fa2154a93fc1d2d596546efd7d76d75de37daa1f37ec6f4b11e1c40e3fe023bd

Sharing

Copy URL Twitter E-mail

General

Target

fa2154a93fc1d2d596546efd7d76d75de37daa1f37ec6f4b11e1c40e3fe023bd
Size

49KB
MD5

65e30087a00d6ff802f05df723fc7540
SHA1

be7de5a3dc1a98fce6f234aaab1c1764fc1444a8
SHA256

fa2154a93fc1d2d596546efd7d76d75de37daa1f37ec6f4b11e1c40e3fe023bd
SHA512

ff96c9e1edff1117f9c920c5cfd0e6ddbe376d77a50248045b9a80f9032f475a8314e46ca9d60670b7ccd58596f743198073ca49919ca6e7cc25c5165c5be873
SSDEEP

768:M80bwAsAvmpCvmFMZugVi4KPGs/QSD2fI+6TXzsNEOeG3icL1yNz5Y:IbtrvmpCv3wZ3SP6TXG3ic1yNdY

Score

N/A

Malware Config

Signatures

Files

fa2154a93fc1d2d596546efd7d76d75de37daa1f37ec6f4b11e1c40e3fe023bd
.exe windows x86

8a448d540ab3cd4f79b76843e9b83a3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ifsutil

?GetMessageW@IO_DP_DRIVE@@QAEPAVMESSAGE@@XZ
?AddEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??0VOL_LIODPDRV@@IAE@XZ
?QueryFreeDiskSpace@IFS_SYSTEM@@SGEPBVWSTRING@@PAVBIG_INT@@@Z
?RestoreThreadExecutionState@@YGXJK@Z
?QueryFileSystemName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@PAJ1@Z
?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?RemoveEdge@DIGRAPH@@QAEEKK@Z
??0INTSTACK@@QAE@XZ
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
?SetAutochkTimeOut@VOL_LIODPDRV@@SGEK@Z

ntdll

RtlNewSecurityGrantedAccess
RtlRunDecodeUnicodeString
NtCallbackReturn
RtlAppendAsciizToString
NtSetInformationToken
RtlUnicodeStringToOemSize
NtSetSystemEnvironmentValue
RtlEnumProcessHeaps
NtUnloadKey
ZwEnumerateKey
NtReadVirtualMemory
RtlEnumerateGenericTable
ZwQuerySection
RtlTraceDatabaseAdd
RtlGetUserInfoHeap
NtSetInformationProcess

shlwapi

wnsprintfA
StrCpyW
PathCreateFromUrlW
UrlIsNoHistoryA
SHEnumKeyExA
SHRegSetPathW
StrCSpnA
PathFindFileNameA
PathIsUNCServerA
UrlHashA

kernel32

GetCPInfo
WriteConsoleW
lstrcmpiW
SignalObjectAndWait
LoadLibraryW
CompareStringW
GetCommandLineA
MulDiv
OpenSemaphoreW
ResetEvent
GetStartupInfoA
GetConsoleAliasA
GetComputerNameW
GetCommModemStatus
GetHandleInformation
LocalAlloc
SetHandleCount
GetLastError
FlushFileBuffers
GetProfileStringA
BuildCommDCBA
GetExitCodeThread
LCMapStringA
lstrcmpA
ReadFile
GetConsoleCommandHistoryW
ScrollConsoleScreenBufferA
lstrcpynA
ReplaceFileW

crypt32

I_CryptGetTls
CertGetStoreProperty
CertDuplicateCRLContext
I_CertProtectFunction
CryptGetOIDFunctionAddress
CryptSignMessageWithKey
CryptRegisterDefaultOIDFunction
CertFindCertificateInCRL
CryptLoadSip
CertNameToStrA
CertDeleteCTLFromStore
CertCreateCRLContext
CertCloseStore
CertNameToStrW

msdart

?Push@CSingleList@@QAEXQAVCSingleListEntry@@@Z
?_LockSpin@CReaderWriterLock@@AAEX_N@Z
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?IsReadLocked@CReaderWriterLock2@@QBE_NXZ
?SetDefaultSpinAdjustmentFactor@CReaderWriterLock2@@SGXN@Z
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?ReadOrWriteUnlock@CCritSec@@QAEX_N@Z
?ConvertExclusiveToShared@CReaderWriterLock2@@QAEXXZ

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a448d540ab3cd4f79b76843e9b83a3e

Headers

DLL Characteristics

File Characteristics

Imports

ifsutil

ntdll

shlwapi

kernel32

crypt32

msdart

Sections

.text Size: 33KB - Virtual size: 33KB

.idata Size: 512B - Virtual size: 80B

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 9KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 33KB - Virtual size: 33KB

.idata
Size: 512B - Virtual size: 80B

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB