcess
CreateProcessW
GetStartupInfoW
HeapFree
GetProcessHeap
HeapAlloc
CompareFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetPrivateProfileIntW
ResetEvent
MulDiv
FindClose
FindNextFileW
MoveFileW
FindFirstFileW
IsBadWritePtr
GetPrivateProfileStringW
GetModuleHandleW
SetLastError
SetFileAttributesW
GetTempFileNameW
GetTempPathW
lstrcpyW
lstrcpynW
lstrlenW
WriteFile
SetFilePointer
OutputDebugStringA
GetModuleFileNameW
GlobalUnlock
GlobalFree
GlobalLock
FreeResource
GlobalAlloc
FindResourceW
LoadResource
LockResource
SizeofResource
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
lstrlenA
DeleteFileW
WritePrivateProfileStringA
SystemTimeToFileTime
GetLocalTime
GetLogicalDrives
WinExec
GetSystemDirectoryW
SetThreadExecutionState
GetPrivateProfileStringA
CreateMutexW
CreateEventW
SetUnhandledExceptionFilter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
GetVolumeInformationW
VirtualFree
VirtualAlloc
CreateFileA
DeviceIoControl
GetVolumeInformationA
GetDiskFreeSpaceExA
FindNextVolumeA
FindVolumeClose
FindFirstVolumeA
GetDiskFreeSpaceExW
GetDriveTypeW
Sleep
TerminateThread
GetVersionExA
LoadLibraryA
WideCharToMultiByte
MoveFileExW
GetNativeSystemInfo
GetVersionExW
IsDebuggerPresent
GetWindowsDirectoryW
IsBadReadPtr
lstrcmpW
WaitForSingleObject
CreateThread
CloseHandle
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryW
MultiByteToWideChar
GetModuleFileNameA
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

LoadStringW
GetProcessWindowStation
GetUserObjectInformationW
FindWindowW
EnableScrollBar
GetScrollPos
SetScrollPos
SetScrollRange
ShowScrollBar
GetMessageW
AnimateWindow
SetLayeredWindowAttributes
SetParent
EqualRect
SetRectEmpty
IsRectEmpty
TrackPopupMenu
InsertMenuItemW
GetAsyncKeyState
EnumChildWindows
UnregisterClassW
DrawFocusRect
DrawFrameControl
UpdateWindow
DispatchMessageW
PeekMessageW
LoadStringA
SetCursor
GetDC
RegisterClassW
LoadCursorW
TrackMouseEvent
DrawIconEx
SetWindowRgn
GetClassLongW
PtInRect
EndPaint
BeginPaint
GetFocus
DispatchMessageA
GetMessageA
TranslateMessage
EndMenu
SetForegroundWindow
BringWindowToTop
wsprintfW
SetActiveWindow
SetCapture
SetFocus
ReleaseCapture
LoadBitmapW
DrawStateW
GetIconInfo
OffsetRect
GetSysColor
DestroyIcon
GetWindowLongW
CopyRect
ClientToScreen
CreateWindowExW
RegisterDeviceNotificationW
DestroyMenu
TrackPopupMenuEx
SetMenuInfo
SetMenuItemBitmaps
LoadImageW
AppendMenuW
CreatePopupMenu
GetCursorPos
RedrawWindow
UnregisterDeviceNotification
DrawIcon
GetSystemMetrics
IsIconic
InflateRect
LoadIconW
GetClassInfoW
GetClientRect
GetWindowDC
SetRect
ReleaseDC
MessageBoxW
PostThreadMessageW
CallWindowProcW
DefWindowProcW
IsWindowVisible
ScreenToClient
GetWindowRect
SetWindowTextW
GetDesktopWindow
SetWindowTextA
SetWindowPos
SetWindowLongPtrW
GetWindowLongPtrW
DrawTextW
EnableWindow
SetTimer
FillRect
FrameRect
InvalidateRect
KillTimer
SendMessageW
PostMessageW
GetParent
IsWindow
DestroyWindow
CreateWindowExA
ShowWindow
GetProcessWindowStation
GetUserObjectInformationW

gdi32

GetStockObject
SelectObject
GetObjectW
DeleteObject
LineTo
MoveToEx
CreatePen
SetTextColor
DeleteDC
CreateSolidBrush
SetBkMode
GetMapMode
DPtoLP
SetPixel
SetDIBits
GetDIBits
GetTextMetricsW
GetBkColor
Polyline
CreateFontA
GetDeviceCaps
StretchBlt
GetTextColor
ExcludeClipRect
CreateRoundRectRgn
SetBkColor
CreateBitmap
CreateFontW
CreateFontIndirectW
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode

msimg32

GradientFill

comdlg32

CommDlgExtendedError
GetSaveFileNameW

advapi32

RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegLoadKeyW
RegUnLoadKeyW
RegOpenKeyW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegEnumValueA
RegOpenKeyExA
CloseEncryptedFileRaw
WriteEncryptedFileRaw
OpenEncryptedFileRawW
RegEnumKeyW
DecryptFileW

shell32

SHGetPathFromIDListW
SHFileOperationW
SHGetSpecialFolderLocation
SHGetFileInfoW
ShellExecuteW
SHGetFolderPathW
SHBrowseForFolderW
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderPathA

comctl32

_TrackMouseEvent
ImageList_LoadImageW
ImageList_GetIconSize
ImageList_Draw
ImageList_ReplaceIcon
ImageList_GetIcon
InitCommonControlsEx

shlwapi

StrRetToStrW

ole32

CoCreateInstance
CoCreateGuid
StgOpenStorage
OleInitialize
CoSetProxyBlanket
CreateStreamOnHGlobal
CoInitializeSecurity
CoInitializeEx
CoTaskMemFree
CoUninitialize

oleaut32

VariantTimeToSystemTime
VariantCopy
VariantInit
VariantClear
VariantChangeType
SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString
OleLoadPicture
OleCreatePictureIndirect
VarBstrFromDate
SafeArrayGetLBound
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetUBound
SystemTimeToVariantTime
CreateErrorInfo
GetErrorInfo
SetErrorInfo

urlmon

URLDownloadToFileW

gdiplus

GdipBitmapLockBits
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromScan0
GdipFree
GdiplusStartup
GdipBitmapUnlockBits
GdipSetSolidFillColor
GdipDrawImageI
GdipDrawImageRectRectI
GdipGetImageGraphicsContext
GdipGraphicsClear
GdipReleaseDC
GdiplusShutdown
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenMode
GdipFillPolygonI
GdipDrawLinesI
GdipDrawImageRectI
GdipCreateFontFromLogfontW
GdipCreateFontFromDC
GdipSetStringFormatLineAlign
GdipCreateLineBrushFromRectI
GdipSetPenColor
GdipFillRectangleI
GdipDrawRectangleI
GdipDrawLineI
GdipFillRectangle
GdipDeletePen
GdipCreatePen1
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImageThumbnail
GdipDeleteFont
GdipDrawString
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDrawImageRectRect
GdipGetImageHeight
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipAlloc

msvcp90

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@AEBV10@0@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W0@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAAEB_W_K@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@_K_W@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAX_K@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@_KD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IEAAX_N_K@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PEB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@AEBV12@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@_K_W@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAHAEBV12@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAHPEB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W_K@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV01@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@_K0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@_KD@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_K_W_K@Z
?flush@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@AEAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
?length@?$char_traits@D@std@@SA_KPEBD@Z
?eq_int_type@?$char_traits@D@std@@SA_NAEBH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?rdstate@ios_base@std@@QEBAHXZ
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?endl@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@AEAV21@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?uncaught_exception@std@@YA_NXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA?AV12@_K0@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@H@Z
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IEAA@V?$allocator@_W@1@@Z
?_Tidy@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IEAAX_N_K@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@0AEBV12@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$allocator@D@std@@QEAA@XZ
??0?$allocator@D@std@@QEAA@AEBV01@@Z
?deallocate@?$allocator@D@std@@QEAAXPEAD_K@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD0@Z
?max_size@?$allocator@D@std@@QEBA_KXZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA?AV12@_K0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV12@_K0AEBV12@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KAEBV12@_K@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@_W@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@_K0AEBV12@@Z
?rbegin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA?AV?$reverse_iterator@V?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@XZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KAEBV12@_K@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2_KB
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@_W@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2_KB
?max@?$numeric_limits@H@std@@SAHXZ
?data@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAX_K@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXAEAV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@_K_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z
??0?$allocator@_W@std@@QEAA@AEBV01@@Z
??0?$allocator@_W@std@@QEAA@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@_K0@Z
?max_size@?$allocator@_W@std@@QEBA_KXZ
?allocate@?$allocator@_W@std@@QEAAPEA_W_K@Z
?deallocate@?$allocator@_W@std@@QEAAXPEA_W_K@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_K_W_K@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?length@?$char_traits@_W@std@@SA_KPEB_W@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PEBD@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@PEB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KXZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IEAAPEA_WXZ
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@AEBV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_NXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@PEBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IEBAPEB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IEBAPEBDXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBG0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPEBDAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KPEB_W_K@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K1@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAH_K0PEBD0@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAAAEAV01@D@Z
?rbegin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA?AV?$reverse_iterator@V?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@XZ
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K1@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@AEBV10@PEBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBA_KPEBD_K@Z
?allocate@?$allocator@D@std@@QEAAPEAD_K@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@_KG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ

mpr

WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW

cabinet

ord22
ord21
ord23
ord20

wininet

InternetOpenW
InternetConnectW
HttpSendRequestW
HttpOpenRequestW
InternetCloseHandle
InternetReadFile

libcurl

curl_easy_init
curl_easy_setopt
curl_easy_perform
curl_easy_cleanup
curl_easy_getinfo
curl_global_cleanup
curl_global_init

psapi

GetProcessMemoryInfo

Exports

Exports

ActiveOnlineDllGetClassObject
RawCreateRAWSearcher
RawCreateRAWSearcherForCellTest
RawGetAnalyserList
RawGetAnalyserMap
RawGetAnalyserMultimap

Sections

.text
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 15.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 449KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

4bcd5551058bd4c1453941638acc892d

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

msimg32

comdlg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

urlmon

gdiplus

msvcp90

mpr

cabinet

wininet

libcurl

psapi

Exports

Exports

Sections

.text Size: - Virtual size: 5.5MB

.rdata Size: - Virtual size: 2.6MB

.data Size: - Virtual size: 15.6MB

.pdata Size: - Virtual size: 480KB

.vmp0 Size: - Virtual size: 1.3MB

.vmp1 Size: 6.3MB - Virtual size: 6.3MB

.reloc Size: 512B - Virtual size: 192B

.rsrc Size: 449KB - Virtual size: 1.2MB

.text
Size: - Virtual size: 5.5MB

.rdata
Size: - Virtual size: 2.6MB

.data
Size: - Virtual size: 15.6MB

.pdata
Size: - Virtual size: 480KB

.vmp0
Size: - Virtual size: 1.3MB

.vmp1
Size: 6.3MB - Virtual size: 6.3MB

.reloc
Size: 512B - Virtual size: 192B

.rsrc
Size: 449KB - Virtual size: 1.2MB