5ea16eaaa9ba9fa18a1269121d97fc29021200f28a4c8a7aeddff4725b8f604f

Sharing

Copy URL Twitter E-mail

General

Target

5ea16eaaa9ba9fa18a1269121d97fc29021200f28a4c8a7aeddff4725b8f604f
Size

869KB
MD5

68cd7e63d73fe729f1376f2300823745
SHA1

0dba5577bbb96664d904dbf19259441a0efc2401
SHA256

5ea16eaaa9ba9fa18a1269121d97fc29021200f28a4c8a7aeddff4725b8f604f
SHA512

a9d8e4f4644259717d06a2a65ca39cd1f83a9e7a16cc0a2881f7df7ca22936962e99ecdc15a88af42add91dcc094d5f3c3744082e77306e51995d82b9d74fc16
SSDEEP

24576:FfchAhGBA8zyHw83xfcThWdAV5mOq++tE4lhCJUFFU:FfchA4L49xfmhW45U5lXF

Score

N/A

Malware Config

Signatures

Files

5ea16eaaa9ba9fa18a1269121d97fc29021200f28a4c8a7aeddff4725b8f604f
.exe windows x86

58e1719d2d595ad3a3ada1057a22a7fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

untfs

?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z
??0NTFS_UPCASE_TABLE@@QAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
?QueryFileSizes@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVBIG_INT@@0PAE@Z
Extend
?QueryExtentList@NTFS_ATTRIBUTE_RECORD@@QBEEPAVNTFS_EXTENT_LIST@@@Z
?SafeQueryAttribute@NTFS_FRS_STRUCTURE@@QAEEKPAVNTFS_ATTRIBUTE@@0@Z
??0NTFS_CLUSTER_RUN@@QAE@XZ
?Relocate@NTFS_CLUSTER_RUN@@QAEXVBIG_INT@@@Z
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
FormatEx
??0NTFS_SA@@QAE@XZ
Format
?Initialize@NTFS_UPCASE_TABLE@@QAEEPAVNTFS_ATTRIBUTE@@@Z
?Read@NTFS_SA@@QAEEPAVMESSAGE@@@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
??1NTFS_CLUSTER_RUN@@UAE@XZ
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
??0NTFS_BITMAP_FILE@@QAE@XZ
?QueryName@NTFS_ATTRIBUTE_RECORD@@QBEEPAVWSTRING@@@Z
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
?CompareDupInfo@NTFS_MFT_INFO@@SGEPAXPAU_FILE_NAME@@@Z
?InsertEntry@NTFS_INDEX_TREE@@QAEEKPAXU_MFT_SEGMENT_REFERENCE@@E@Z
??1NTFS_UPCASE_FILE@@UAE@XZ
?IsAttributePresent@NTFS_FILE_RECORD_SEGMENT@@QAEEKPBVWSTRING@@E@Z
?QueryDefaultClustersPerIndexBuffer@NTFS_SA@@SGKPBVDP_DRIVE@@K@Z
?ReadList@NTFS_ATTRIBUTE_LIST@@QAEEXZ
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
??0NTFS_FRS_STRUCTURE@@QAE@XZ
??1NTFS_EXTENT_LIST@@UAE@XZ
?QueryVolumeFlagsAndLabel@NTFS_SA@@QAEGPAE00PAVWSTRING@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ
??0NTFS_BITMAP@@QAE@XZ
?Write@NTFS_ATTRIBUTE@@UAEEPBXVBIG_INT@@KPAKPAVNTFS_BITMAP@@@Z
??0NTFS_MFT_FILE@@QAE@XZ
?GetNextAttributeRecord@NTFS_FRS_STRUCTURE@@QAEPAXPBXPAVMESSAGE@@PAE@Z

ntdll

ZwWriteRequestData
DbgUiIssueRemoteBreakin
_lfind
RtlDecompressBuffer
_snwprintf
RtlQueryDepthSList
RtlCompareMemory
RtlSetThreadIsCritical
NtSetIoCompletion
NtCreateKey
CsrClientConnectToServer
_alldvrm
NtSetDebugFilterState
ZwQueryVirtualMemory
DbgUiStopDebugging
NtQueryObject
RtlInitializeGenericTableAvl
ZwCreateNamedPipeFile
ZwTraceEvent
RtlTraceDatabaseEnumerate
ispunct
RtlFindMostSignificantBit
RtlxUnicodeStringToOemSize
NtEnumerateKey
RtlNewSecurityObject
RtlZombifyActivationContext
RtlUlonglongByteSwap
DbgQueryDebugFilterState
RtlMakeSelfRelativeSD
RtlMultiByteToUnicodeSize
NtAddBootEntry
fabs
_itow
RtlUpdateTimer
NtSaveKeyEx
NtFreeVirtualMemory
NtFlushKey
RtlFormatMessage
RtlOemStringToUnicodeSize
NtMapViewOfSection

query

??0CEventLog@@QAE@PBG0@Z
?Remove@CWorkQueue@@QAEXPAVPWorkItem@@@Z
??1CProcess@@QAE@XZ
?Copy@CDbProp@@QAEHABUtagDBPROP@@@Z
??1CPidRemapper@@QAE@XZ
??1CPropStoreManager@@QAE@XZ
??1CPropertyList@@UAE@XZ
??1CMetaDataMgr@@QAE@XZ
?GetLCIDFromString@@YGKPAG@Z
?InitIterator@CPropertyList@@UAEXXZ
?_FindGroupListAnchor@CDbNestingNode@@AAEPAVCDbProjectListAnchor@@XZ
?CheckError@CPropListFile@@QAEJAAKPAPAG@Z
??0CDbNatLangRestriction@@QAE@PBGABVCDbColumnNode@@K@Z
??0CFwEventItem@@QAE@GKGKPAX@Z
?RemoveFirstChild@CDbCmdTreeNode@@IAEPAV1@XZ
?ReadProperty@CPropStoreManager@@QAEHKKPAUtagPROPVARIANT@@PAI@Z
?GetDouble@CMemDeSerStream@@UAENXZ
?SkipUShort@CMemDeSerStream@@UAEXXZ
SetupCacheEx
?SetUI1@CStorageVariant@@QAEXEI@Z
?Find@CStaticPropertyList@@UAEPBVCPropEntry@@PBG@Z
?Read@CDynStream@@QAEKPAXK@Z
?Recognize@CDFA@@QAEEPBG@Z
?Remove@CDbSortSet@@QAEXI@Z
?WritePrimaryProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
??0CPerfMon@@QAE@PBG@Z
??1CNatLanguageRestriction@@QAE@XZ
?SetR4@CStorageVariant@@QAEXMI@Z
?AllocHeapAndGetWString@@YGPAGAAVPDeSerStream@@@Z
??0CDbContentRestriction@@QAE@PBGABUtagDBID@@KK@Z
?GetWeight@CDbCmdTreeNode@@QBEJXZ
?DisableVPathNotify@CMetaDataMgr@@QAEXXZ
?SetLPWSTR@CStorageVariant@@QAEXPBGI@Z
?GetVPathAccess@CMetaDataMgr@@QAEKPBG@Z
??1CDbSortKey@@QAE@XZ
??0CAllocStorageVariant@@QAE@AAVPDeSerStream@@AAVPMemoryAllocator@@@Z
?GetBOOL@CAllocStorageVariant@@QBEFI@Z
?VT_VARIANT_NE@@YGHABUtagPROPVARIANT@@0@Z
?ChangeCurrentScope@CCatState@@QAEXPBG@Z
??1CColumns@@QAE@XZ
?AddChild@CNodeRestriction@@QAEXPAVCRestriction@@AAI@Z
?GetPropInfoFromId@CEmptyPropertyList@@UAGJPBUtagDBID@@PAPAGPAGPAI@Z
?AcqLine@CQueryScanner@@QAEPAGH@Z

kernel32

GetDiskFreeSpaceW
GetTimeZoneInformation
LCMapStringA
GetFileType
GetProfileSectionW
CreateFileW
IsWow64Process
LoadLibraryA
CreateFileA
GetLongPathNameA
HeapCreate
AddRefActCtx
GetConsoleProcessList
LZOpenFileA
FindFirstVolumeMountPointA
GetCurrentConsoleFont
GetModuleHandleExW
QueryPerformanceFrequency
GetGeoInfoW
SetFileApisToANSI
WriteProfileStringW
SetSystemTime
LZInit
GetSystemTimeAsFileTime
InterlockedFlushSList
GetBinaryType
SearchPathA
RegisterWowExec
DeleteTimerQueueEx
GetFullPathNameW
GetThreadLocale
_hwrite
HeapWalk
GetLocaleInfoA
GlobalHandle
SetVolumeLabelA
LoadLibraryExA
WaitForSingleObject
DeviceIoControl
DeleteAtom
CreateMemoryResourceNotification
VirtualAlloc
EnumTimeFormatsW
ResetWriteWatch
SetSystemTimeAdjustment
MapViewOfFileEx

atl

AtlAxGetControl
DllGetClassObject
AtlModuleAddTermFunc
AtlComQIPtrAssign
AtlModuleGetClassObject
AtlModuleRegisterClassObjects
AtlInternalQueryInterface
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxGetHost
AtlAdvise
AtlModuleUnregisterServer
AtlSetErrorInfo
AtlGetVersion
AtlModuleInit
AtlModuleTerm
AtlCreateTargetDC
AtlFreeMarshalStream
AtlRegisterClassCategoriesHelper
AtlIPersistPropertyBag_Save
AtlModuleRegisterWndClassInfoW
AtlModuleRevokeClassObjects
AtlIPersistPropertyBag_Load
AtlAxCreateControl
AtlAxDialogBoxW
AtlAxCreateDialogA
AtlModuleRegisterWndClassInfoA
AtlModuleUnRegisterTypeLib
AtlModuleRegisterServer
AtlModuleAddCreateWndData
AtlAxAttachControl
AtlGetObjectSourceInterface
AtlIPersistStreamInit_Save
AtlModuleLoadTypeLib
AtlPixelToHiMetric
AtlUnmarshalPtr
AtlModuleUnregisterServerEx
AtlAxWinInit

dswave

DllGetClassObject

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 222KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58e1719d2d595ad3a3ada1057a22a7fa

Headers

DLL Characteristics

File Characteristics

Imports

untfs

ntdll

query

kernel32

atl

dswave

Sections

.text Size: 306KB - Virtual size: 306KB

.rdata Size: 337KB - Virtual size: 337KB

.data Size: 222KB - Virtual size: 1.6MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 306KB - Virtual size: 306KB

.rdata
Size: 337KB - Virtual size: 337KB

.data
Size: 222KB - Virtual size: 1.6MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B