116ee067d87ecea766914076294e920637c0edcd9fef1f8ac783b72ffaae316d

Sharing

Copy URL Twitter E-mail

General

Target

116ee067d87ecea766914076294e920637c0edcd9fef1f8ac783b72ffaae316d
Size

903KB
MD5

03fec0acc2abbf1918f82e59aed7aab8
SHA1

60a2c799df83badea63753342702a0a41ce4b14c
SHA256

116ee067d87ecea766914076294e920637c0edcd9fef1f8ac783b72ffaae316d
SHA512

d46bb7f6116b611f52cf8a52556137d7b3cd571f764c1796702281fc14dc626d97436786960e9d137d87d46ce677d2a234cb39fd2add13e69d45c7fa525ce08b
SSDEEP

12288:/0D6IzcfucEftNz+0omCrm6iltUyV8bpuJPVIL5luf5e6TRLDAr9MZDkAXeLsyCI:fsVZ+0oPrD9USL+rRn69SYzsnnG

Score

N/A

Malware Config

Signatures

Files

116ee067d87ecea766914076294e920637c0edcd9fef1f8ac783b72ffaae316d
.exe windows x86

ef7aa27b67083fd06c6f642ed314ef3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

atmlib

ATMFontStatusW
ATMGetMenuNameW
ATMXYShowText
ATMMakePFMA
ATMFontAvailableA
ATMRemoveSubstFontW
ATMBeginFontChange
ATMGetVersionExW
ATMGetOutline
ATMAddFontExA
ATMGetOutlineA
ATMGetVersion
ATMEndFontChange
ATMInstallSubstFontW
ATMFontSelected
ATMGetNtmFieldsA
ATMGetMenuNameA
ATMGetFontBBox
ATMGetOutlineW
ATMEnumMMFontsA
ATMGetFontPathsW
ATMFontStatusA
ATMGetFontInfoW
ATMBBoxBaseXYShowTextA
ATMMakePFM
ATMGetPostScriptNameA
ATMAddFontA
ATMEnumMMFonts
ATMGetNtmFields
ATMMakePSSW
ATMFontAvailableW
ATMRemoveFont
ATMEnumFonts
ATMXYShowTextA
ATMFontAvailable
ATMGetFontPathsA
ATMAddFontW
ATMForceFontChange
ATMGetGlyphList
ATMClient

user32

AppendMenuW
IsMenu
ToAscii
InSendMessage
GetWindowWord
SetWindowPos
GetGuiResources
PrivateExtractIconExA
CascadeWindows
CharToOemBuffA
ReleaseDC
DeferWindowPos
PostThreadMessageA
OpenInputDesktop
GetCursorInfo
SendMessageTimeoutW
CheckRadioButton
MapVirtualKeyExW
DrawEdge
GetClipCursor
CopyImage
DdeAccessData
mouse_event
GetAncestor
EnumDisplaySettingsExW
PeekMessageA
VkKeyScanExA
SetDlgItemTextW
UnhookWindowsHookEx
CharLowerBuffA

kernel32

OpenSemaphoreW
PostQueuedCompletionStatus
SetConsoleWindowInfo
InterlockedExchange
FreeLibrary
GlobalFix
GlobalAddAtomW
ScrollConsoleScreenBufferW
ResetEvent
WritePrivateProfileStringA
EnumerateLocalComputerNamesW
LZRead
GetNumaAvailableMemoryNode
SetConsoleMaximumWindowSize
LZClose
RegisterWowExec
UnlockFile
RemoveDirectoryA
LocalShrink
CreateTimerQueueTimer
GetPrivateProfileSectionW
GetSystemWow64DirectoryA
ResumeThread
EnumSystemLocalesA
HeapReAlloc
MapViewOfFile
FillConsoleOutputCharacterA
LoadLibraryA
GetSystemWindowsDirectoryA
GetStdHandle
GetCurrentProcessId
HeapCreate
ReleaseSemaphore
PurgeComm
LocalUnlock
VirtualFree
OpenFileMappingA
SuspendThread
ExitProcess
GetNumaNodeProcessorMask
SetEnvironmentVariableW
ReadDirectoryChangesW
AttachConsole
CompareFileTime
GetACP
RegisterWaitForSingleObjectEx
FreeEnvironmentStringsA
GetEnvironmentStringsW
GetUserDefaultUILanguage
FindFirstFileExW
Heap32ListFirst
VirtualAlloc
GetThreadPriorityBoost
GenerateConsoleCtrlEvent
SetLocaleInfoW
LZCopy
GetFullPathNameW
LZSeek
DeleteVolumeMountPointA
FormatMessageW
Heap32First
GetConsoleAliasesA
GetOEMCP
OutputDebugStringA
SetProcessPriorityBoost
MoveFileExA
OutputDebugStringW
GetOverlappedResult
WritePrivateProfileSectionW
InterlockedPushEntrySList
GetProcessAffinityMask
GetSystemTimeAsFileTime
GlobalFree
VirtualUnlock
CreateJobSet
GetStartupInfoA
RemoveLocalAlternateComputerNameA
GetThreadContext

rasman

RasPortOpenEx
RasSendCreds
RasPortEnumProtocols
RasAllocateRoute
RasEnumLanNets
RasRpcGetSystemDirectory
RasGetEapUserInfo
RasActivateRouteEx
RasProtocolEnum
RasPortReceiveEx
RasPortFree
RasDeviceConnect
RasBundleGetPort
RasGetNdiswanDriverCaps
RasRpcDisconnect
RasGetCustomScriptDll
RasGetDialParams
RasGetDeviceName
RasSetConnectionUserData
RasPortClearStatistics
RasGetFramingCapabilities
RasGetDevConfig
RasRpcConnect
RasSecurityDialogGetInfo
RasDeviceGetInfo
RasRpcGetDevConfig
RasGetHportFromConnection
RasSetCachedCredentials
RasPortStoreUserData
RasAddNotification
RasPortListen
RasPortOpen
RasBundleGetStatistics
RasRegisterPnPEvent
RasCompressionSetInfo
RasRegisterRedialCallback
RasCreateConnection
RasBundleGetStatisticsEx

cfgmgr32

CM_Get_Res_Des_Data_Size
CM_Set_HW_Prof_Ex
CM_Delete_Class_Key_Ex
CM_Get_Sibling_Ex
CM_Add_IDW
CM_Create_DevNode_ExW
CM_Set_DevNode_Registry_PropertyW
CM_Get_First_Log_Conf
CM_Enumerate_EnumeratorsA
CM_Get_Resource_Conflict_DetailsW
CM_Get_Class_Key_Name_ExW
CM_Get_Class_Registry_PropertyW
CM_Unregister_Device_InterfaceW
CM_Setup_DevNode
CM_Get_Class_NameA
CM_Get_Device_Interface_List_Size_ExA
CM_Register_Device_Interface_ExA
CM_Create_DevNodeW
CM_Free_Log_Conf_Handle
CM_Reenumerate_DevNode
CM_Locate_DevNode_ExA
CM_Get_Parent_Ex
CM_Unregister_Device_Interface_ExA
CMP_RegisterNotification
CM_Modify_Res_Des
CM_Query_And_Remove_SubTree_ExA
CM_Connect_MachineA
CM_Register_Device_InterfaceW
CM_Is_Dock_Station_Present_Ex
CM_Get_Next_Log_Conf_Ex
CM_Query_Remove_SubTree_Ex
CM_Move_DevNode_Ex
CMP_Init_Detection
CM_Free_Res_Des_Handle
CM_Get_Device_ID_Size_Ex
CM_Set_HW_Prof_FlagsA
CM_Find_Range
CM_Get_HW_Prof_FlagsW
CM_Get_Device_ID_List_SizeA
CM_Get_Class_Registry_PropertyA
CM_Get_Device_Interface_List_SizeA
CM_Get_Res_Des_Data_Ex
CM_Enumerate_EnumeratorsW
CM_Query_And_Remove_SubTreeA
CM_Get_Next_Res_Des_Ex

hhsetup

?FirstLocation@CCollection@@QAEPAVCLocation@@XZ
?SetMasterCHM@CCollection@@QAEXPBDG@Z
??0CTitle@@QAE@XZ
?GetLocation@CTitle@@QAEPAULocationHistory@@K@Z
?GetPath@CLocation@@QAEPADXZ
?IsDirty@CCollection@@QAEHXZ
??4CPointerList@@QAEAAV0@ABV0@@Z
?HandleLocation@CCollection@@AAEKPAVCParseXML@@PAD@Z
?AddChildFolder@CFolder@@QAEPAV1@PBDKPAKG@Z
?DeleteTitle@CCollection@@AAEKPAVCTitle@@@Z
?SetVolume@CLocation@@QAEXPBD@Z
??0CPointerList@@QAE@XZ
?GetTitleW@CFolder@@QAEPBGXZ
?GetTitle@CFolder@@QAEPADXZ
?NewTitle@CCollection@@AAEPAVCTitle@@XZ
?GetTail@CFIFOString@@QAEKPAPAD@Z
?SetExTitlePtr@CFolder@@QAEXPAVCExTitle@@@Z
?RemoveAll@CFIFOString@@QAEXXZ
??0CFIFOString@@QAE@XZ
?WriteFolders@CCollection@@AAEHPAPAVCFolder@@@Z
?GetId@CLocation@@QBEPADXZ
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?bIsVisable@CFolder@@QAEHXZ
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?GetPathW@CLocation@@QAEPBGXZ
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ
??1CPointerList@@QAE@XZ
??1CFolder@@QAE@XZ
?SetId@CTitle@@QAEXPBG@Z
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?IncrementRefTitleCount@CCollection@@QAEXXZ

hlink

HlinkCreateShortcutFromMoniker
DllGetClassObject
HlinkCreateShortcut
HlinkOnNavigate
HlinkResolveShortcutToString
HlinkCreateShortcutFromString
HlinkCreateExtensionServices
HlinkResolveShortcut
HlinkOnRenameDocument
HlinkNavigateToStringReference
HlinkGetSpecialReference
HlinkResolveShortcutToMoniker
OleSaveToStreamEx
HlinkSetSpecialReference
HlinkCreateBrowseContext
HlinkResolveStringForData
HlinkQueryCreateFromData
HlinkGetValueFromParams
HlinkCreateFromString
HlinkCreateFromData
HlinkParseDisplayName
HlinkPreprocessMoniker
HlinkUpdateStackItem
HlinkNavigate
HlinkTranslateURL
HlinkResolveMonikerForData
HlinkCreateFromMoniker
HlinkClone
HlinkIsShortcut

ntmarta

AccRewriteGetHandleRights
AccProvHandleRevokeAccessRights
AccConvertAccessToSecurityDescriptor
AccProvGetCapabilities
AccFreeIndexArray
AccProvHandleIsAccessAudited
AccConvertAccessToSD
AccProvHandleGetAllRights
AccGetAccessForTrustee
AccProvHandleGrantAccessRights
AccRewriteGetExplicitEntriesFromAcl
AccProvHandleSetAccessRights
AccProvRevokeAccessRights
AccProvRevokeAuditRights
AccLookupAccountTrustee
AccProvGrantAccessRights
AccConvertSDToAccess
AccGetExplicitEntries
EventGuidToName
AccConvertAccessMaskToActrlAccess
AccProvIsObjectAccessible
AccProvGetOperationResults
AccProvGetTrusteesAccess
AccProvCancelOperation
AccProvHandleGetAccessInfoPerObjectType
AccRewriteSetHandleRights
AccGetInheritanceSource
AccRewriteSetNamedRights
AccLookupAccountSid
AccTreeResetNamedSecurityInfo
AccProvHandleIsObjectAccessible
EventNameFree
AccRewriteSetEntriesInAcl
AccLookupAccountName
AccSetEntriesInAList
AccConvertAclToAccess
AccProvHandleRevokeAuditRights
AccProvGetAccessInfoPerObjectType
AccRewriteGetNamedRights
AccProvIsAccessAudited

wininet

FtpDeleteFileA
HttpSendRequestW
UnlockUrlCacheEntryFileW
PrivacySetZonePreferenceW
GopherGetLocatorTypeA
FindFirstUrlCacheEntryW
FtpRenameFileA
FtpGetCurrentDirectoryA
InternetOpenW
InternetAlgIdToStringA
InternetFindNextFileW
InternetDialA
InternetDial
DeleteUrlCacheEntryW
ForceNexusLookupExW
InternetSetCookieA
HttpQueryInfoA
InternetSetPerSiteCookieDecisionW
InternetGetLastResponseInfoW
InternetConnectA
InternetGetConnectedStateExA
InternetGetCookieW
ResumeSuspendedDownload
FtpPutFileW
FtpFindFirstFileW
FindCloseUrlCache
InternetSetDialState
InternetGetCookieExA
InternetSetOptionExA
FreeUrlCacheSpaceA
DetectAutoProxyUrl
GopherCreateLocatorW
IsHostInProxyBypassList
InternetSecurityProtocolToStringW
ReadUrlCacheEntryStream
HttpQueryInfoW
InternetWriteFileExW
GetUrlCacheConfigInfoW
InternetClearAllPerSiteCookieDecisions
InternetCheckConnectionW
InternetQueryDataAvailable

samlib

SamTestPrivateFunctionsDomain
SamRemoveMemberFromForeignDomain
SamRemoveMemberFromGroup
SamiSetDSRMPassword
SamSetSecurityObject
SamAddMemberToAlias
SamiSetDSRMPasswordOWF
SamCreateUserInDomain
SamTestPrivateFunctionsUser
SamCreateGroupInDomain
SamGetAliasMembership
SamChangePasswordUser
SamConnectWithCreds
SamiLmChangePasswordUser
SamDeleteGroup
SamRidToSid
SamDeleteAlias
SamQueryInformationDomain
SamShutdownSamServer
SamSetInformationGroup
SamEnumerateDomainsInSamServer
SamGetCompatibilityMode
SamGetMembersInAlias
SamAddMemberToGroup
SamGetMembersInGroup
SamQueryInformationGroup
SamRemoveMultipleMembersFromAlias
SamOpenUser
SamEnumerateGroupsInDomain
SamiOemChangePasswordUser2
SamOpenAlias
SamQueryDisplayInformation
SamChangePasswordUser2
SamCreateUser2InDomain
SamiChangeKeys
SamiEncryptPasswords

msjint40

CchLszOfId2

Sections

.text
Size: 388KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ef7aa27b67083fd06c6f642ed314ef3c

Headers

DLL Characteristics

File Characteristics

Imports

atmlib

user32

kernel32

rasman

cfgmgr32

hhsetup

hlink

ntmarta

wininet

samlib

msjint40

Sections

.text Size: 388KB - Virtual size: 388KB

.rdata Size: 209KB - Virtual size: 209KB

.data Size: 272KB - Virtual size: 1.7MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 388KB - Virtual size: 388KB

.rdata
Size: 209KB - Virtual size: 209KB

.data
Size: 272KB - Virtual size: 1.7MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B