91b255ff8577e4c3a1269b8794d6858bda45ac598a0770073b17aaa45a922e80

Sharing

Copy URL Twitter E-mail

General

Target

91b255ff8577e4c3a1269b8794d6858bda45ac598a0770073b17aaa45a922e80
Size

829KB
MD5

022b7625dcf95e9a99abc96907852c88
SHA1

d1de6fa76fee0cd82f24f6b12fe46791ed6534f6
SHA256

91b255ff8577e4c3a1269b8794d6858bda45ac598a0770073b17aaa45a922e80
SHA512

50524e0153ae116ddd6fe99f49ce4a8165a8e2055d9ee6dbb9c986cba5e488aa578e67bca34e84a90502763076bb0b849e92d0ea1d42c570d3ee0425bbd24112
SSDEEP

12288:BJXZiGP2/QVYWYxndOLOt8HkVCOIn+QbdAZCUsrDpTJE6wL2LsJXHDPdXH0iiXZF:XPgQYhnntWkgjRtF3A2LADFk/sVB

Score

N/A

Malware Config

Signatures

Files

91b255ff8577e4c3a1269b8794d6858bda45ac598a0770073b17aaa45a922e80
.exe windows x86

9ff5634371aaa85e781710c060daf398

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ifsutil

?QueryFreeDiskSpace@IFS_SYSTEM@@SGEPBVWSTRING@@PAVBIG_INT@@@Z
?IsATformat@DP_DRIVE@@QBEEXZ
?QuerySize@TLINK@@QBEGXZ
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z
?ForceAutochk@VOL_LIODPDRV@@QAEEEKKGPBVWSTRING@@@Z
?IsFrontEndPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
??0SPARSE_SET@@QAE@XZ
?DiskCopyMainLoop@@YGHPBVWSTRING@@000EPAVMESSAGE@@1@Z
?QueryDisjointRangeAndAssignBuffer@TLINK@@QAEPAXPAVBIG_INT@@PAG1PAXK2@Z
?RemoveAll@SPARSE_SET@@QAEEXZ
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?QueryDriveHandle@DP_DRIVE@@QBEPAXXZ
?Read@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?Recover@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?Read@SECRUN@@UAEEXZ
?EnableFileSystem@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?QueryDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
??1VOL_LIODPDRV@@UAE@XZ
?CheckAndRemove@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?Initialize@TLINK@@QAEEG@Z
?ShellSort@TLINK@@QAEXXZ
?GetCannedSecurity@IFS_SYSTEM@@SGPAVCANNED_SECURITY@@XZ
?QuerySectors@DP_DRIVE@@UBE?AVBIG_INT@@XZ
?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?GetSortedNext@TLINK@@QAEPAXPAX@Z

winmm

waveOutGetNumDevs
mixerMessage
mciGetDeviceIDFromElementIDA
PlaySoundA
waveOutSetPitch
mmioSetBuffer
mmioWrite
SendDriverMessage
mixerGetLineControlsW
joyGetDevCapsA
midiOutCacheDrumPatches
mciSendStringW
mciGetDeviceIDFromElementIDW
waveOutUnprepareHeader
waveOutGetID
midiInGetID
mixerGetNumDevs
midiOutUnprepareHeader
mciGetErrorStringA
mciGetDeviceIDA
mciLoadCommandResource
mmioFlush
mciSendCommandA
DrvGetModuleHandle
OpenDriver
midiStreamPosition
waveOutWrite
NotifyCallbackData
timeKillEvent
mmioStringToFOURCCW

rpcns4

RpcNsEntryObjectInqBeginW
RpcNsMgmtEntryInqIfIdsW
RpcNsEntryObjectInqNext
RpcNsBindingExportPnPW
RpcNsMgmtEntryDeleteW
RpcNsProfileEltAddA
RpcNsMgmtEntryCreateA
RpcNsMgmtInqExpAge
RpcNsGroupMbrInqNextW
RpcNsGroupMbrInqBeginA
RpcNsEntryObjectInqDone

kernel32

TlsSetValue
IsWow64Process
SetCommConfig
CreateMailslotW
GetLocaleInfoW
GetStringTypeA
CreateTimerQueue
VerLanguageNameW
QueryPerformanceCounter
FillConsoleOutputAttribute
LoadLibraryW
GetEnvironmentVariableA
SetConsoleInputExeNameW
WritePrivateProfileStructW
GetDiskFreeSpaceExA
ScrollConsoleScreenBufferW
MoveFileWithProgressW
FreeLibrary
EnumerateLocalComputerNamesA
GetConsoleHardwareState
GetSystemDirectoryW
BuildCommDCBAndTimeoutsW
GetCurrentThread
DuplicateHandle
Module32NextW
FindNextFileW
WriteConsoleOutputW
GetModuleHandleW
FindCloseChangeNotification

wldap32

ldap_parse_extended_resultW
ldap_parse_extended_resultA
ldap_search_init_pageA
ldap_delete_sA
ldap_search_init_page
ldap_set_dbg_flags
ldap_search_st
ldap_create_sort_controlW
ldap_modrdn2_sW
ldap_open
ldap_modify_ext_s

imm32

ImmIsUIMessageA
ImmInstallIMEW
ImmProcessKey
ImmIMPQueryIMEW
ImmGetIMCCSize
ImmInstallIMEA
ImmGetCandidateListA
ImmSimulateHotKey
ImmGetCompositionFontA
ImmIMPQueryIMEA
ImmIMPGetIMEW
ImmGetDefaultIMEWnd
ImmIMPSetIMEA
ImmShowSoftKeyboard

gdi32

SetEnhMetaFileBits
GdiDeleteLocalDC
UnloadNetworkFonts
FONTOBJ_cGetGlyphs
Ellipse
SetBkMode
GdiAlphaBlend
GetDIBColorTable
EngPlgBlt
GetViewportExtEx
StartFormPage
SetTextJustification
GdiEntry5
DdEntry45
SelectPalette

shlwapi

PathRelativePathToA
PathSetDlgItemPathA
SHRegDeleteUSValueA
StrSpnA
PathSkipRootW
PathSetDlgItemPathW
UrlIsOpaqueW
PathStripPathW
PathUnExpandEnvStringsW
StrChrIA
StrSpnW
SHReleaseThreadRef
SHRegDeleteEmptyUSKeyA
StrCatW
PathRemoveArgsW
StrRStrIW
SHGetThreadRef
StrPBrkA
PathUndecorateA

Sections

.text
Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ff5634371aaa85e781710c060daf398

Headers

DLL Characteristics

File Characteristics

Imports

ifsutil

winmm

rpcns4

kernel32

wldap32

imm32

gdi32

shlwapi

Sections

.text Size: 368KB - Virtual size: 368KB

.rdata Size: 108KB - Virtual size: 107KB

.data Size: 197KB - Virtual size: 1.6MB

.rsrc Size: 154KB - Virtual size: 153KB

.reloc Size: 1024B - Virtual size: 880B

.text
Size: 368KB - Virtual size: 368KB

.rdata
Size: 108KB - Virtual size: 107KB

.data
Size: 197KB - Virtual size: 1.6MB

.rsrc
Size: 154KB - Virtual size: 153KB

.reloc
Size: 1024B - Virtual size: 880B