0bfedf51d9f26818afd27fb24575dad3e5d259352e27de8108d113aa49ee4853

Sharing

Copy URL

Twitter E-mail

General

Target

0bfedf51d9f26818afd27fb24575dad3e5d259352e27de8108d113aa49ee4853
Size

239KB
MD5

7d38e5642ee489585e550d90bf67b2b0
SHA1

2763f00f2e7c31696c2a10a05c2cf28c68e4028b
SHA256

0bfedf51d9f26818afd27fb24575dad3e5d259352e27de8108d113aa49ee4853
SHA512

3aea358e1640bf42ed9b559ff7665816491b0f85c35c55c4e2ff885cd0923f0efe6970ee0199cd1d4a3533e89a084b2578189dd0fbf1dd4733d0e9512ce8ecf8
SSDEEP

6144:lAZXgxFlFqyWNEz0P/G4+iAyhChc2kje0:lARg5YyWNNnxXRhsYj9

Score

N/A

Malware Config

Signatures

Files

0bfedf51d9f26818afd27fb24575dad3e5d259352e27de8108d113aa49ee4853
.exe windows x86

ad7435e127dc2b6bc8a0bdf9a9408662

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetGroupAdd
NetReplGetInfo
RxNetAccessGetUserPerms
I_NetServerAuthenticate
I_NetServerAuthenticate3
DsValidateSubnetNameW
NlBindingAddServerToCache
NetDfsSetClientInfo
NetReplExportDirAdd
NetpIsRemote
NetpwNameCompare
DsGetDcSiteCoverageW
DsGetDcNameA
NetpNetBiosReset

wininet

GetUrlCacheEntryInfoExA
RegisterUrlCacheNotification
CommitUrlCacheEntryW
InternetTimeFromSystemTimeW
GetUrlCacheGroupAttributeW
ParseX509EncodedCertificateForListBoxEntry
FindNextUrlCacheEntryExW
GopherOpenFileW
GetUrlCacheConfigInfoA
FindNextUrlCacheEntryW
InternetQueryOptionW
InternetEnumPerSiteCookieDecisionW
GetUrlCacheEntryInfoA
InternetAlgIdToStringW
RetrieveUrlCacheEntryStreamW
FtpSetCurrentDirectoryW
InternetGetPerSiteCookieDecisionW
InternetUnlockRequestFile

mpr

WNetGetNetworkInformationA
WNetFormatNetworkNameA
WNetCloseEnum
WNetCancelConnectionW
WNetOpenEnumA
WNetSupportGlobalEnum
WNetGetUserA
WNetGetConnection2W
WNetSetConnectionW
WNetGetUniversalNameA
WNetGetProviderNameA
WNetConnectionDialog1W
WNetDisconnectDialog
WNetGetResourceInformationA
WNetGetConnection2A
WNetGetResourceParentA
WNetGetHomeDirectoryW
WNetAddConnectionW

kernel32

GetModuleHandleW
GetPrivateProfileSectionA
GetWindowsDirectoryW
GlobalUnWire
LoadLibraryW
_lopen
GetPrivateProfileIntW
FindNextVolumeW
TerminateThread
LoadResource
GetComPlusPackageInstallStatus
MultiByteToWideChar
InterlockedFlushSList
GetStartupInfoW
WriteFileGather
GetProfileSectionA
VirtualAllocEx
GlobalAlloc
SetStdHandle
UpdateResourceA
Heap32ListNext

mapistub

HrValidateParameters@8
DllCanUnloadNow
cmc_act_on
HrDispatchNotifications@4
ScMAPIXFromCMC
RTFSync
FtgRegisterIdleRoutine@20
MNLS_WideCharToMultiByte@32
MapStorageSCode@4
MAPIAllocateBuffer@8
EnableIdleRoutine@8
HrComposeMsgID@24
ScInitMapiUtil@4
SzFindLastCh@8
__ValidateParameters@8
HrAddColumnsEx@20
BMAPISendMail
UlPropSize@4
BMAPIReadMail
cmc_logon
FPropContainsProp@12
FtAdcFt@20
OpenStreamOnFile@24
MAPIDeleteMail
MAPILogon
UFromSz@4
MAPIAdminProfiles
PropCopyMore@16

oleaut32

SafeArrayGetElement
VarCyMul
VarI4FromI2
VarBoolFromUI1
VarR4CmpR8
LoadTypeLibEx
VarDecFromR8
VarI1FromCy
VarCyRound
VarI4FromI1
VarBstrFromUI8
VarI2FromUI8
VarUI8FromUI2
VarI2FromUI1
VarR8FromUI2
DllCanUnloadNow
VarR4FromI2
VarDecDiv
VariantCopy
VarUI4FromI4
VarUI2FromDisp
VarUI1FromR8
VarUI8FromDec

mapi32

MAPIOpenFormMgr@8
WrapCompressedRTFStream@12
UNKOBJ_COFree@8
HrSetOmiProvidersFlagsInvalid
GetTnefStreamCodepage@12
GetAttribIMsgOnIStg@12
DllCanUnloadNow
FtDivFtBogus@20
cmc_send_documents

msdart

?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?ReadLock@CSpinLock@@QAEXXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
??1CDoubleList@@QAE@XZ
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
?_TryLock@CSpinLock@@AAE_NXZ
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?SetDefaultSpinAdjustmentFactor@CCritSec@@SGXN@Z
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?SetSpinCount@CFakeLock@@QAE_NG@Z
?_IsLocked@CSpinLock@@ABE_NXZ
FXMemDetach
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?sm_wDefaultSpinCount@CCritSec@@1GA
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad7435e127dc2b6bc8a0bdf9a9408662

Headers

File Characteristics

Imports

netapi32

wininet

mpr

kernel32

mapistub

oleaut32

mapi32

msdart

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 70KB - Virtual size: 69KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 70KB - Virtual size: 69KB

.rsrc
Size: 1KB - Virtual size: 1KB