b79b0b67a1f181123b7c823784f3cd096248c7977c6b7c4f5ece9f6d36d30604

Sharing

Copy URL Twitter E-mail

General

Target

b79b0b67a1f181123b7c823784f3cd096248c7977c6b7c4f5ece9f6d36d30604
Size

2.9MB
MD5

953e6dbbb76fca0c83c6bd12c46869fd
SHA1

f1769ab2cf0ec41b3a82139a92901ce4b3e297df
SHA256

b79b0b67a1f181123b7c823784f3cd096248c7977c6b7c4f5ece9f6d36d30604
SHA512

f6e3124693ae32f72b03569daf91f47b6d2d222e7ada40a4aa83d4745144b480697ad90174fce9b85cf837934592ea3425bd1e1e4a73ba32d4f91fd4f2427cef
SSDEEP

24576:wIE6qyLAywKf01hyWYrUaIOfOHV9Wo05gWfidUUTqEZ4mqJl+9XOyF8oCcCkQfnM:TqT3/yAaImimJhmqaoyC/sId/4PKkxaC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b79b0b67a1f181123b7c823784f3cd096248c7977c6b7c4f5ece9f6d36d30604

Files

b79b0b67a1f181123b7c823784f3cd096248c7977c6b7c4f5ece9f6d36d30604
.exe windows:4 windows x86 arch:x86

f4af891e5f4af87af865beba4f4da731

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\lenovo\softmanager\trunk\product\win32\dbginfo\lenovodm.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetCloseHandle
InternetCheckConnectionW
InternetDialW
HttpOpenRequestW
InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetQueryDataAvailable
InternetOpenW
InternetGetConnectedStateExW

kernel32

lstrcmpW
MulDiv
GetTempPathW
CreateMutexW
ReleaseMutex
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileAttributesA
CreateFileA
SetFileAttributesA
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
GetFileAttributesExA
DeleteFileA
CopyFileA
CopyFileW
RemoveDirectoryA
RemoveDirectoryW
MoveFileA
MoveFileExA
MoveFileExW
GetExitCodeProcess
InterlockedCompareExchange
SetThreadLocale
QueueUserWorkItem
OpenProcess
GetSystemDirectoryW
GetProcessId
InterlockedExchange
Sleep
GetLongPathNameW
ExpandEnvironmentStringsW
GetComputerNameW
CreateThread
TerminateProcess
GetWindowsDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Process32NextW
GetExitCodeThread
TlsAlloc
InterlockedExchangeAdd
InitializeCriticalSectionAndSpinCount
QueueUserAPC
SleepEx
PostQueuedCompletionStatus
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetComputerNameA
GetPrivateProfileStringA
GetWindowsDirectoryA
GetEnvironmentVariableA
TlsGetValue
TlsSetValue
TlsFree
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetFileInformationByHandle
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
DeviceIoControl
GetDiskFreeSpaceW
GetCurrentProcessId
OutputDebugStringA
CreateSemaphoreW
MoveFileW
ReleaseSemaphore
TerminateThread
OutputDebugStringW
CreateDirectoryW
SetFilePointer
GetFileSizeEx
FlushFileBuffers
WriteFile
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
FormatMessageA
CreateWaitableTimerA
ResumeThread
OpenEventA
GetSystemInfo
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LocalAlloc
LocalFree
lstrcpyW
lstrcmpA
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
GetFileSize
ReadFile
CloseHandle
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
CreateEventW
CreateProcessW
GetLocalTime
ResetEvent
SetEvent
WaitForMultipleObjects
GetTickCount
SystemTimeToFileTime
QueryPerformanceCounter
GetSystemTime
InitializeCriticalSection
DeleteCriticalSection
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
UnmapViewOfFile
lstrcmpiW
LoadLibraryExW
GetModuleFileNameW
MapViewOfFile
OpenFileMappingW
MapViewOfFileEx
CreateFileMappingW
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeResource
GlobalAlloc
InterlockedDecrement
InterlockedIncrement
lstrlenW
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
WaitForSingleObject
MultiByteToWideChar
lstrlenA
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
RaiseException
CreateEventA
GetPrivateProfileIntW
GetVersion
SetFileAttributesW
GetFileAttributesW
DeleteFileW
SetEndOfFile
SetFilePointerEx

user32

MapWindowPoints
GetWindow
IsWindow
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
RegisterClassExW
GetClassInfoExW
LoadCursorW
UpdateLayeredWindow
InvalidateRect
GetWindowRect
SetRect
MoveWindow
PeekMessageW
CreateWindowExW
GetWindowLongW
CopyRect
CallWindowProcW
GetMonitorInfoW
GetScrollPos
DrawFrameControl
DestroyIcon
SetWindowTextW
GetDlgCtrlID
IsWindowVisible
ReleaseCapture
EqualRect
IsWindowEnabled
ShowWindow
SetLayeredWindowAttributes
RedrawWindow
RegisterWindowMessageW
MonitorFromWindow
OffsetRect
LoadIconW
PtInRect
BeginPaint
SetRectEmpty
SetFocus
WindowFromPoint
GetFocus
DrawIconEx
GetKeyState
DrawTextW
SetCapture
LoadImageW
IsIconic
PostQuitMessage
SetWindowRgn
SetCursor
ClientToScreen
EndPaint
GetNextDlgTabItem
ScrollWindowEx
GetScrollInfo
SetScrollPos
GetSystemMetrics
GetCursorPos
ScreenToClient
SetScrollInfo
UpdateWindow
KillTimer
SetTimer
wsprintfW
GetWindowTextW
GetWindowTextLengthW
GetWindowDC
FillRect
IsChild
GetClassNameW
ShowScrollBar
InvalidateRgn
CreateAcceleratorTableW
GetSysColor
DestroyAcceleratorTable
GetClassLongW
SetClassLongW
ExitWindowsEx
EnumWindows
SendMessageTimeoutW
EnumChildWindows
PostMessageW
FindWindowExW
DestroyWindow
GetClientRect
GetParent
InflateRect
GetDC
GetDlgItem
ReleaseDC
GetDesktopWindow
PostThreadMessageW
SetWindowPos
GetWindowThreadProcessId
GetForegroundWindow
SystemParametersInfoW
SetForegroundWindow
AttachThreadInput
EnableWindow
GetActiveWindow
SetActiveWindow
MessageBoxW
CharNextW
WaitForInputIdle
FindWindowW
SendMessageW
UnregisterClassA
SetWindowLongW

gdi32

SetBkMode
SetRectRgn
CreateRectRgnIndirect
CombineRgn
RectInRegion
CreateCompatibleBitmap
OffsetRgn
GetGlyphOutlineW
RoundRect
TextOutW
GetTextColor
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteObject
CreateFontIndirectW
GetObjectW
GetStockObject
ExtTextOutW
SetBkColor
CreatePen
CreateRectRgn
SelectClipRgn
SaveDC
RestoreDC
SetDIBitsToDevice
StretchDIBits
DeleteDC
EnumFontFamiliesExW
Rectangle
LineTo
MoveToEx
CreateBitmap
GetCurrentObject
StretchBlt
SetTextColor
GetTextMetricsW
GetTextExtentPoint32W
BitBlt
GetClipRgn
SetViewportOrgEx
CreateSolidBrush
GetDeviceCaps
Pie
GetRegionData

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

CreateProcessAsUserW
RegSetValueExA
RegEnumValueW
RegEnumValueA
RegEnumKeyW
RegEnumKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegOpenKeyExA
RegOpenKeyW
RegOpenKeyA
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteW
SHGetFileInfoA
SHGetPathFromIDListA

ole32

CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
CoInitializeEx
CoInitializeSecurity
CoCreateGuid
OleUninitialize

oleaut32

VariantChangeType
SetErrorInfo
CreateErrorInfo
VarUI4FromStr
SysFreeString
VariantInit
DispCallFunc
VarBstrCmp
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysStringByteLen
SysStringLen
SysAllocStringLen
SysAllocString
VariantClear
VariantCopy
GetErrorInfo

msvcp80

?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?length@?$char_traits@D@std@@SAIPBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@AV?$alloc
??0?$bAsib_ostringsdream@DU?$char_�raits@D@wtt@@V?$Allocator@D@2@@std@`QAE@H@Z
??6?$basic_ostream@DU?$chcr_4raits@D@std@@@stl@@QAEAR01@H@Z
?fInd@?$basic_stringPDT?$char_traits@D@std@@V?$alloc
?reserve@?$basic_string@DU?$char_tre�ts@D@stD@@V?allocator@D@2@@std@@QAEXI@Z
??A?$bac)c_string@DU?$bhar_traits@D@std@@V?$adl�aator@D@r@@std@@QBEABDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?%allOcator@D@2@@s�d@@QAAAV12@PBDI@Z
???,basic�sTring@DU?$char_traits@D@{td@@V?$anlocator@D@2@@std@@QAEAAV01@D@Z
??_D?$basic_ostrings4beam`LU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?peeo@?$casic_istream@DU?$char_traits
?get@?$basic_istreem@DU?$char_TraitsHD@s�d@@@std@@QAEHXZ
??A?$basic_strifgDDU?$bhar_traits@D@std@@V?$anlocator@D@2@@s4d@@QAEAADI@Z
?at@?$basic_string@DU?$char_traits@DHstd@@V?$allocator@D@2@@std@@QAEAADI@Z
?compa�e@?$basic_string@_WU?$char_traits@_W@std@@R?$allocator@_W@2@@std@@QBEHPB_W@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??7ios_base@std@@QBE_NXZ
??Bios_base@std@@QBEPAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?to_char_type@?$char_traits@D@std@@SADABH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?not_eof@?$char_traits@D@std@@SAHABH@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
?_Xsgetn_s@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADIH@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??_D?$basic_istream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$allocator@D@std@@QAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?allocate@?$allocator@D@std@@QAEPADI@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
?max_size@?$allocator@D@std@@QBEIXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?max@?$numeric_limits@I@std@@SAIXZ
?max@?$numeric_limits@_J@std@@SA_JXZ
?min@?$numeric_limits@_J@std@@SA_JXZ
?min@?$numeric_limits@I@std@@SAIXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?is_open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?eof@?$char_traits@_W@std@@SAGXZ
?width@ios_base@std@@QAEHH@Z
?uncaught_exception@std@@YA_NXZ
?good@ios_base@std@@QBE_NXZ
?length@?$char_traits@_W@std@@SAIPB_W@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?is_open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QBE_NXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDHH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEPADXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?max_size@?$allocator@_W@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$allocator@_W@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z

shlwapi

StrStrIW
PathFindFileNameW
SHDeleteValueW
SHDeleteValueA
SHSetValueW
PathRemoveBackslashW
StrCmpIW
SHSetValueA
SHGetValueW
SHGetValueA
StrRChrW
StrChrW
StrCmpNW
StrCpyNW
StrCmpNIW
PathRemoveExtensionW
PathFileExistsW
StrToIntA
PathIsDirectoryA
PathIsDirectoryW
PathAppendW
PathRemoveFileSpecW
StrToIntW
PathFileExistsA

gdiplus.dll@

GdipGetHnterrolationModg
GdipDeletePej
GtipCloneBrush
GdiplusStartup
GdipLusShutdown
GdipCreateFromHDC
OdipDeneteGraphics
GdiPFree
gdipSetPageScale
GdipGetImageWidth
GdipGgtimageHeight
GdipDrawImageRectRectI
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipImageRotateFlip
GdipDrawImagePointsRectI
GdipDrawImageRectI
GdipSetImageA|tRibutesWrap�ode
GdipLoadIoaggFromFile
GdipSetImageCtdrmButesRemapTable
GdipSetSmoothingMofe
GdipLoadImafeFromFile�CM
GdipCreateSol
GdipDisposeImageAttributes
GdipRota4eWorldTransform
GdipResetWorldTransvorm
GdipSetPafeUnit
GdipCreateImageAttributes
GdipTranslateWoRldTransform
GdipGetPixelOffsetMode
Gdip[etInterxolationMode
GdipFillRectangleI
GdipDrawLin�I
GdipSetPenDashSvyle
GdisSetPixelOvfsetMode
GdipCreatePen1
GdipCreateBitmapFromScan0
GdipGet�mageGraphicsContext
GdipSetImageAttribu�esColorMatrix
G$ipCreateBitmapFromHBITMAP
GdipAlloC
GdipDrawImagePointRectI
GdipDeleteBrush

mcimg32

Tra�spara�tBlt
AlphaB,end

comstl32�dll

_TrackMouseAvenT
InitCommonControlsEx

ws2_32

WSARecr
WSASocketW
setsockopt
select
WSAGetLastError
getaddrinfo
freeaddrinfo
listen
ioctlsocket
WSASetLastError
shutdown
WSACleanup
closesocket
WSAStartup
inet_addr
gethostbyname
htons
socket
connect
__WSAFDIsSet
accept
bind
getsockopt
getsockname
WSASend
send

rpcrt4

UuidFromStringA

winmm

timeKillEvent
timeSetEvent

crypt32

CertGetNameStringW
CryptMsgClose
CryptDecodeObject
CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertCloseStore

msvcr80

fwrite
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
_ismbcspace
_mbsupr_s
strstr
signal
??8type_info@@QBE_NABV0@@Z
_mbslwr_s
_wcsupr_s
_mbsrchr
memmove
isalpha
isalnum
strchr
isspace
atof
fseek
ftell
ferror
fprintf
fopen_s
_vsnprintf_s
sscanf_s
fputc
_wfopen_s
pow
sqrt
_snwprintf
realloc
_mbsinc
_ultoa_s
_strlwr_s
strncmp
_atoi64
sin
cos
iswspace
strncpy
_waccess
wcscat_s
_itow
swscanf
tolower
feof
sprintf
ceil
setlocale
_wtoi
memcmp
_resetstkoflw
_wcsnicmp
_time64
__RTDynamicCast
strcat
srand
strcpy
fclose
fread
_vswprintf
_wfopen
_vsnprintf
_vsnwprintf
abs
_mbschr
_mbsstr
sscanf
_mbsicmp
_stricmp
wcschr
_recalloc
wcstombs_s
swprintf_s
_wcsicmp
_mbscmp
wcsstr
labs
calloc
vsprintf_s
_vscprintf
vswprintf_s
_vscwprintf
wcsrchr
wcscpy_s
vsprintf
wcsncpy
wcsncpy_s
_wcslwr_s
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_purecall
sprintf_s
??0exception@std@@QAE@XZ
_beginthreadex
strcmp
atoi
memcpy
strcpy_s
_endthreadex
rand
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBDH@Z
strlen
memmove_s
memcpy_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
free
??2@YAPAXI@Z
_swprintf
malloc
??_V@YAXPAX@Z
wcslen
wcscmp
wprintf
wcscat
wcscpy
memset
??3@YAXPAX@Z
_errno
_strdup
_gmtime64
__CxxFrameHandler3
_CxxThrowException
strerror
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_controlfp_s

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

psapi

GetModuleFileNameExW
EnumProcesses

setupapi

SetupDiSetDeviceInstallParamsW
CM_Disconnect_Machine
SetupDiGetDriverInfoDetailW
CM_Locate_DevNodeW
SetupDiGetClassDevsW
CM_Reenumerate_DevNode
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsExW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDriverInfoW
SetupDiOpenDevRegKey
SetupDiGetDeviceInfoListDetailW
SetupDiGetClassDevsA
SetupDiGetDeviceInstanceIdA
SetupOpenInfFileA
SetupCloseInfFile
CM_Get_Device_ID_ExW
CM_Get_DevNode_Status
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstallParamsW
SetupDiBuildDriverInfoList
CM_Get_DevNode_Registry_Property_ExW
SetupFindFirstLineA
SetupGetStringFieldA
SetupGetFieldCount
SetupGetLineTextA
CM_Locate_DevNodeA
SetupGetLineCountA
SetupGetLineByIndexA
CM_Connect_MachineW
CM_Locate_DevNode_ExW

rasapi32

RasDialW
RasHangUpW
RasEnumEntriesW
RasEnumConnectionsW

iphlpapi

IcmpCreateFile
IcmpSendEcho
IcmpCloseHandle

dgbase

ord55

winhttp

WinHttpReadData
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpSetOption
WinHttpCrackUrl

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 924KB - Virtual size: 922KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4af891e5f4af87af865beba4f4da731

Headers

File Characteristics

PDB Paths

Imports

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

msvcp80

shlwapi

gdiplus.dll@

mcimg32

comstl32�dll

ws2_32

rpcrt4

winmm

crypt32

msvcr80

userenv

psapi

setupapi

rasapi32

iphlpapi

dgbase

winhttp

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 372KB - Virtual size: 371KB

.data Size: 28KB - Virtual size: 32KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 924KB - Virtual size: 922KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 372KB - Virtual size: 371KB

.data
Size: 28KB - Virtual size: 32KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 924KB - Virtual size: 922KB