1b87dffa5e026606b8b1423b78beb82dce71e1f832f3bdd3892dfec3d34af32a

Sharing

Copy URL Twitter E-mail

General

Target

1b87dffa5e026606b8b1423b78beb82dce71e1f832f3bdd3892dfec3d34af32a
Size

295KB
MD5

6e24262ea26fe6d57c942216083bef2e
SHA1

7bbb0c32023801e6b1d3b83989b00f2ad8c9efcb
SHA256

1b87dffa5e026606b8b1423b78beb82dce71e1f832f3bdd3892dfec3d34af32a
SHA512

22df2428da6cf7df875128b4cfd5d56b0d72614506e39a9980a964f471d8d7865bde54683a2ff13c0ddac5772d4998a0fd932bfa8291d84eaa8c35d11c0beaf8
SSDEEP

6144:mSHpwOkpjjoA18Wicl5ULEikHFfTGSvd1xoa5wgeEQtiecOLLEzNU:ZuOkdt/KEHBtDxjHeEQtiecOLwz6

Score

N/A

Malware Config

Signatures

Files

1b87dffa5e026606b8b1423b78beb82dce71e1f832f3bdd3892dfec3d34af32a
.exe windows x86

40aea8a8e970c72e0182de1e856eee48

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertVerifyCertificateChainPolicy
CryptUninstallDefaultContext
CertAddEncodedCTLToStore
CertAlgIdToOID
CryptRegisterOIDFunction
CertAddCTLLinkToStore
CertFindAttribute
I_CryptAllocTls
CertAddEncodedCertificateToSystemStoreA
CertSetStoreProperty
CryptDecodeObjectEx
CryptQueryObject
CertStrToNameW
CertEnumPhysicalStore
CertDuplicateStore
CertAddEnhancedKeyUsageIdentifier
CryptMsgCountersign
CryptMsgControl
CryptImportPublicKeyInfoEx
I_CryptGetFileVersion
CertRegisterSystemStore
CryptProtectData
CertVerifyTimeValidity
CertFindSubjectInCTL
CryptInstallDefaultContext

cfgmgr32

CM_Open_DevNode_Key_Ex
CM_Get_Device_ID_Size_Ex
CM_Query_Remove_SubTree_Ex
CM_Free_Log_Conf
CM_Get_Log_Conf_Priority
CM_Set_HW_Prof_FlagsA
CM_Move_DevNode
CM_Disable_DevNode_Ex
CMP_WaitServicesAvailable
CM_Get_Resource_Conflict_Count
CM_Set_HW_Prof_FlagsW
CM_Register_Device_InterfaceA
CM_Get_Hardware_Profile_Info_ExA
CM_Get_Device_ID_List_Size_ExW
CM_Get_Device_ID_List_ExW
CM_Query_And_Remove_SubTreeW
CM_Locate_DevNode_ExW
CM_Get_Hardware_Profile_InfoA
CM_Merge_Range_List

mpr

WNetGetUserA
I_MprSaveConn
WNetGetDirectoryTypeW
WNetConnectionDialog2
WNetCancelConnection2A
WNetUseConnectionW
WNetGetPropertyTextA
WNetGetConnection3A
WNetDisconnectDialog2
WNetPropertyDialogW
WNetAddConnectionW
WNetUseConnectionA
WNetGetProviderNameA
WNetSetLastErrorA
WNetOpenEnumW
WNetGetProviderTypeW
WNetFormatNetworkNameA
WNetConnectionDialog1A
WNetLogonNotify
WNetEnumResourceA
WNetDirectoryNotifyA
MultinetGetConnectionPerformanceW

mapistub

cmc_free
ScLocalPathFromUNC@12
MAPIOpenFormMgr
cmc_look_up
HrQueryAllRows@24
HrAddColumnsEx@20
MAPIOpenLocalFormContainer@4
BMAPIDetails
ScCountProps@12
FBadRestriction@4
ScMAPIXFromCMC
MNLS_IsBadStringPtrW@8
MAPIAdminProfiles
BMAPIFindNext
CloseIMsgSession@4
FBadRowSet@4
FBadProp@4
HrSzFromEntryID@12
MapStorageSCode@4
ScRelocNotifications@20

kernel32

SetEnvironmentVariableW
DebugSetProcessKillOnExit
GetNamedPipeInfo
BaseDumpAppcompatCache
SetSystemTime
LoadLibraryW
GetTimeFormatW
SleepEx
LZSeek
BaseFlushAppcompatCache
GetPrivateProfileSectionW
SetLastError
MapViewOfFileEx
CreateJobSet
SizeofResource
GetNumberOfConsoleInputEvents
SetHandleInformation
FormatMessageW
OpenEventW
OpenMutexW
GetSystemInfo
SetProcessPriorityBoost
GlobalAlloc
GetFileAttributesA
lstrcatA
WriteConsoleOutputA
IsWow64Process
GetUserGeoID
VerifyVersionInfoW

rtm

CreateTable
CheckTable
MgmRegisterMProtocol
MgmTakeInterfaceOwnership
RtmEnumerateGetNextRoute
RtmFindNextHop
RtmCreateNextHopEnum
MgmReleaseInterfaceOwnership
RtmDeleteRouteList

ufat

?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
??1FILEDIR@@UAE@XZ
?QueryLengthOfChain@FAT@@QBEKKPAK@Z
Format
??1REAL_FAT_SA@@UAE@XZ
?Read@CLUSTER_CHAIN@@UAEEXZ
??1FAT_SA@@UAE@XZ
?QueryLastAccessTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
??0FAT_DIRENT@@QAE@XZ
??0FILEDIR@@QAE@XZ
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
??0ROOTDIR@@QAE@XZ
?QueryNthCluster@FAT@@QBEKKK@Z
??1ROOTDIR@@UAE@XZ

ws2_32

WSAProviderConfigChange
getservbyport
WSASendDisconnect
WSARemoveServiceClass
WSADuplicateSocketW
WSAEnumProtocolsA
gethostbyname
WSAEventSelect
recv
WSAAddressToStringA
WSALookupServiceEnd
WSAAsyncGetServByPort
WSASocketA

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

40aea8a8e970c72e0182de1e856eee48

Headers

File Characteristics

Imports

crypt32

cfgmgr32

mpr

mapistub

kernel32

rtm

ufat

ws2_32

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 4KB - Virtual size: 13KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 13KB - Virtual size: 112KB

.rsrc Size: 51KB - Virtual size: 51KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 25KB - Virtual size: 25KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 4KB - Virtual size: 13KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 13KB - Virtual size: 112KB

.rsrc
Size: 51KB - Virtual size: 51KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 25KB - Virtual size: 25KB