b326d02ed224119c4427e61dc43aace1d3a7bb5487840a9691e01d3f89118db1

Sharing

Copy URL Twitter E-mail

General

Target

b326d02ed224119c4427e61dc43aace1d3a7bb5487840a9691e01d3f89118db1
Size

306KB
MD5

7660daa7e0e0c2a56332a8d3f86b6d03
SHA1

df3185b16d70268aa9815a57c8e2ef291d508f0b
SHA256

b326d02ed224119c4427e61dc43aace1d3a7bb5487840a9691e01d3f89118db1
SHA512

bfbbed4b825926d88f064f84938004f8b703e84da54d52d3f757b5dee5e5c9a59b9033360163348b47db525ef4bc4e80bf922836952b58cf9125e90d99b64565
SSDEEP

6144:KwXJ0Pj5FEmnf1wM0kZZRH/XQ+LXH2D+X8B92GGzLE+s8XrU:jZ0rniMVXQ+LGgzLEDiU

Score

N/A

Malware Config

Signatures

Files

b326d02ed224119c4427e61dc43aace1d3a7bb5487840a9691e01d3f89118db1
.exe windows x86

15dd7c244535280e38c9bf636fdd3bac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

InitializeSecurityContextW
SaslGetProfilePackageA
ImportSecurityContextA
SaslIdentifyPackageA
LsaCallAuthenticationPackage
AcquireCredentialsHandleW
TranslateNameA
QuerySecurityContextToken
LsaRegisterLogonProcess
DecryptMessage
QueryContextAttributesW
VerifySignature
SaslInitializeSecurityContextW
SaslIdentifyPackageW

kernel32

SetConsoleMenuClose
SetComputerNameExA
GetFirmwareEnvironmentVariableW
WritePrivateProfileStructW
GlobalAlloc
GetSystemInfo
TransactNamedPipe
BaseUpdateAppcompatCache
FormatMessageA
SetLastError
SetPriorityClass
IsBadHugeWritePtr
GetCPInfo
LoadLibraryW

w32topl

ToplIterAdvance
ToplScheduleCacheCreate
ToplEdgeSetWeight
ToplVertexFree
ToplEdgeCreate
ToplGraphFree
ToplScheduleMerge
ToplVertexSetParent
ToplSetAllocator
ToplDeleteComponents
ToplEdgeGetWeight
ToplHeapIsElementOf
ToplGraphAddVertex
ToplVertexGetId
ToplEdgeInit
ToplDeleteSpanningTreeEdges
ToplScheduleCreate
ToplFree
ToplScheduleImport
ToplEdgeGetFromVertex
ToplListAddElem
ToplScheduleValid
ToplScheduleDuration
ToplGraphNumberOfVertices
ToplScheduleNumEntries

ole32

CreateErrorInfo
CLIPFORMAT_UserSize
CoCreateObjectInContext
ReadStringStream
OleQueryLinkFromData
CoGetObjectContext
HMENU_UserSize
CoMarshalHresult
CLIPFORMAT_UserUnmarshal
HBITMAP_UserSize

mfcsubs

?MakeLower@CString@@QAEXXZ
??0CString@@QAE@PBD@Z
??O@YG_NPBGABVCString@@@Z
??1CString@@QAE@XZ
??O@YG_NABVCString@@PBG@Z
?Lock@CCriticalSection@@QAEHXZ
?FormatMessageW@CString@@QAAXIZZ
??0CSyncObject@@QAE@PBG@Z
??8@YG_NABVCString@@0@Z
??_7CCriticalSection@@6B@
??H@YG?AVCString@@ABV0@D@Z
??4CString@@QAEABV0@PBD@Z
??N@YG_NABVCString@@0@Z
??BCString@@QBEPBGXZ
??8@YG_NABVCString@@PBG@Z
??N@YG_NPBGABVCString@@@Z
?GetAllocLength@CString@@QBEHXZ
??4CString@@QAEABV0@ABV0@@Z
?Lock@CCriticalSection@@UAEHK@Z
??_7CMapStringToPtr@@6B@
?RemoveAll@CMapStringToPtr@@QAEXXZ
?Release@CString@@KGXPAUCStringData@@@Z
?ConcatInPlace@CString@@IAEXHPBG@Z
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
??0CString@@QAE@PBGH@Z
?Create@CPlex@@SGPAU1@AAPAU1@II@Z
?GetBuffer@CString@@QAEPAGH@Z
?HashKey@CMapStringToPtr@@QBEIPBG@Z

perfctrs

CloseNbfPerformanceData
CollectIPXPerformanceData
OpenNbfPerformanceData
CollectNbfPerformanceData
CollectTcpIpPerformanceData
CloseDhcpPerformanceData
OpenNWNBPerformanceData
OpenSPXPerformanceData
OpenDhcpPerformanceData
CloseTcpIpPerformanceData
CloseSPXPerformanceData
CollectSPXPerformanceData
OpenIPXPerformanceData
CloseNWNBPerformanceData
CollectDhcpPerformanceData
CollectNWNBPerformanceData
CloseIPXPerformanceData
OpenTcpIpPerformanceData

winsta

ServerLicensingLoadPolicy
_WinStationAnnoyancePopup
WinStationIsHelpAssistantSession
WinStationQueryUpdateRequired
ServerLicensingGetAvailablePolicyIds
ServerQueryInetConnectorInformationA
WinStationEnumerate_IndexedA
_WinStationBeepOpen
WinStationFreeMemory
WinStationWaitSystemEvent
WinStationShadow
ServerLicensingGetPolicyInformationW
_WinStationReadRegistry
_WinStationNotifyNewSession
WinStationInstallLicense
WinStationGetProcessSid
_NWLogonSetAdmin

ir41_qcx

DllMain
Compress
CompressFramesInfo
CompressBegin
SetScalability
CompressEnd
AllocInstanceData
FreeInstanceData

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

15dd7c244535280e38c9bf636fdd3bac

Headers

File Characteristics

Imports

secur32

kernel32

w32topl

ole32

mfcsubs

perfctrs

winsta

ir41_qcx

Sections

.text Size: 174KB - Virtual size: 173KB

.rdata Size: 7KB - Virtual size: 16KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 171KB

.rsrc Size: 50KB - Virtual size: 49KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 28KB - Virtual size: 28KB

.text
Size: 174KB - Virtual size: 173KB

.rdata
Size: 7KB - Virtual size: 16KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 171KB

.rsrc
Size: 50KB - Virtual size: 49KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 28KB - Virtual size: 28KB