16c8429731efcbeab8f754b25409b312982dab84630d2f668ba3eb534f54bee7

Sharing

Copy URL Twitter E-mail

General

Target

16c8429731efcbeab8f754b25409b312982dab84630d2f668ba3eb534f54bee7
Size

79KB
MD5

e3533ef176938e39c527f3a83c7c0800
SHA1

56c29b301ab269d6b9388bd5b12f8cd1b36a7a58
SHA256

16c8429731efcbeab8f754b25409b312982dab84630d2f668ba3eb534f54bee7
SHA512

0533f2736cfc2407257e074bd7d45c52f5088d05c58149e1f5ae05274b687b2470796f324510cdba0918833c5ac037c02a0a0a7b503561979d2124885cd3db56
SSDEEP

1536:dBq7Tbk7Dlr2uJK4ApO+WdJnz3gZhje32aFLVtc9DXSzh:/GE7Jr22KTmz3gZRueDXih

Score

N/A

Malware Config

Signatures

Files

16c8429731efcbeab8f754b25409b312982dab84630d2f668ba3eb534f54bee7
.exe windows x86

98f03292cd3ddfe033e147c6268f599a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxW
SetCaretBlinkTime
SetFocus
IsDialogMessageW
GetDlgItem
GetMessageExtraInfo
RegisterTasklist
AppendMenuA
EmptyClipboard
EnumWindowStationsA
EnableWindow
OpenDesktopA
DestroyCursor
SetLayeredWindowAttributes
SetMenu
CheckMenuItem
DrawStateW
MessageBeep
GetNextDlgTabItem
CreateIconFromResourceEx
TranslateMessageEx
DdeQueryConvInfo
DlgDirSelectComboBoxExA
AnyPopup
GetMenuCheckMarkDimensions
SetDebugErrorLevel
EnumPropsExW
GetRawInputData
GetKBCodePage
RealGetWindowClassW
PrivateExtractIconsW
GetMenuDefaultItem
MessageBoxIndirectW
GetClipboardData
SetWindowsHookA
InvalidateRgn
IsWindowUnicode
SetDlgItemTextW
WINNLSGetIMEHotkey
CharPrevExA
LoadCursorW
LoadAcceleratorsA
LookupIconIdFromDirectory
PeekMessageA
GetMessageW
DispatchMessageA
ShowOwnedPopups
OpenIcon
GrayStringA
SetUserObjectInformationA
EndMenu
VkKeyScanA
LoadCursorFromFileW
GrayStringW
GetClientRect
FindWindowExA
DdeImpersonateClient
ReleaseDC
LoadStringA
GetWindowContextHelpId
CreateIconIndirect
DestroyMenu
TrackPopupMenu
SetMessageQueue
BroadcastSystemMessageW
WINNLSEnableIME
DdeSetUserHandle
IsWindowInDestroy
RecordShutdownReason
GetUserObjectSecurity
DragDetect
GetShellWindow
ShowCursor
GetKeyboardLayout
TileChildWindows
DrawMenuBar
PackDDElParam
CopyRect
CharNextExA
GetClassInfoExW
GetDCEx
UnhookWindowsHookEx
ExitWindowsEx
GetMenuState
SetUserObjectInformationW
SetWindowTextW
EnumDisplaySettingsExA
GetRawInputBuffer
GetSysColorBrush
ClientThreadSetup

kernel32

PostQueuedCompletionStatus
AddLocalAlternateComputerNameW
HeapUnlock
RemoveDirectoryA
RegisterConsoleIME
InitAtomTable
GetExpandedNameA
LocalFileTimeToFileTime
BaseUpdateAppcompatCache
CompareStringA
LocalReAlloc
VirtualAlloc
ScrollConsoleScreenBufferW
OpenConsoleW
OpenMutexW
GetNumaAvailableMemoryNode
GetProcessShutdownParameters
SetFilePointer
LoadLibraryA
WriteConsoleA
CreateMailslotW
MapViewOfFile
GetNumberFormatA
EnterCriticalSection
GetNumberOfConsoleMouseButtons
GetComputerNameExW
DosDateTimeToFileTime
WriteFile
SetFirmwareEnvironmentVariableA
GlobalCompact
SetUserGeoID
SetCriticalSectionSpinCount
DeleteCriticalSection
MultiByteToWideChar
DeleteVolumeMountPointA
LeaveCriticalSection
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
DeleteFileA

untfs

?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
?QueryName@NTFS_ATTRIBUTE_RECORD@@QBEEPAVWSTRING@@@Z
??1NTFS_MFT_INFO@@UAE@XZ
??1NTFS_UPCASE_TABLE@@UAE@XZ
?QueryVolumeFlagsAndLabel@NTFS_SA@@QAEGPAE00PAVWSTRING@@@Z
?CreateDataAttribute@NTFS_LOG_FILE@@QAEEVBIG_INT@@KPAVNTFS_BITMAP@@@Z
?ReadAgain@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?AllocateFileRecordSegment@NTFS_MASTER_FILE_TABLE@@QAEEPAVBIG_INT@@E@Z
?Initialize@NTFS_MFT_INFO@@QAEEVBIG_INT@@PAVNTFS_UPCASE_TABLE@@EE_K@Z
??0NTFS_EXTENT_LIST@@QAE@XZ
?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z
?Write@NTFS_FILE_RECORD_SEGMENT@@UAEEXZ
??0NTFS_ATTRIBUTE_LIST@@QAE@XZ
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
??0NTFS_UPCASE_FILE@@QAE@XZ
??0NTFS_BAD_CLUSTER_FILE@@QAE@XZ
??1NTFS_ATTRIBUTE_LIST@@UAE@XZ
?ResetIterator@NTFS_INDEX_TREE@@QAEXXZ
?QueryDefaultClustersPerIndexBuffer@NTFS_SA@@SGKPBVDP_DRIVE@@K@Z
?QueryFlags@NTFS_MFT_INFO@@SGEPAXG@Z
?SafeQueryAttribute@NTFS_FRS_STRUCTURE@@QAEEKPAVNTFS_ATTRIBUTE@@0@Z
?QueryAttributeListAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAE@Z
?QueryLcnFromVcn@NTFS_EXTENT_LIST@@QBEEVBIG_INT@@PAV2@1@Z
?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
?Initialize@NTFS_BOOT_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z

msvcirt

?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
??0ostrstream@@QAE@PADHH@Z
?get@istream@@QAEAAV1@PAEHD@Z
??5istream@@QAEAAV0@AAO@Z
??4ofstream@@QAEAAV0@ABV0@@Z
?write@ostream@@QAEAAV1@PBDH@Z
??_8ostream_withassign@@7B@
??4Iostream_init@@QAEAAV0@ABV0@@Z
??0ios@@IAE@ABV0@@Z
?tie@ios@@QAEPAVostream@@PAV2@@Z
?underflow@filebuf@@UAEHXZ
??0exception@@QAE@ABQBD@Z
??_8istream_withassign@@7B@
??1iostream@@UAE@XZ
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??_7ostream@@6B@
??0istream@@IAE@XZ
?sync@strstreambuf@@UAEHXZ
?isfx@istream@@QAEXXZ
?unlock@ios@@QAAXXZ
?open@filebuf@@QAEPAV1@PBDHH@Z
?gptr@streambuf@@IBEPADXZ
??0strstreambuf@@QAE@ABV0@@Z
??1ostream_withassign@@UAE@XZ
??0strstream@@QAE@ABV0@@Z
?cerr@@3Vostream_withassign@@A
??0strstream@@QAE@XZ
??_8istrstream@@7B@
?stossc@streambuf@@QAEXXZ
??_8ifstream@@7B@
?pbackfail@stdiobuf@@UAEHH@Z
??_Eostream_withassign@@UAEPAXI@Z
?write@ostream@@QAEAAV1@PBCH@Z
??6ostream@@QAEAAV0@C@Z
?sync@stdiobuf@@UAEHXZ
??4exception@@QAEAAV0@ABV0@@Z
??_Elogic_error@@UAEPAXI@Z
??_Gistrstream@@UAEPAXI@Z
?setb@streambuf@@IAEXPAD0H@Z
?fd@ofstream@@QBEHXZ
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
?get@istream@@QAEAAV1@PADHD@Z
?str@strstream@@QAEPADXZ
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z

dhcpsapi

DhcpDeleteMScope
DhcpEnumSubnetClientsV4
DhcpEnumMScopeElements
DhcpSetMScopeInfo
DhcpEnumOptions
DhcpGetThreadOptions
DhcpServerBackupDatabase
DhcpEnumSubnetElementsV4
DhcpEnumServers
DhcpServerSetDnsRegCredentials
DhcpGetClientOptions
DhcpDeleteSubnet
DhcpServerQueryAttributes
DhcpSetSuperScopeV4
DhcpGetSubnetInfo
DhcpEnumSubnetElements
DhcpEnumClasses
DhcpGetOptionInfoV5
DhcpSetOptionValue
DhcpServerQueryDnsRegCredentials
DhcpServerGetConfig
DhcpServerRedoAuthorization
DhcpRemoveSubnetElementV4
DhcpDeleteMClientInfo
DhcpGetServerBindingInfo
DhcpDsCleanup
DhcpGetClassInfo
DhcpRemoveMScopeElement

dciman32

DCIOpenProvider
WinWatchNotify
DCIDraw
DCISetDestination
DCICreateOverlay
DCIEnum
DCISetClipList
GetWindowRegionData
DCISetSrcDestClip
DCIEndAccess
WinWatchOpen
DCICloseProvider
DCIBeginAccess
WinWatchDidStatusChange
GetDCRegionData
DCIDestroy
WinWatchGetClipList
WinWatchClose
DCICreatePrimary
DCICreateOffscreen

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98f03292cd3ddfe033e147c6268f599a

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

untfs

msvcirt

dhcpsapi

dciman32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 84KB - Virtual size: 198KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 960B

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 84KB - Virtual size: 198KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 960B