11456872d2e1d5d645fb3f10a6d722e1e18e6b9c4b37035725fc2560221d8f27

Sharing

Copy URL Twitter E-mail

General

Target

11456872d2e1d5d645fb3f10a6d722e1e18e6b9c4b37035725fc2560221d8f27
Size

4.0MB
MD5

667a76ad75cb477cfa42e377f49daf3b
SHA1

8142c1813f6d8a4c8f689cc0656cff635788a5b2
SHA256

11456872d2e1d5d645fb3f10a6d722e1e18e6b9c4b37035725fc2560221d8f27
SHA512

4c5ca89c6060d713712c9bc2a119aac660beea77767089fc36ecc4259fc98aaa2ea731f1d00897bee118e861c93101b74518a6752881961a08b5c3017695c239
SSDEEP

49152:jzs2zfFhubDD7vmkjUo1x7TQ237U67C4kde3McIt3LxNg5PIYg:jzVFhu/DbxUe7TQ237UeCzLxNg5PI

Score

N/A

Malware Config

Signatures

Files

11456872d2e1d5d645fb3f10a6d722e1e18e6b9c4b37035725fc2560221d8f27
.exe windows x86

b765f8c546416913f8900a1c16b0a9a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcServerInqBindings
RpcMgmtStopServerListening
RpcRevertToSelf
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcNetworkIsProtseqValidW
UuidToStringW
RpcStringBindingComposeW
RpcStringFreeW
RpcImpersonateClient
RpcStringFreeA
RpcStringBindingComposeA
RpcStringBindingParseA
RpcBindingVectorFree
RpcEpRegisterA
RpcBindingToStringBindingA
RpcServerListen
RpcServerRegisterIf
RpcServerRegisterAuthInfoA
RpcProtseqVectorFreeA
RpcServerUseProtseqA
RpcServerUseProtseqEpA
RpcNetworkInqProtseqsA
RpcEpUnregister
RpcSmDestroyClientContext
RpcMgmtSetCancelTimeout
RpcCancelThread
RpcRaiseException
RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingFromStringBindingA
NdrClientCall2
NdrServerCall2
RpcNetworkIsProtseqValidA

wsock32

closesocket
bind
WSACleanup
gethostbyaddr
WSAGetLastError
shutdown
WSAStartup
gethostbyname
listen
getsockopt
setsockopt
inet_ntoa
htons

ws2_32

WSASocketA
WSAEventSelect
WSACloseEvent
WSAStringToAddressA
WSAAccept
WSAConnect
WSAEnumNetworkEvents
WSARecv
WSACreateEvent
WSASend

ole32

StgCreateDocfileOnILockBytes
GetHGlobalFromStream
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoInitializeEx
GetHGlobalFromILockBytes
CoCreateInstance

escprint

ord2
ord3

address

EcDnaToLpwstrA
EcFreeFlora
EcAllocFlora
EcAsciiDnaToDN
EcFreeDna
EcReplaceAlloc
EcIsOneOffA
EcFloraToLpstr
EcLpwstrToFloraA
EcPrintableFloraToORName
EcLpwstrToDnaA
EcFreeLpwstr

mapi32

ord17
ord15
ord76
ord33
ord34
ord151
ord135
ord13
ord198
ord137
ord75
ord136

gapi32

?SzDecode@CONV@@QAGPADPADKPBDPAK2@Z
?GetLastError@CONV@@QAGKXZ
?FRegEncodeProc@CONV@@QAGHGPAGP6GKPBDPAKPADK2@Z1@Z
?NGetDecodeProcNum@CONV@@QAGHXZ
?NGetDecodeProcList@CONV@@QAGHPAUDEODEPROCLISTtag@@H@Z
?ResetEncodingStatus@CONV@@QAGXXZ
?ResetDecodingStatus@CONV@@QAGXXZ
?FRegDecodeProcEx@CONV@@QAGHGPBDP6GH0K@ZP6GK00PAKPADK2@Z0@Z
?SzEncode@CONV@@QAGPADPADKPBDPAK2@Z
??1CONV@@QAE@XZ
UlDecodeJISX0208_1978@24
UlDecodeJISX0208_1983@24
UlDecodeJISX0208_NEC@24
UlDecodeJISX0201_1976@24
UlDecodeHZ_ASCII@24
UlDecodeEUC_JIS@24
FEucCodeE@8
FEucCodeS@8
UlDecodeTerminator@24
FSJISCode@8
UlDecodeKSC5601_1987@24
UlDecodeEUC_KR@24
FTerminatorCode@8
UlDecodeHZ_GB2312@24
UlEncodeJISX0208_1983@20
UlEncodeJISX0201_1976@20
UlEncodeJISX0201R_1976@20
UlEncodeJISX0201K_1976@20
UlEncodeJISX0208S_1983@20
UlEncodeEUC_JIS@20
UlEncodeEUC_KR@20
UlEncodeKSC5601_1987@20
UlEncodeHZ_GB2312@20
??2PUNCT@@SGPAXI@Z
??0PUNCT@@QAE@XZ
??0CONV@@QAE@XZ
??3PUNCT@@SGXPAX@Z
??1PUNCT@@QAE@XZ
?SzAlign@CHAROP@@QAGPADPBD0@Z
?IWordBreakProc@PUNCT@@QAGHPBDHHH@Z
?UsSetBreakOption@PUNCT@@QAGGG@Z
?UsGetBreakOption@PUNCT@@QAGGXZ
?UlSetLang@LANG@@QAGKGG@Z

exchmem

free
ExchHeapSize
ExchHeapFree
ExchHeapReAlloc
ExchHeapCompact
ExchHeapAlloc
ExchHeapDestroy
ExchHeapCreate
_strdup
malloc

dsaccess

ord41
ord2
ord1
ord3
ord25
ord30
ord10
ord4
ord8
ord28

mtaroute

ord7
ord8
ord2
ord3
ord4
ord1
ord6

reapi

ord78
ord30
ord29

mtaaqsvr

InitializeMtaQAdminRpc
TerminateMtaQAdminRpc

pttrace

_FlushAsyncTrace@0
_InitAsyncTrace@0
_AsyncStringTrace@12
_SetAsyncTraceParamsEx@20
__dwEnabledTraces
_TermAsyncTrace@0

kernel32

InterlockedIncrement
MoveFileA
FindNextFileA
DeleteFileA
FindClose
CreateDirectoryA
WriteFile
CreateFileA
FlushFileBuffers
GetTimeZoneInformation
GetProfileStringA
FindFirstFileA
lstrlenA
lstrlenW
ReleaseMutex
ExitProcess
CreateSemaphoreA
CreateMutexA
QueryPerformanceFrequency
GetCurrentProcess
GetVersionExA
UnmapViewOfFile
VirtualAlloc
CreateFileMappingA
MapViewOfFile
OpenFileMappingA
ResetEvent
SetProcessWorkingSetSize
SetCurrentDirectoryA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetModuleHandleA
TerminateProcess
IsBadCodePtr
IsDBCSLeadByteEx
FreeLibrary
GetACP
GetStringTypeW
CreateMutexW
CreateEventW
GetComputerNameW
lstrcatW
ReadFile
CreateThread
ReleaseSemaphore
SetFileTime
GetCurrentProcessId
LoadLibraryA
GetProcAddress
GetFullPathNameA
GetDiskFreeSpaceA
MulDiv
GetFileAttributesA
SetEndOfFile
SetFilePointer
ExitThread
DuplicateHandle
CreateEventA
SetEvent
GetComputerNameA
WaitForSingleObject
GlobalSize
LocalFileTimeToFileTime
TlsAlloc
GlobalAlloc
InterlockedDecrement
WaitForMultipleObjects
GetTickCount
GlobalFree
lstrcatA
lstrcpyA
IsBadReadPtr
lstrcmpiA
IsValidCodePage
IsBadWritePtr
LocalFree
SetLastError
SystemTimeToFileTime
CompareFileTime
LocalAlloc
FileTimeToSystemTime
MultiByteToWideChar
TlsGetValue
GetCurrentThreadId
TlsSetValue
CloseHandle
GetCurrentThread
GetLastError
GetLocalTime
WideCharToMultiByte
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
HeapAlloc
GetProcessHeap
DeleteCriticalSection
RaiseException
HeapWalk
GetProcessHeaps
GetSystemTime
Sleep
GetFileSize

user32

wsprintfW
wsprintfA

advapi32

MakeAbsoluteSD
AccessCheck
EqualSid
CryptDecrypt
CryptImportKey
CryptAcquireContextW
CryptGetUserKey
CryptDestroyKey
CryptReleaseContext
RegOpenKeyExW
RegEnumValueW
RegQueryValueExW
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegNotifyChangeKeyValue
SetServiceStatus
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
DeregisterEventSource
GetTokenInformation
AccessCheckByType
LookupAccountSidA
RegisterEventSourceA
ReportEventA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
AllocateAndInitializeSid
IsValidSecurityDescriptor
OpenThreadToken
FreeSid

msvcrt

_controlfp
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit
wcschr
iswdigit
_wcsicmp
iswspace
_purecall
wcscpy
wcslen
wcsncmp
sprintf
getc
fscanf
_stricmp
fputc
fprintf
fopen
fclose
memmove
strchr
_strnicmp
strstr
strncpy
_errno
_itoa
fread
_iob
strcspn
fflush
printf
sscanf
strncmp
atoi
_ltoa
atol
_wcsnicmp
strtok
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
isspace
isdigit
toupper
ctime
time
wcscat
_strupr
rand
_strlwr
isalnum
wcsncpy
wcscmp
_ultoa
_tempnam
signal
strrchr
memchr
strspn
swscanf
_memicmp
_snprintf
_snwprintf
strpbrk
_mbclen

oleaut32

SysStringByteLen
SysFreeString

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 541KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 89B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: 540KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b765f8c546416913f8900a1c16b0a9a0

Headers

File Characteristics

Imports

rpcrt4

wsock32

ws2_32

ole32

escprint

address

mapi32

gapi32

exchmem

dsaccess

mtaroute

reapi

mtaaqsvr

pttrace

kernel32

user32

advapi32

msvcrt

oleaut32

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.data Size: 541KB - Virtual size: 2.0MB

.tls Size: 512B - Virtual size: 89B

.rsrc Size: 1KB - Virtual size: 1KB

.vmp1 Size: 540KB - Virtual size: 1.6MB

.text
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 541KB - Virtual size: 2.0MB

.tls
Size: 512B - Virtual size: 89B

.rsrc
Size: 1KB - Virtual size: 1KB

.vmp1
Size: 540KB - Virtual size: 1.6MB