245d5df42997df677557706e740202c5f89f2abce539e96df29dbe1abea5e8ae

Sharing

Copy URL Twitter E-mail

General

Target

245d5df42997df677557706e740202c5f89f2abce539e96df29dbe1abea5e8ae
Size

146KB
MD5

b38d4b15dfaf62ed6bd06bdf9545aa39
SHA1

a06b08151416848ce59035432ea4757bea8be7b5
SHA256

245d5df42997df677557706e740202c5f89f2abce539e96df29dbe1abea5e8ae
SHA512

79bb18654bb551017cd141b6fbed58b39f998545fed1d0c3c36c4d7398ac511ba30b09e1a3fe3a6e275b1008f961b47d44d1c38846ee92eb64a04aabafc7f245
SSDEEP

3072:Cn8nBGsEMXOoKBFRamYd5J4/W828GRKbJJYeAmT/fwVBCBP/X:CqAsEgKBFRa9JZJSJffw+BH

Score

N/A

Malware Config

Signatures

Files

245d5df42997df677557706e740202c5f89f2abce539e96df29dbe1abea5e8ae
.exe windows x86

972c799cc8cf0470f67b7a1c56767843

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsApiRealloc
DnsAsyncRegisterTerm
Dns_SendEx
DnsReplaceRecordSetUTF8
DnsRemoveRegistrations
DnsWriteQuestionToBuffer_W
DnsExtractRecordsFromMessage_W
DnsUpdateTest_UTF8
DnsStringCopyAllocateEx
Dns_SendAndRecvUdp
DnsModifyRecordsInSet_UTF8
DnsQueryConfigDword
DnsQueryConfig
DnsFlushResolverCacheEntry_UTF8
DnsRecordCompare
DnsFlushResolverCacheEntry_A
DnsApiHeapReset
Dns_ParseMessage
DnsRecordSetCopyEx
DnsQuery_UTF8
DnsGetBufferLengthForStringCopy
DnsUpdate
DnsCopyStringEx
DnsNameCopy

sqlunirl

_CreateProcessAsUser_@44
_IsDialogMessage@8
_ExpandEnvironmentStrings_@12
_lstrcat_@8
_GetOpenFileName@4
__lopen_@8
_DrawState_@40
_PrivilegedServiceAuditAlarm_@20
_FindResource@12
_GetMessage_@16
_CreateEnhMetaFile_@16
_ChangeDisplaySettings_@8
newMultiByteFromWideChar
_CharUpper@4
_GetWindowText@12
_SetWindowsHookEx_@16
_VkKeyScan_@4
_CreateDirectoryEx_@12
_GetClassInfoEx_@12
_OemToChar_@8
_OpenWaitableTimer_@12
_SHGetFileInfo_@20
_SetProp@12
_NDdeSetShareSecurity_@16
_ExtractAssociatedIcon_@12
_OpenFileMapping_@12

kernel32

GetModuleHandleA
SetThreadLocale
GetSystemDirectoryW
DosDateTimeToFileTime
CreateActCtxW
_lcreat
CreateSemaphoreA
EnumSystemGeoID
CreateWaitableTimerW
UnregisterWait
Process32FirstW
CmdBatNotification
LoadLibraryA
MultiByteToWideChar
OutputDebugStringW
GetConsoleKeyboardLayoutNameW
GetFirmwareEnvironmentVariableW
GetPrivateProfileStructW

advpack

UserInstStubWrapper
DelNodeRunDLL32
DoInfInstall
NeedRebootInit
GetVersionFromFile
RebootCheckOnInstall
FileSaveRestore
OpenINFEngine
RegSaveRestoreOnINF
LaunchINFSection
TranslateInfStringEx
LaunchINFSectionEx
CloseINFEngine
IsNTAdmin
FileSaveMarkNotExist
RegRestoreAll
GetVersionFromFileEx
FileSaveRestoreOnINF
ExecuteCab
ExtractFiles
RunSetupCommand
TranslateInfString
RegisterOCX
AdvInstallFile
DelNode

wininet

InternetGetCertByURL
DeleteIE3Cache
InternetCombineUrlA
InternetCanonicalizeUrlW
InternetGoOnline
DeleteUrlCacheContainerW
SetUrlCacheConfigInfoW
InternetReadFileExA
GetUrlCacheEntryInfoExW
InternetAlgIdToStringA
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetLockRequestFile
GetUrlCacheGroupAttributeW
FindNextUrlCacheContainerW
FtpFindFirstFileA
DeleteUrlCacheContainerA
GetUrlCacheHeaderData
FindNextUrlCacheEntryExW
HttpEndRequestA
InternetAlgIdToStringW
FtpGetCurrentDirectoryW
FreeUrlCacheSpaceA

cmutil

CmLoadIconA
?GPPS@CIniW@@QBEPAGPBG00@Z
CmEndOfStrW
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
?CloseFile@CmLogFile@@AAEJXZ
??4CIniW@@QAEAAV0@ABV0@@Z
GetOSBuildNumber
??_FCIniA@@QAEXXZ
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
SzToWz
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
?LoadSection@CIniW@@QBEPAGPBG@Z
MakeBold
??4CIniA@@QAEAAV0@ABV0@@Z
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
?SetPrimaryRegPath@CIniA@@QAEXPBD@Z

imagehlp

SymLoadModule64
SymEnumerateSymbolsW
SymSetContext
SymGetSymNext64
SymEnumTypes
SymGetSymNext
SymLoadModule
ImageDirectoryEntryToDataEx
ImageAddCertificate
SymGetModuleBase
RemoveRelocations
SymFindFileInPath
SymGetModuleInfo64
SetImageConfigInformation
SymEnumSymbols
GetImageConfigInformation
FindFileInPath
UnmapDebugInformation
SymGetLineFromAddr
SymEnumerateModules
ReBaseImage64
FindDebugInfoFileEx
SymGetSymFromAddr64

mfcsubs

?SpanExcluding@CString@@QBE?AV1@PBG@Z
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
??0CString@@QAE@PBD@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
??H@YG?AVCString@@ABV0@G@Z
?CopyBeforeWrite@CString@@IAEXXZ
??0CString@@QAE@XZ
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
??8@YG_NABVCString@@0@Z
??4CString@@QAEABV0@D@Z

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

972c799cc8cf0470f67b7a1c56767843

Headers

File Characteristics

Imports

dnsapi

sqlunirl

kernel32

advpack

wininet

cmutil

imagehlp

mfcsubs

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 106KB - Virtual size: 122KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 106KB - Virtual size: 122KB

.rsrc
Size: 3KB - Virtual size: 3KB