03ee6667555170757d29b5e90fd6c962158da5ee49fcb6435c15ebdefa02d9e4

Sharing

Copy URL Twitter E-mail

General

Target

03ee6667555170757d29b5e90fd6c962158da5ee49fcb6435c15ebdefa02d9e4
Size

306KB
MD5

744d198588d1e75bdc8e60cd19b82a90
SHA1

04aab2c4b58d8d8333383bb1d748e9df39644b6e
SHA256

03ee6667555170757d29b5e90fd6c962158da5ee49fcb6435c15ebdefa02d9e4
SHA512

2e3ec6e43d68534982d0c5e34b2d059dbe169cf9a995c33064de2e9464b80b421cd18ab4d1b297c5da4ad96d59a786494211471088291da22419b86af5cfc3d8
SSDEEP

6144:KwXJ0Pj5FEmnf1wM0kZZRH/XQ+LXH2D+X8B92GGzLE+s8Xr2:jZ0rniMVXQ+LGgzLEDi2

Score

N/A

Malware Config

Signatures

Files

03ee6667555170757d29b5e90fd6c962158da5ee49fcb6435c15ebdefa02d9e4
.exe windows x86

15dd7c244535280e38c9bf636fdd3bac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

InitializeSecurityContextW
SaslGetProfilePackageA
ImportSecurityContextA
SaslIdentifyPackageA
LsaCallAuthenticationPackage
AcquireCredentialsHandleW
TranslateNameA
QuerySecurityContextToken
LsaRegisterLogonProcess
DecryptMessage
QueryContextAttributesW
VerifySignature
SaslInitializeSecurityContextW
SaslIdentifyPackageW

kernel32

SetConsoleMenuClose
SetComputerNameExA
GetFirmwareEnvironmentVariableW
WritePrivateProfileStructW
GlobalAlloc
GetSystemInfo
TransactNamedPipe
BaseUpdateAppcompatCache
FormatMessageA
SetLastError
SetPriorityClass
IsBadHugeWritePtr
GetCPInfo
LoadLibraryW

w32topl

ToplIterAdvance
ToplScheduleCacheCreate
ToplEdgeSetWeight
ToplVertexFree
ToplEdgeCreate
ToplGraphFree
ToplScheduleMerge
ToplVertexSetParent
ToplSetAllocator
ToplDeleteComponents
ToplEdgeGetWeight
ToplHeapIsElementOf
ToplGraphAddVertex
ToplVertexGetId
ToplEdgeInit
ToplDeleteSpanningTreeEdges
ToplScheduleCreate
ToplFree
ToplScheduleImport
ToplEdgeGetFromVertex
ToplListAddElem
ToplScheduleValid
ToplScheduleDuration
ToplGraphNumberOfVertices
ToplScheduleNumEntries

ole32

CreateErrorInfo
CLIPFORMAT_UserSize
CoCreateObjectInContext
ReadStringStream
OleQueryLinkFromData
CoGetObjectContext
HMENU_UserSize
CoMarshalHresult
CLIPFORMAT_UserUnmarshal
HBITMAP_UserSize

mfcsubs

?MakeLower@CString@@QAEXXZ
??0CString@@QAE@PBD@Z
??O@YG_NPBGABVCString@@@Z
??1CString@@QAE@XZ
??O@YG_NABVCString@@PBG@Z
?Lock@CCriticalSection@@QAEHXZ
?FormatMessageW@CString@@QAAXIZZ
??0CSyncObject@@QAE@PBG@Z
??8@YG_NABVCString@@0@Z
??_7CCriticalSection@@6B@
??H@YG?AVCString@@ABV0@D@Z
??4CString@@QAEABV0@PBD@Z
??N@YG_NABVCString@@0@Z
??BCString@@QBEPBGXZ
??8@YG_NABVCString@@PBG@Z
??N@YG_NPBGABVCString@@@Z
?GetAllocLength@CString@@QBEHXZ
??4CString@@QAEABV0@ABV0@@Z
?Lock@CCriticalSection@@UAEHK@Z
??_7CMapStringToPtr@@6B@
?RemoveAll@CMapStringToPtr@@QAEXXZ
?Release@CString@@KGXPAUCStringData@@@Z
?ConcatInPlace@CString@@IAEXHPBG@Z
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
??0CString@@QAE@PBGH@Z
?Create@CPlex@@SGPAU1@AAPAU1@II@Z
?GetBuffer@CString@@QAEPAGH@Z
?HashKey@CMapStringToPtr@@QBEIPBG@Z

perfctrs

CloseNbfPerformanceData
CollectIPXPerformanceData
OpenNbfPerformanceData
CollectNbfPerformanceData
CollectTcpIpPerformanceData
CloseDhcpPerformanceData
OpenNWNBPerformanceData
OpenSPXPerformanceData
OpenDhcpPerformanceData
CloseTcpIpPerformanceData
CloseSPXPerformanceData
CollectSPXPerformanceData
OpenIPXPerformanceData
CloseNWNBPerformanceData
CollectDhcpPerformanceData
CollectNWNBPerformanceData
CloseIPXPerformanceData
OpenTcpIpPerformanceData

winsta

ServerLicensingLoadPolicy
_WinStationAnnoyancePopup
WinStationIsHelpAssistantSession
WinStationQueryUpdateRequired
ServerLicensingGetAvailablePolicyIds
ServerQueryInetConnectorInformationA
WinStationEnumerate_IndexedA
_WinStationBeepOpen
WinStationFreeMemory
WinStationWaitSystemEvent
WinStationShadow
ServerLicensingGetPolicyInformationW
_WinStationReadRegistry
_WinStationNotifyNewSession
WinStationInstallLicense
WinStationGetProcessSid
_NWLogonSetAdmin

ir41_qcx

DllMain
Compress
CompressFramesInfo
CompressBegin
SetScalability
CompressEnd
AllocInstanceData
FreeInstanceData

Sections

.text
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

15dd7c244535280e38c9bf636fdd3bac

Headers

File Characteristics

Imports

secur32

kernel32

w32topl

ole32

mfcsubs

perfctrs

winsta

ir41_qcx

Sections

.text Size: 174KB - Virtual size: 173KB

.rdata Size: 7KB - Virtual size: 16KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 171KB

.rsrc Size: 50KB - Virtual size: 49KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 28KB - Virtual size: 28KB

.text
Size: 174KB - Virtual size: 173KB

.rdata
Size: 7KB - Virtual size: 16KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 171KB

.rsrc
Size: 50KB - Virtual size: 49KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 28KB - Virtual size: 28KB