dcdf85f6fa352a56dcc2080673af0d29750a2df8b4f87082d08dcb08742915e2

Sharing

Copy URL

Twitter E-mail

General

Target

dcdf85f6fa352a56dcc2080673af0d29750a2df8b4f87082d08dcb08742915e2
Size

354KB
MD5

237231bdaef405e3c9569736f044d2ca
SHA1

795434e0805e5d79bd1994923814e3b10ded2bc0
SHA256

dcdf85f6fa352a56dcc2080673af0d29750a2df8b4f87082d08dcb08742915e2
SHA512

77e58f6823f78bd0c8a8fb0cac000fb665bd469462ac2b454e909c3ecc5262bf09f8457fe2050eb803715e7b022c173ba5363a75a646aebfc0885f9d7c0eb787
SSDEEP

6144:fzt5vlwffOgemd78cqMeDNSGgd4XUpEiDnV0PJz4aCHhYZe9Y7FBVkELhudPzOO/:vvOffOgemd78cqMeDNSGgd485bnhUeKA

Score

N/A

Malware Config

Signatures

Files

dcdf85f6fa352a56dcc2080673af0d29750a2df8b4f87082d08dcb08742915e2
.exe windows x86

25c88a4d129f0ebc9d2d13ea76f17636

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetApiBufferFree
NetWkstaUserGetInfo

mpr

WNetAddConnection2W

wtsapi32

WTSQuerySessionInformationW
WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

userenv

LoadUserProfileW
UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

gslogging

?Log@CGSLog@LOGGER@@QAAXPA_WZZ
?g_GSLog@@3VCGSLog@LOGGER@@A
?WriteLog@CGSLog@LOGGER@@QAEHPBDW4_Severity@@0H0@Z
??1CGSFuncLog@LOGGER@@QAE@XZ
??0CGSFuncLog@LOGGER@@QAE@AAVCGSLog@1@QBDPBD@Z
?WriteLog@CGSLog@LOGGER@@QAEHPB_WW4_Severity@@PBDH2@Z
?StopLogging@CGSLog@LOGGER@@QAEHXZ
?StartLogging@CGSLog@LOGGER@@QAEHXZ
?SetFileName@CGSLog@LOGGER@@QAEXPB_W@Z
?Log@CGSLog@LOGGER@@QAAXPBDZZ

gsindexdb

?m_iEstimatedFilesCount@CIndexDB@@2_KA
??1CIndexDB@@QAE@XZ
?Close@CIndexDB@@QAEHXZ
?GetLastPurgeDate@CIndexDB@@QAEHW4PurgeTermType@@AA_J@Z
?Open@CIndexDB@@QAEHHHH@Z
?SetDBFilePath@CIndexDB@@QAEXPB_W@Z
??0CIndexDB@@QAE@XZ
?EndRead@CIndexDB@@QAEXXZ
?ReadRow@CIndexDB@@QAE_NAAUSettingsDatum@@@Z
?BeginSettingsRead@CIndexDB@@QAEHXZ
?GetLastJobData@CIndexDB@@QAE_NAAUSettingsDatum@@@Z
?UpdateStatisticsObjsCallback@CIndexDB@@SAHPAUBackupStatictics@@H@Z
?LoadIndexHash@CIndexDB@@SAHAAV1@@Z
?EnableIndexHash@CIndexDB@@SAXXZ
?LoadIndexStatistics@CIndexDB@@SAHAAV1@@Z
?GetInitialSuccessfulBackupDate@CIndexDB@@QAE_NAA_J0AAH@Z
?GetLastSuccessfulBackupDate@CIndexDB@@QAE_NAA_J0AAH@Z
?GetStatisticsTotalCount@CIndexDB@@SA_KXZ
?CheckMigration@CIndexDB@@QAEHH@Z
?DropAllTables@CIndexDB@@QAEHXZ
?Update@CIndexDB@@QAEHAAUSettingsDatum@@@Z
?ClearIndexStatistics@CIndexDB@@SAXXZ
?ClearIndexHash@CIndexDB@@SAXXZ
?CreateTables@CIndexDB@@QAEHXZ
?GetStatisticsAllSize@CIndexDB@@SAXPA_K000@Z

queuemanager

?Close@CQueueDB@@QAEHXZ
??1CQueueDB@@QAE@XZ
?DropAllTables@CQueueDB@@QAEHXZ
?GetFilesCount@CQueueDB@@QAE_JH@Z
?m_iFilesCountCached@CQueueDB@@2_JA
??0CQueueDB@@QAE@XZ
?Open@CQueueDB@@QAEHXZ
?SetDBFilePath@CQueueDB@@QAEXQB_W@Z
?CreateTables@CQueueDB@@QAEHXZ

gsbackupmanager

??1CBackupManager@@QAE@XZ
??0CBackupManager@@QAE@XZ
?SetTotalNewFilesSize@CBackupManager@@SAXAB_K@Z
?GetCurrentProcessed@CBackupManager@@QAEKXZ
?IsBackupThreadRunning@CBackupManager@@QAE_NXZ
?EndPurge@CBackupManager@@QAEXXZ
?EndBackup@CBackupManager@@QAEHXZ
?AbortPurging@CBackupManager@@QAEHXZ
?Abort@CBackupManager@@QAEH_N@Z
?StartPurge@CBackupManager@@QAEHW4_PurgeType@1@@Z
?IsRestoreStarted@CBackupManager@@SA_NXZ
?GetBackupExitCode@CBackupManager@@QAE_NAAH@Z
?IsPurgeRunning@CBackupManager@@QAE_NXZ
?IsBackupRunning@CBackupManager@@SA_NXZ
UnRegisterBackupCallback
RegisterBackupCallback
?SetNeedVSSThreadRule@CBackupManager@@QAEXH@Z
?SetQueueSize@CBackupManager@@QAEXK@Z
?SetUserToken@CBackupManager@@QAEXPAX@Z
?StartBackup@CBackupManager@@QAEHXZ
?Initialize@CBackupManager@@QAEXXZ
?ForceCopyCache@CBackupManager@@QAEHXZ
?ExecuteRealTimeTrans@CBackupManager@@SAHAAVCIndexDB@@H@Z
?IsBackupDestTransactionExist@CBackupManager@@SAHXZ
?UpdateThreadsPriority@CBackupManager@@QAEXH@Z
?GetQueueItemsCount@CBackupManager@@QAE_KXZ

settings

GetMainSettings
GetServiceRunSettings
?LoadServiceConfigLogin@CMainSettings@@SAHAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@00@Z
?SetValue@CSettings@@IAEXPB_WPBXI@Z
GetUserConfigurations
?GetBackupFreq@CUserConfigurations@@QAEKXZ
?IsServerModeAndSameUser@CMainSettings@@QAEHXZ
?GetStringValue@CMainSettings@@QAE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_W@Z
?Reload@CSettings@@QAE_N_N@Z
?IsLoggingEnabledW@CUserConfigurations@@QAEHXZ
?IsBackupFreqCDP@CUserConfigurations@@QAEHXZ
?GetPurgingSettings@CUserConfigurations@@QAEABUPurgingSettings@@XZ
?GetCurJobFolderPath@CSettings@@QBEQB_WXZ
?GetLogsFolderPath@CSettings@@QBEQB_WXZ
?GetAppFolderPath@CSettings@@QBEQB_WXZ
?GetValue@CSettings@@IBEXPB_WPAXI@Z
?SaveServiceConfigLogin@CMainSettings@@SAHPB_W00@Z
?IsServerModeEnabled@CMainSettings@@QAEHXZ
?Load@CSettings@@QAE_NXZ
?GetDataFolderPath@CSettings@@QBEQB_WXZ

gswatcher4

?SetQueueDB@CGSWatcher@@QAEXPB_W@Z
?SetDestBackupFolderDB@CGSWatcher@@QAEXPB_W@Z
?SetIndexDB@CGSWatcher@@QAEXPB_W@Z
?SetSecondaryXMLFile@CGSWatcher@@QAEXPB_W0@Z
?SetDataXMLFiles@CGSWatcher@@QAEXPB_W0@Z
?Init@CGSWatcher@@QAEXXZ
?GenerateDriveList@GSFilter@@QAE?AV?$map@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@VDriveGuidInfo@@U?$less@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@std@@V?$allocator@U?$pair@$$CBV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@VDriveGuidInfo@@@std@@@5@@std@@XZ
?SetOverlay@CGSWatcher@@QAEX_N@Z
?SetUserToken@CGSWatcher@@QAEXPAX@Z
?AddNewQueueItem@CGSWatcher@@QAE_NPB_W_N@Z
?UpdateThreadsPriority@CGSWatcher@@QAEXW4CPUSpeedMode@@@Z
?UpdateDrive@CGSWatcher@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@W4DriveAction@WatcherEnum@@@Z
?IsFirstTimeEnumRunning@CGSWatcher@@QAEHXZ
?GetTotalFilesInMem@CGSWatcher@@QAE_JXZ
??0CGSWatcher@@QAE@_N@Z
??1CGSWatcher@@QAE@XZ
?EnableBackupHiddenFiles@CGSWatcher@@QAEX_N@Z
?SetBlockLevelExt@CGSWatcher@@QAEXPB_W@Z
?SetFirstTimeWatcherHide@CGSWatcher@@QAEXH@Z
?StartFirstTimeRun@CGSWatcher@@QAEHH@Z
?StartWatch@CGSWatcher@@QAEHXZ
?DeInit@CGSWatcher@@QAEXXZ
?IsInitilized@CGSWatcher@@QAEHXZ
?MoveToQueue@CGSWatcher@@QAEHHAAH@Z
?AbortWatching@CGSWatcher@@QAEHXZ
?IsEnableFirstTime@CGSWatcher@@QAEHXZ
?ResetSkipCounter@CGSWatcher@@QAEXXZ
?IsFirstTimeFinshedsuccessfully@CGSWatcher@@QAEHXZ

mfc100u

ord11494
ord1312
ord3846
ord296
ord1310
ord265
ord902
ord266
ord1300
ord4511
ord1450
ord5229
ord280
ord287
ord7914
ord1440
ord7357
ord1476
ord1479
ord2629
ord285
ord5264
ord13127
ord2614
ord1270
ord869
ord13253
ord851
ord7876
ord4151
ord4290
ord4150
ord1987
ord1907
ord1908
ord12801
ord2062
ord12154
ord1272
ord871
ord5813
ord2068
ord2064
ord11838
ord918
ord339
ord12797
ord12149
ord12153
ord2683
ord2677
ord11571
ord1298
ord415
ord5848
ord7637
ord13246
ord978
ord1934
ord1480
ord13255
ord7639
ord12822
ord2620
ord2088
ord4478
ord1477
ord1474
ord4512
ord281
ord981
ord423
ord4197
ord7871
ord286

msvcr100

_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_localtime64_s
_time64
_i64tow
_difftime64
_ftime64
printf
_wcsupr_s
wcscat_s
_purecall
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
memmove_s
memcpy_s
wmemcpy_s
wcsnlen
__winitenv
toupper
__argc
__wargv
_wcsicmp
_wsplitpath_s
_wmakepath_s
_CxxThrowException
wcscpy_s
memmove
memset
_errno
_wcserror
_wcsnicmp
wcsstr
strncpy
wcstol
wcsncmp
wcslen
wcschr
wcsncpy
fwrite
_wfopen
fseek
ftell
fread
wcscpy
_swprintf
fclose
__CxxFrameHandler3
memcpy
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
vswprintf_s
realloc
__iob_func
fprintf
exit
ldiv
_wcslwr
strlen
free
malloc
_resetstkoflw
memcmp
_wtoi
wcscmp
_wctime64
wprintf
_mktime64

kernel32

GetFileInformationByHandle
GetLocalTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetCurrentProcess
GetCurrentThread
FindNextFileW
GetCurrentThreadId
FlushViewOfFile
ResetEvent
GetTimeFormatW
GetDateFormatW
GetExitCodeProcess
CreateProcessW
WTSGetActiveConsoleSessionId
GetVersionExW
ProcessIdToSessionId
GetCurrentProcessId
VerifyVersionInfoW
VerSetConditionMask
GetSystemPowerStatus
OpenProcess
Process32NextW
HeapDestroy
Process32FirstW
CreateToolhelp32Snapshot
HeapReAlloc
HeapSize
ReleaseMutex
RaiseException
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GetWindowsDirectoryW
CopyFileW
GetExitCodeThread
InitializeCriticalSection
CreateThread
TerminateThread
ReadConsoleInputW
GetCommandLineW
OpenMutexW
TerminateProcess
SetFilePointer
GetProcessHeap
HeapAlloc
WriteFile
HeapFree
ReadFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
CreateMutexW
GetSystemInfo
DeviceIoControl
GetFileSize
MultiByteToWideChar
OpenEventW
CreateEventW
SetEvent
WaitForSingleObject
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetLogicalDriveStringsW
CreateFileW
CloseHandle
SetFileAttributesW
DeleteFileW
GetFileAttributesW
CreateDirectoryW
FindFirstFileW
FindClose
GetTickCount
Sleep
SetLastError
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLogicalDrives
FormatMessageW
LocalFree
SetConsoleCtrlHandler
GetStdHandle
SetConsoleMode
GetLastError
GetModuleFileNameW
lstrlenW
GetModuleHandleW
GetProcAddress
lstrcpyW

user32

RegisterWindowMessageW
GetForegroundWindow
IsWindowVisible
IsIconic
GetSystemMetrics
GetWindowRect
wsprintfW
GetLastInputInfo
OpenInputDesktop
GetUserObjectInformationW
CloseDesktop
SystemParametersInfoW
MsgWaitForMultipleObjects
PeekMessageW
PostQuitMessage
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetClassNameW

advapi32

SetServiceStatus
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegFlushKey
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
StartServiceCtrlDispatcherW
OpenEventLogW
OpenBackupEventLogW
CloseEventLog
BackupEventLogW
ClearEventLogW
GetNumberOfEventLogRecords
GetOldestEventLogRecord
NotifyChangeEventLog
ReadEventLogW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CloseServiceHandle
ChangeServiceConfigW
ControlService
StartServiceW
QueryServiceStatus
QueryServiceConfigW
CreateServiceW
DeleteService
SetServiceObjectSecurity
QueryServiceObjectSecurity
EnumDependentServicesW
OpenSCManagerW
QueryServiceLockStatusW
EnumServicesStatusW
OpenServiceW
LockServiceDatabase
UnlockServiceDatabase
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueW
ImpersonateSelf
OpenThreadToken
OpenProcessToken
CreateProcessAsUserW
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
EqualSid
ConvertSidToStringSidW
LookupAccountSidW
SetTokenInformation
CopySid
GetLengthSid
IsValidSid
RegEnumKeyW
RegOpenCurrentUser
LogonUserW
RegisterServiceCtrlHandlerW

shell32

SHChangeNotify

shlwapi

PathRemoveExtensionW
PathFindExtensionW
PathFileExistsW
PathStripToRootW
PathAddBackslashW
PathRemoveFileSpecW
PathIsUNCW

msvcp100

?_Orphan_all@_Container_base0@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?width@ios_base@std@@QAE_J_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Xlength_error@std@@YAXPBD@Z
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z

setupapi

SetupDiGetDeviceInstanceIdW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW

secur32

LsaGetLogonSessionData

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

25c88a4d129f0ebc9d2d13ea76f17636

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

mpr

wtsapi32

userenv

psapi

gslogging

gsindexdb

queuemanager

gsbackupmanager

settings

gswatcher4

mfc100u

msvcr100

kernel32

user32

advapi32

shell32

shlwapi

msvcp100

setupapi

secur32

Sections

.text Size: 253KB - Virtual size: 252KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 1024B - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 253KB - Virtual size: 252KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 1024B - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 19KB