d6bd7c5484586b7843540e4e5388220282a5deb3230d025b18de29270f5f2ebb

Sharing

Copy URL Twitter E-mail

General

Target

d6bd7c5484586b7843540e4e5388220282a5deb3230d025b18de29270f5f2ebb
Size

861KB
MD5

7312b1681aad0c658a8decb5591018b0
SHA1

bf2365408e2b3c5f30f70f41ba073fafbe8edaf7
SHA256

d6bd7c5484586b7843540e4e5388220282a5deb3230d025b18de29270f5f2ebb
SHA512

c95a390f6639f99e31bef8a1fc955c23a1955b2485127e2acc5c1fbf527f553312555b5ab5db631c3c98e0884037016a74b2de0b7cdb1cb4f3b63ea926df3064
SSDEEP

24576:vzKEeXGtj4zaHRQKYfKMGDK04x3R4xQVwjrwEQNfh:v0h+HRVKzV6j8lJ

Score

N/A

Malware Config

Signatures

Files

d6bd7c5484586b7843540e4e5388220282a5deb3230d025b18de29270f5f2ebb
.exe windows x86

ae0718df888d68bf7de81cd171123284

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

untfs

?QueryName@NTFS_ATTRIBUTE_RECORD@@QBEEPAVWSTRING@@@Z
?Initialize@NTFS_REFLECTED_MASTER_FILE_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Read@NTFS_MFT_FILE@@UAEEXZ
?ReadList@NTFS_ATTRIBUTE_LIST@@QAEEXZ
??1NTFS_BITMAP_FILE@@UAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
?Write@NTFS_BITMAP@@QAEEPAVNTFS_ATTRIBUTE@@PAV1@@Z
?Initialize@NTFS_MFT_INFO@@QAEEVBIG_INT@@PAVNTFS_UPCASE_TABLE@@EE_K@Z
?AddExtent@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@00@Z
?Relocate@NTFS_CLUSTER_RUN@@QAEXVBIG_INT@@@Z
??0NTFS_LOG_FILE@@QAE@XZ
?AddSecurityDescriptor@NTFS_FILE_RECORD_SEGMENT@@QAEEW4_CANNED_SECURITY_TYPE@@PAVNTFS_BITMAP@@@Z
??1NTFS_MFT_INFO@@UAE@XZ
?Read@NTFS_SA@@UAEEXZ
??0NTFS_MFT_INFO@@QAE@XZ
?IsDosName@NTFS_SA@@SGEPBU_FILE_NAME@@@Z
??1NTFS_EXTENT_LIST@@UAE@XZ
?GetNextAttributeListEntry@NTFS_ATTRIBUTE_LIST@@QBEPBU_ATTRIBUTE_LIST_ENTRY@@PBU2@@Z
?QueryFileReference@NTFS_INDEX_TREE@@QAEEKPAXKPAU_MFT_SEGMENT_REFERENCE@@PAE@Z
??0NTFS_BAD_CLUSTER_FILE@@QAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
??1NTFS_ATTRIBUTE_DEFINITION_TABLE@@UAE@XZ
?Write@NTFS_FRS_STRUCTURE@@QAEEXZ
??0NTFS_BITMAP_FILE@@QAE@XZ
Extend
?QueryClusterFactor@NTFS_SA@@QBEEXZ
?QueryDefaultClustersPerIndexBuffer@NTFS_SA@@SGKPBVDP_DRIVE@@K@Z
??1NTFS_ATTRIBUTE_LIST@@UAE@XZ
?QueryExtent@NTFS_EXTENT_LIST@@QBEEKPAVBIG_INT@@00@Z
?QueryEntry@NTFS_INDEX_TREE@@QAEEKPAXKPAPAU_INDEX_ENTRY@@PAPAVNTFS_INDEX_BUFFER@@PAE@Z
??1NTFS_UPCASE_TABLE@@UAE@XZ
?ResetIterator@NTFS_INDEX_TREE@@QAEXXZ
?CompareDupInfo@NTFS_MFT_INFO@@SGEPAXPAU_FILE_NAME@@@Z
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
Recover
??0NTFS_BITMAP@@QAE@XZ
FormatEx
Chkdsk
?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
?CompareFileName@NTFS_MFT_INFO@@SGEPAXKPAU_FILE_NAME@@PAG@Z
??1NTFS_ATTRIBUTE_RECORD@@UAE@XZ
?Initialize@NTFS_UPCASE_TABLE@@QAEEPAVNTFS_ATTRIBUTE@@@Z
?QueryAttributeByOrdinal@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKK@Z
?QueryFlags@NTFS_MFT_INFO@@SGEPAXG@Z

cmutil

?GetSection@CIniA@@QBEPBDXZ
?Init@CRandom@@QAEXK@Z
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
CmLoadIconW
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
?SetReadICSData@CIniW@@QAEXH@Z
??_FCIniA@@QAEXXZ
?Clear@CmLogFile@@QAEXH@Z
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
SzToWz
?SetFile@CIniW@@QAEXPBG@Z
??_FCIniW@@QAEXXZ
MakeBold
??1CIniA@@QAE@XZ
GetOSMajorVersion
CmStrTrimW
?GetLogFilePath@CmLogFile@@QAEPBGXZ
CmStrtokW
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
GetOSVersion
CmStrchrA
GetOSBuildNumber
CmStrtokA
?GPPB@CIniW@@QBEHPBG0H@Z
?SetICSDataPath@CIniW@@QAEXPBG@Z
?Start@CmLogFile@@QAEJH@Z
?DeInit@CmLogFile@@QAEJXZ
?LoadSection@CIniW@@QBEPAGPBG@Z
CmStrchrW
?SetEntry@CIniA@@QAEXPBD@Z
??4CIniW@@QAEAAV0@ABV0@@Z
??0CmLogFile@@QAE@XZ
CmLoadStringW
?CIni_SetFile@CIniA@@KGXPAPADPBD@Z
CmAtolW

ole32

HACCEL_UserFree
ReadClassStm
CoInstall
CoGetObject
OleUninitialize
HWND_UserFree
HWND_UserUnmarshal
CoUnmarshalInterface
HDC_UserSize
CoGetCallContext
CoMarshalInterThreadInterfaceInStream
CreateDataCache
CoPushServiceDomain
CoPopServiceDomain
HMETAFILE_UserFree
HACCEL_UserUnmarshal
CoGetComCatalog
CoFreeUnusedLibraries
OleInitializeWOW
StgCreateStorageEx
GetRunningObjectTable
OleLoadFromStream
StringFromCLSID
OleSaveToStream
SNB_UserSize
CoResumeClassObjects
StgCreateDocfile
OleQueryCreateFromData
OleCreateDefaultHandler
UtGetDvtd32Info

kernel32

CreateEventA
CreateMutexW
GlobalCompact
ExpungeConsoleCommandHistoryA
ExpandEnvironmentStringsW
SetThreadIdealProcessor
GetWriteWatch
GetProfileStringW
WriteConsoleInputVDMA
DefineDosDeviceA
Heap32ListFirst
GetVolumePathNamesForVolumeNameA
VirtualAlloc
GetTimeZoneInformation
BackupRead
GetSystemWindowsDirectoryA
GetDriveTypeW
EnumDateFormatsExA
BackupWrite
WaitForMultipleObjects
PrivCopyFileExW
EnumResourceNamesW
DisconnectNamedPipe
OpenFileMappingA
lstrcmpiW
FindFirstFileA
GetConsoleTitleW
SetConsoleTitleA
IsSystemResumeAutomatic
EnumDateFormatsA
SetCurrentDirectoryW
AddAtomW
GetPrivateProfileSectionA
GetLogicalDriveStringsW
CreateTimerQueue
SetLocalPrimaryComputerNameA
lstrcpyn
GlobalFlags
CreateMemoryResourceNotification
GetConsoleDisplayMode
InitializeCriticalSectionAndSpinCount
FindFirstFileW
OpenFileMappingW
CompareStringW
FindResourceExW
SetCalendarInfoA
GetConsoleAliasExesLengthA
SetTimerQueueTimer
GetSystemTimeAsFileTime
HeapLock
SetEndOfFile
SetLocaleInfoA
GetStringTypeW
AddConsoleAliasA
GetStdHandle
LocalUnlock
GetFileTime
TransactNamedPipe
ReadConsoleOutputCharacterA
GetPrivateProfileStructA
ResetWriteWatch
EnumLanguageGroupLocalesW
FindAtomA
GetModuleHandleA
FindAtomW
VirtualQuery
ReplaceFile
IsWow64Process
GetTickCount
LoadLibraryA
SetConsoleInputExeNameA
SetProcessAffinityMask
HeapReAlloc
WriteConsoleOutputAttribute
WriteConsoleOutputCharacterW
GetExitCodeProcess
CreateThread
GetComPlusPackageInstallStatus
EnumSystemLanguageGroupsA
TryEnterCriticalSection
lstrcpynW
MapUserPhysicalPages
HeapQueryInformation
ReadFile
GetLocaleInfoA
FreeEnvironmentStringsW
SearchPathW
ReadConsoleInputA
SetLastError
ReleaseMutex
LocalFree
GetUserDefaultLangID
CreateJobObjectA
BaseInitAppcompatCacheSupport
GetConsoleCommandHistoryA
GetStringTypeExW
GetCPInfoExW
SetEnvironmentVariableW
EnumSystemCodePagesW
IsBadCodePtr
GetNextVDMCommand
OpenProcess
GetVolumeNameForVolumeMountPointW
SetFileAttributesW
CreateFiberEx
QueryDepthSList
QueueUserWorkItem
RegisterConsoleOS2
WriteProfileStringA
HeapSize
MoveFileWithProgressA
GetConsoleFontInfo

setupapi

CM_Get_Resource_Conflict_DetailsW
CM_Add_Res_Des
pSetupOpenAndMapFileForRead
SetupDiGetDeviceInterfaceDetailA
CM_Get_DevNode_Custom_Property_ExA
SetupSetDirectoryIdW
SetupDiLoadClassIcon
SetupAddToDiskSpaceListA
CM_Get_Class_Name_ExA
pSetupWriteLogEntry
SetupGetFieldCount
SetupPrepareQueueForRestoreA
SetupDiRegisterDeviceInfo
CM_Free_Range_List
pSetupRegistryDelnode
CM_Get_Child_Ex
SetupDiRegisterCoDeviceInstallers
CM_Set_DevNode_Registry_PropertyW
CM_Reenumerate_DevNode_Ex
CM_Set_DevNode_Registry_PropertyA
SetupQueueDefaultCopyA
SetupDiCallClassInstaller
CM_Unregister_Device_InterfaceA
SetupQueueCopySectionW
CM_Get_Device_ID_List_SizeA
SetupOpenInfFileW
SetupDiSetSelectedDevice
CM_Set_DevNode_Registry_Property_ExA
SetupDiGetWizardPage
CM_Create_DevNodeW
SetupDiInstallDeviceInterfaces
SetupQueryInfFileInformationA
SetupDiClassGuidsFromNameW
CM_Get_Hardware_Profile_Info_ExW
SetupDiGetClassDevsExA
SetupRemoveFromDiskSpaceListA
CM_Enumerate_Classes
CM_Create_DevNode_ExA
CM_Next_Range
CM_Get_First_Log_Conf_Ex
SetupLogFileW
CM_Register_Device_InterfaceA
SetupDiCreateDeviceInterfaceW
SetupDiDestroyDriverInfoList
pSetupEnablePrivilege

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae0718df888d68bf7de81cd171123284

Headers

DLL Characteristics

File Characteristics

Imports

untfs

cmutil

ole32

kernel32

setupapi

Sections

.text Size: 379KB - Virtual size: 379KB

.rdata Size: 199KB - Virtual size: 199KB

.data Size: 280KB - Virtual size: 1.7MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 379KB - Virtual size: 379KB

.rdata
Size: 199KB - Virtual size: 199KB

.data
Size: 280KB - Virtual size: 1.7MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B