ec09b467150514774de7051a2589ee0523d8c00d36ce917052b3da66fb23239a

Sharing

Copy URL Twitter E-mail

General

Target

ec09b467150514774de7051a2589ee0523d8c00d36ce917052b3da66fb23239a
Size

239KB
MD5

629c48d0bc1b24dc2edcb9662f6d6ea0
SHA1

58c5e003f705a06934d0bd856c7b25dfba12d101
SHA256

ec09b467150514774de7051a2589ee0523d8c00d36ce917052b3da66fb23239a
SHA512

6022cc779925d442441ac9673416d3d40cb58d15abb7cf5fd7635b14411fd721c5dc99c4d9949785b293fead77976e9a8a2f0d672c0f3ae35d4e500db48658d9
SSDEEP

6144:lAZXgxFlFqyWNEz0P/G4+iAyhChc2kjey:lARg5YyWNNnxXRhsYjX

Score

N/A

Malware Config

Signatures

Files

ec09b467150514774de7051a2589ee0523d8c00d36ce917052b3da66fb23239a
.exe windows x86

ad7435e127dc2b6bc8a0bdf9a9408662

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetGroupAdd
NetReplGetInfo
RxNetAccessGetUserPerms
I_NetServerAuthenticate
I_NetServerAuthenticate3
DsValidateSubnetNameW
NlBindingAddServerToCache
NetDfsSetClientInfo
NetReplExportDirAdd
NetpIsRemote
NetpwNameCompare
DsGetDcSiteCoverageW
DsGetDcNameA
NetpNetBiosReset

wininet

GetUrlCacheEntryInfoExA
RegisterUrlCacheNotification
CommitUrlCacheEntryW
InternetTimeFromSystemTimeW
GetUrlCacheGroupAttributeW
ParseX509EncodedCertificateForListBoxEntry
FindNextUrlCacheEntryExW
GopherOpenFileW
GetUrlCacheConfigInfoA
FindNextUrlCacheEntryW
InternetQueryOptionW
InternetEnumPerSiteCookieDecisionW
GetUrlCacheEntryInfoA
InternetAlgIdToStringW
RetrieveUrlCacheEntryStreamW
FtpSetCurrentDirectoryW
InternetGetPerSiteCookieDecisionW
InternetUnlockRequestFile

mpr

WNetGetNetworkInformationA
WNetFormatNetworkNameA
WNetCloseEnum
WNetCancelConnectionW
WNetOpenEnumA
WNetSupportGlobalEnum
WNetGetUserA
WNetGetConnection2W
WNetSetConnectionW
WNetGetUniversalNameA
WNetGetProviderNameA
WNetConnectionDialog1W
WNetDisconnectDialog
WNetGetResourceInformationA
WNetGetConnection2A
WNetGetResourceParentA
WNetGetHomeDirectoryW
WNetAddConnectionW

kernel32

GetModuleHandleW
GetPrivateProfileSectionA
GetWindowsDirectoryW
GlobalUnWire
LoadLibraryW
_lopen
GetPrivateProfileIntW
FindNextVolumeW
TerminateThread
LoadResource
GetComPlusPackageInstallStatus
MultiByteToWideChar
InterlockedFlushSList
GetStartupInfoW
WriteFileGather
GetProfileSectionA
VirtualAllocEx
GlobalAlloc
SetStdHandle
UpdateResourceA
Heap32ListNext

mapistub

HrValidateParameters@8
DllCanUnloadNow
cmc_act_on
HrDispatchNotifications@4
ScMAPIXFromCMC
RTFSync
FtgRegisterIdleRoutine@20
MNLS_WideCharToMultiByte@32
MapStorageSCode@4
MAPIAllocateBuffer@8
EnableIdleRoutine@8
HrComposeMsgID@24
ScInitMapiUtil@4
SzFindLastCh@8
__ValidateParameters@8
HrAddColumnsEx@20
BMAPISendMail
UlPropSize@4
BMAPIReadMail
cmc_logon
FPropContainsProp@12
FtAdcFt@20
OpenStreamOnFile@24
MAPIDeleteMail
MAPILogon
UFromSz@4
MAPIAdminProfiles
PropCopyMore@16

oleaut32

SafeArrayGetElement
VarCyMul
VarI4FromI2
VarBoolFromUI1
VarR4CmpR8
LoadTypeLibEx
VarDecFromR8
VarI1FromCy
VarCyRound
VarI4FromI1
VarBstrFromUI8
VarI2FromUI8
VarUI8FromUI2
VarI2FromUI1
VarR8FromUI2
DllCanUnloadNow
VarR4FromI2
VarDecDiv
VariantCopy
VarUI4FromI4
VarUI2FromDisp
VarUI1FromR8
VarUI8FromDec

mapi32

MAPIOpenFormMgr@8
WrapCompressedRTFStream@12
UNKOBJ_COFree@8
HrSetOmiProvidersFlagsInvalid
GetTnefStreamCodepage@12
GetAttribIMsgOnIStg@12
DllCanUnloadNow
FtDivFtBogus@20
cmc_send_documents

msdart

?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?ReadLock@CSpinLock@@QAEXXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
??1CDoubleList@@QAE@XZ
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
?_TryLock@CSpinLock@@AAE_NXZ
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?SetDefaultSpinAdjustmentFactor@CCritSec@@SGXN@Z
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?SetSpinCount@CFakeLock@@QAE_NG@Z
?_IsLocked@CSpinLock@@ABE_NXZ
FXMemDetach
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?sm_wDefaultSpinCount@CCritSec@@1GA
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad7435e127dc2b6bc8a0bdf9a9408662

Headers

File Characteristics

Imports

netapi32

wininet

mpr

kernel32

mapistub

oleaut32

mapi32

msdart

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 70KB - Virtual size: 69KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 70KB - Virtual size: 69KB

.rsrc
Size: 1KB - Virtual size: 1KB