feeea2b0e2f8a2828724980ece3b7c9ef9a81ad29a444d19c2a11a33b65546b8

Sharing

Copy URL Twitter E-mail

General

Target

feeea2b0e2f8a2828724980ece3b7c9ef9a81ad29a444d19c2a11a33b65546b8
Size

828KB
MD5

5a9fb5b9c8b604326eaeea2b06c04a74
SHA1

ab09e688934141ee51abcd87529b90b56c182e3f
SHA256

feeea2b0e2f8a2828724980ece3b7c9ef9a81ad29a444d19c2a11a33b65546b8
SHA512

21ffdde03ae7d8246c7d99fcdc596a8b22a81b2bb5b7d75c4bf3a1118c23dcd0cf3ff406a2d822c81ccf4f984b20651d26856de117e094f54899db69dd10a6a7
SSDEEP

24576:rsJZ4P1xeexiayT/EO+++Dnd0fw6MAtq9:rL1oex5K/E3NniYjAQ9

Score

N/A

Malware Config

Signatures

Files

feeea2b0e2f8a2828724980ece3b7c9ef9a81ad29a444d19c2a11a33b65546b8
.exe windows x86

a151995fbbca80df77fcbca478d7afce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winsta

ServerLicensingFreePolicyInformation
WinStationDisconnect
_WinStationNotifyDisconnectPipe
_WinStationGetApplicationInfo
WinStationGetLanAdapterNameW
WinStationNameFromLogonIdW
WinStationGetAllProcesses
WinStationEnumerateA
WinStationNameFromLogonIdA
_WinStationNotifyNewSession
WinStationIsHelpAssistantSession
_NWLogonSetAdmin
ServerLicensingClose
_WinStationNotifyLogoff
WinStationCloseServer
WinStationConnectCallback
WinStationRenameW
_NWLogonQueryAdmin
WinStationSetInformationA
WinStationShadow
_WinStationWaitForConnect
WinStationShutdownSystem
WinStationBroadcastSystemMessage
WinStationGetTermSrvCountersValue
ServerLicensingGetPolicy
WinStationRegisterConsoleNotification
LogonIdFromWinStationNameW
WinStationEnumerateW
WinStationRenameA
_WinStationUpdateSettings
ServerLicensingGetPolicyInformationW
_WinStationNotifyLogon
WinStationEnumerate_IndexedA

kernel32

GlobalUnfix
CreateJobObjectW
RegisterWowExec
LocalSize
SetUserGeoID
EnumResourceTypesW
AllocConsole
ExitProcess
HeapDestroy
GetFileAttributesExW
CreateActCtxW
lstrcatA
SetConsoleKeyShortcuts
lstrcmpiA
OpenThread
GetConsoleAliasesLengthW
CancelDeviceWakeupRequest
FreeResource
GetConsoleKeyboardLayoutNameA
DosPathToSessionPathW
HeapWalk
FindFirstChangeNotificationW
SetSystemTime
CloseConsoleHandle
SetCalendarInfoW
WaitNamedPipeA
SetConsoleNlsMode
lstrcpynW
ConsoleMenuControl
EnumSystemLanguageGroupsW
SetConsoleCtrlHandler
VirtualAlloc
SystemTimeToTzSpecificLocalTime
SetLocalPrimaryComputerNameW
IsDBCSLeadByteEx
WriteProfileSectionW
QueryPerformanceCounter
GlobalFree
GetSystemWindowsDirectoryA
MapViewOfFileEx
InitAtomTable
FindNextVolumeW
SetConsoleInputExeNameA
GetSystemWindowsDirectoryW
InterlockedDecrement
CreateProcessInternalA
HeapUnlock
CreateNamedPipeA
BaseCheckAppcompatCache
DeleteTimerQueueTimer
IsProcessorFeaturePresent
GetProcessPriorityBoost
GetTapeStatus
GetConsoleAliasExesLengthA
GetProcessWorkingSetSize
GlobalWire
SetComputerNameW
GetSystemTimeAsFileTime
TlsAlloc
SetVolumeMountPointA
EnumCalendarInfoW
SetConsoleLocalEUDC
LoadLibraryA
AllocateUserPhysicalPages
GetModuleHandleA
RemoveDirectoryW
TerminateJobObject
CreateNamedPipeW

activeds

ADsBuildEnumerator
ADsBuildVarArrayInt
ADsGetObject
AdsTypeToPropVariant2
FreeADsMem
ADsDecodeBinaryData
AllocADsStr
AllocADsMem
AdsTypeToPropVariant
ADsEnumerateNext
AdsFreeAdsValues
ADsEncodeBinaryData
ADsFreeEnumerator
ADsGetLastError
ADsOpenObject
ConvertSecurityDescriptorToSecDes
ReallocADsMem
BinarySDToSecurityDescriptor
SecurityDescriptorToBinarySD
ADsBuildVarArrayStr
PropVariantToAdsType
FreeADsStr
ReallocADsStr
ADsSetLastError
PropVariantToAdsType2
ConvertSecDescriptorToVariant

ifsutil

?Initialize@SPARSE_SET@@QAEEXZ
?QueryDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?Set@BIG_INT@@QAEXEPBE@Z
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?QueryAutochkTimeOut@VOL_LIODPDRV@@SGEPAK@Z
?ComputeVolId@SUPERAREA@@SGKK@Z
?QueryFreeDiskSpace@IFS_SYSTEM@@SGEPBVWSTRING@@PAVBIG_INT@@@Z
?GetMessageW@SUPERAREA@@QAEPAVMESSAGE@@XZ
??0DP_DRIVE@@QAE@XZ
??0INTSTACK@@QAE@XZ
?EnableVolumeCompression@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Initialize@NUMBER_SET@@QAEEXZ
??1INTSTACK@@UAE@XZ
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?Initialize@SECRUN@@QAEEPAVMEM@@PAVIO_DP_DRIVE@@VBIG_INT@@K@Z
?Initialize@CANNED_SECURITY@@QAEEXZ
?GetData@TLINK@@QAEAAVBIG_INT@@G@Z
?Write@SECRUN@@UAEEXZ
?AddEdge@DIGRAPH@@QAEEKK@Z
??0VOL_LIODPDRV@@IAE@XZ
?ForceAutochk@VOL_LIODPDRV@@QAEEEKKGPBVWSTRING@@@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EEG@Z
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Initialize@READ_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?QueryRecommendedMediaType@DP_DRIVE@@QBE?AW4_MEDIA_TYPE@@XZ
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@@Z
?Push@INTSTACK@@QAEEVBIG_INT@@@Z
?WriteToFile@IFS_SYSTEM@@SGEPBVWSTRING@@PAXKE@Z

sqlunirl

_NDdeShareGetInfo_@28
_PolyTextOut_@12
_LoadAccelerators_@8
_GetCharWidth32_@16
_GetClassLong_@8
newMultiByteFromWideCharSize
_GetFileAttributes_@4
_GetFileVersionInfo_@16
_GetDiskFreeSpaceEx_@16
_StartServiceCtrlDispatcher_@4
_DefDlgProc_@16
_GetShortPathName_@12
_InsertMenu_@20
_EnumResourceTypes_@12
_SetEnvironmentVariable_@8
_EnumProps_@8
_ObjectDeleteAuditAlarm_@12
_ChooseColor_@4
_GrayString_@36
_FindText_@4
_Shell_NotifyIcon_@8
_RegQueryMultipleValues_@20
_RegOpenKey_@12
_CopyFileEx_@24
_CharLowerBuff_@8
_ExtTextOut@32
_trename
_WriteConsoleInput_@16
_CreateColorSpace_@4
_CallMsgFilter_@8
_RegSaveKey_@12
_GetMenuItemInfo_@16
_CreateWaitableTimer_@12
_GetKeyNameText_@12

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a151995fbbca80df77fcbca478d7afce

Headers

DLL Characteristics

File Characteristics

Imports

winsta

kernel32

activeds

ifsutil

sqlunirl

Sections

.text Size: 392KB - Virtual size: 392KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 156KB - Virtual size: 1.6MB

.rsrc Size: 169KB - Virtual size: 168KB

.reloc Size: 1024B - Virtual size: 964B

.text
Size: 392KB - Virtual size: 392KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 156KB - Virtual size: 1.6MB

.rsrc
Size: 169KB - Virtual size: 168KB

.reloc
Size: 1024B - Virtual size: 964B