bcfaaacfb15ed5b64bd634fd0186b897ac462093bb9582b27b9ad284bb5f8895

Sharing

Copy URL Twitter E-mail

General

Target

bcfaaacfb15ed5b64bd634fd0186b897ac462093bb9582b27b9ad284bb5f8895
Size

220KB
MD5

086002352d2e8379d4370eb2760e3da0
SHA1

f0817c33b7a5f570d117105826d58f9aff6ed8a8
SHA256

bcfaaacfb15ed5b64bd634fd0186b897ac462093bb9582b27b9ad284bb5f8895
SHA512

2f4d76114a391fbd282ccefca416b2dbc74b92ec84c0fb3dac1a42ab9324e997b30ed1f26ad4957177260883ad446a8e0517285a39ecedf476dc2b08e73974b4
SSDEEP

6144:Ok2nKcu8VQPJ6SeTQySApf9tBDeZrU8ZjQ:OvnFuTovQKleFU8

Score

N/A

Malware Config

Signatures

Files

bcfaaacfb15ed5b64bd634fd0186b897ac462093bb9582b27b9ad284bb5f8895
.dll windows x86

6a578ccf4836a9a6461dc5cf54f4868d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

msvcrt

setlocale
wcschr
_mbsnextc
_wcsicmp
towlower
_ultoa
strtoul
_mbsnbicmp
_mbsstr
sprintf
_ismbcdigit
sscanf
_except_handler3
strchr
_ismbcalpha
atoi
_mbslen
_mbsnicmp
__lconv_init
_adjust_fdiv
malloc
_initterm
free
_mbsdec
_ismbblead
_mbsinc
_mbsrchr
_mbschr
memmove
iswctype
_ismbcspace
_mbsncmp
wcscspn
wcslen
_mbsicmp

kernel32

FindResourceA
LoadResource
CloseHandle
HeapFree
GetCurrentProcess
GetACP
GetVersion
GetFileAttributesA
LoadLibraryA
GetWindowsDirectoryA
GetEnvironmentVariableA
GetProcAddress
GetSystemDirectoryA
GetDriveTypeA
GetLogicalDriveStringsA
ReadFile
GetDiskFreeSpaceA
GetModuleHandleA
GetPrivateProfileStringA
GetLastError
FreeLibrary
DeleteFileA
GetExitCodeProcess
WaitForSingleObject
LockResource
SizeofResource
FreeResource
UpdateResourceA
EndUpdateResourceA
GetTempPathA
BeginUpdateResourceA
SetLastError
CreateFileA
LoadLibraryExA
EnumResourceNamesA
CopyFileA
SetFileAttributesA
SearchPathA
SetErrorMode
FindFirstFileA
FindClose
FormatMessageA
LocalFree
IsDBCSLeadByte
HeapReAlloc
HeapAlloc
ExitProcess
DebugBreak
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcessHeap
GetVersionExA
InitializeCriticalSection
CreateProcessA
CreateEventA
SetFilePointer
CreateDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GetFileSize
FindNextFileA
RemoveDirectoryA

user32

CharLowerA
wsprintfA
CharLowerBuffA
CharLowerW
MessageBoxA

advapi32

RegQueryValueExA
GetUserNameA
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegCloseKey
RegOpenKeyExA
RegEnumKeyA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc

ole32

CoInitialize
CoUninitialize

log

LogIfA
LogBegin
LogA
LogEnd
LogReInitA

migism

IsmEnumFirstDestinationObjectEx
IsmIsObjectAbandonedOnCollision
IsmSetOperationOnObjectId
IsmFilterObject
IsmIsApplyObjectId
IsmRegisterProgressSlice
IsmGetObjectsStatistics
IsmClearApplyOnObject
IsmIsComponentSelected
TrackedIsmGetMemory
IsmIsObjectHandleNodeOnly
IsmSetEnvironmentFlag
IsmGetPropertyData
IsmGetPropertyFromObject
IsmRegisterOperationApplyCallback
IsmRegisterOperationFilterCallback
IsmRegisterGlobalFilterCallback
IsmRegisterGlobalApplyCallback
IsmReplacePhysicalObject
IsmParsedPatternMatch
IsmRegisterRestoreCallback
IsmGetOsVersionInfo
TrackedIsmDuplicateString
IsmSelectPreferredAlias
IsmAddComponentAlias
IsmDoesObjectExist
IsmDeleteEnvironmentVariable
IsmRegisterPhysicalAcquireHook
IsmAddToPhysicalEnum
IsmProhibitPhysicalEnum
IsmClearOperationOnObject
IsmGetCurrentSidString
IsmGetTempDirectory
IsmAbortObjectEnum
TrackedIsmGetNativeObjectName
IsmExecuteFunction
IsmConvertMultiSzToObject
IsmGetEnvironmentMultiSz
IsmSendMessageToApp
IsmCreateUser
IsmGetMappedUserData
IsmGetEnvironmentString
IsmMakeApplyObjectId
IsmSetOperationOnObjectId2
IsmIsAttributeSetOnObjectId
IsmMakePersistentObjectId
IsmSetAttributeOnObjectId
IsmMakePersistentObject
IsmAddPropertyToObject
IsmSetOperationOnObject
IsmMakeApplyObject
TrackedIsmExpandEnvironmentString
IsmReleaseMemory
IsmGetObjectIdFromName
IsmClearPersistenceOnObject
IsmEnumFirstSourceObjectEx
IsmEnumNextObject
IsmSetAttributeOnObject
IsmClearAbandonObjectOnCollision
IsmAbandonObjectOnCollision
IsmRegisterOperationData
IsmAppendEnvironmentString
IsmRegisterTypePostEnumerationCallback
IsmRegisterOperation
IsmRegisterProperty
IsmGetEnvironmentValue
IsmEnumFirstComponent
IsmAbortComponentEnum
IsmEnumNextComponent
TrackedIsmCreateSimpleObjectPattern
TrackedIsmCreateObjectStringsFromHandleEx
IsmDestroyObjectString
IsmTickProgressBar
IsmHookEnumeration
IsmIsObjectHandleLeafOnly
TrackedIsmCreateObjectPattern
IsmQueueEnumeration
IsmGetTransportVariable
IsmIsEnvironmentFlagSet
IsmSetCancel
IsmSetEnvironmentString
IsmSetTransportVariable
TrackedIsmCreateObjectHandle
IsmAcquireObjectEx
IsmReleaseObject
IsmDestroyObjectHandle
IsmRegisterAttribute
IsmGetObjectTypeId
IsmGetRealPlatform
TrackedIsmGetLongName

rpcrt4

UuidFromStringA
UuidToStringA
RpcStringFreeA
UuidCreate

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupGetIntField
SetupGetMultiSzFieldA
SetupGetLineTextA
SetupFindFirstLineA
SetupGetStringFieldA
SetupFindNextLine
SetupCloseInfFile
SetupOpenInfFileA
SetupOpenAppendInfFileA

Exports

Exports

DestinationModule
DllMain
ModuleInitialize
ModuleTerminate
SourceModule
TypeModule
VirtualComputerModule

Sections

.text
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6a578ccf4836a9a6461dc5cf54f4868d

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

ole32

log

migism

rpcrt4

version

setupapi

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 140KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 9KB - Virtual size: 9KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 140KB - Virtual size: 140KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 9KB - Virtual size: 9KB

.rmnet
Size: 56KB - Virtual size: 60KB