2c1fc4ce03d9e8ae238d0c7f6fd96b75058af75430782d3b4acd7029a2b0e54f

Sharing

Copy URL Twitter E-mail

General

Target

2c1fc4ce03d9e8ae238d0c7f6fd96b75058af75430782d3b4acd7029a2b0e54f
Size

828KB
MD5

03dab2969132e57850c51ad55b507bee
SHA1

66eada18ce5751ac940fa595f2ca13cb0675e25a
SHA256

2c1fc4ce03d9e8ae238d0c7f6fd96b75058af75430782d3b4acd7029a2b0e54f
SHA512

6e8bf3c9d02aff55cb4e0599bd9bc7fe51275dbaa86c689c4917f36136a3de5feb28f983b3e8fdc799e97dbfa0681f4a079a1b40d80e3f7c08710da0cf909938
SSDEEP

12288:LMYSzzBD8l+A7m+03kIQLIu2nYEqDCthrQezqcfyvOStiVmzD:LMYSp8l+A7JnLIu2nUUhzqvOGD

Score

N/A

Malware Config

Signatures

Files

2c1fc4ce03d9e8ae238d0c7f6fd96b75058af75430782d3b4acd7029a2b0e54f
.exe windows x86

cffb941c314773edd76656dffc598a15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_SetClassLong_@12
_LoadCursorFromFile_@4
_GetDefaultCommConfig_@12
_TextOut@20
_RegisterClassEx_@4
_GetEnvironmentVariable_@12
_ChangeDisplaySettings_@8
_RemoveDirectory_@4
_CommConfigDialog_@12
_RegLoadKey_@12
_GetClassInfo@12
_CopyEnhMetaFile_@8
_OpenService_@12
ConvertMultiSZNameToW
_CreateFile@28
_CreateDC_@16
_DlgDirList_@20

untfs

?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
??1NTFS_ATTRIBUTE_LIST@@UAE@XZ
?AddExtent@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@00@Z
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
?Write@NTFS_FILE_RECORD_SEGMENT@@UAEEXZ
?CompareDupInfo@NTFS_MFT_INFO@@SGEPAXPAU_FILE_NAME@@@Z
?QueryLcnFromVcn@NTFS_EXTENT_LIST@@QBEEVBIG_INT@@PAV2@1@Z
?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z
?Initialize@NTFS_MFT_INFO@@QAEEXZ
Extend
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
ChkdskEx
??0NTFS_EXTENT_LIST@@QAE@XZ
?QueryAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKPBVWSTRING@@@Z

usp10

ScriptString_pLogAttr
ScriptApplyDigitSubstitution
UspAllocTemp
ScriptStringOut
LpkPresent
ScriptXtoCP
ScriptStringGetLogicalWidths
ScriptStringAnalyse
ScriptShape
ScriptItemize
ScriptJustify

kernel32

SetFileAttributesW
InitializeCriticalSectionAndSpinCount
SetLastError
GetTimeZoneInformation
InterlockedPopEntrySList
GetTickCount
SetProcessAffinityMask
SetLocalTime
PurgeComm
SetLocaleInfoA
LoadLibraryW
GetSystemWindowsDirectoryW
CreateTimerQueue
WriteProcessMemory
FormatMessageA
ChangeTimerQueueTimer
EnumCalendarInfoExW
LZCloseFile
TransactNamedPipe
InterlockedDecrement
SetConsoleTitleA
VerifyVersionInfoA
GetConsoleCommandHistoryLengthA
DosPathToSessionPathA
SetCalendarInfoW
OpenThread
GetCurrencyFormatW
SetComputerNameExA
GetCommModemStatus
SearchPathA
IsBadWritePtr
GlobalUnWire
GetDriveTypeA

user32

CharNextExA
HiliteMenuItem
DdeAddData
GetMonitorInfoW
User32InitializeImmEntryTable
EditWndProc
CharPrevW
EnumDisplayMonitors
RegisterShellHookWindow
GetDialogBaseUnits
EnumPropsA
LockSetForegroundWindow
ChangeMenuA
RemoveMenu
RegisterTasklist
DrawCaptionTempA
RegisterDeviceNotificationA
DialogBoxIndirectParamW
CallMsgFilterA
DdeEnableCallback
ReleaseCapture

netapi32

I_BrowserQueryOtherDomains
I_NetDfsGetVersion
NetpInitFtinfoContext
NetServerSetInfo
I_NetServerReqChallenge
NetShareCheck
NetpwPathCompare
NlBindingRemoveServerFromCache
NetServiceEnum
NetSetPrimaryComputerName
NetReplExportDirSetInfo
NetDfsManagerGetConfigInfo
NlBindingAddServerToCache
NetAuditWrite
NetAlertRaiseEx
NetpDbgPrint
NetServerTransportEnum
NetServiceGetInfo
I_BrowserSetNetlogonState
I_NetLogonGetDomainInfo
I_NetDatabaseSync
NetpCopyFtinfoContext
NetAddAlternateComputerName
NetRemoteTOD
NetpNetBiosReset
NetWkstaTransportAdd
DsGetDcOpenA

msdart

?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?IsMillnm@CMdVersionInfo@@SAHXZ
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
?DeleteIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
??1CDoubleList@@QAE@XZ
??1CSpinLock@@QAE@XZ
?_TryWriteLock2@CReaderWriterLock3@@AAE_NXZ
?_InsertThisIntoGlobalList@CLKRLinearHashTable@@AAEXXZ
?GetStatistics@CLKRLinearHashTable@@QBE?AVCLKRHashTableStats@@XZ
MpHeapAlloc
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?IsReadUnlocked@CSmallSpinLock@@QBE_NXZ
?GetDefaultSpinAdjustmentFactor@CSpinLock@@SGNXZ
?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
?IsReadLocked@CSmallSpinLock@@QBE_NXZ
?_Unlock@CSpinLock@@AAEXXZ
?_CmpExch@CReaderWriterLock3@@AAE_NJJ@Z
?ConvertExclusiveToShared@CLKRHashTable@@QBEXXZ
?SetSpinCount@CSpinLock@@QAE_NG@Z
?SetBucketLockSpinCount@CLKRHashTable@@QAEXG@Z
??0CReaderWriterLock2@@QAE@XZ
?_RemoveThisFromGlobalList@CLKRLinearHashTable@@AAEXXZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cffb941c314773edd76656dffc598a15

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

untfs

usp10

kernel32

user32

netapi32

msdart

Sections

.text Size: 372KB - Virtual size: 372KB

.rdata Size: 104KB - Virtual size: 104KB

.data Size: 181KB - Virtual size: 1.6MB

.rsrc Size: 168KB - Virtual size: 167KB

.reloc Size: 1024B - Virtual size: 920B

.text
Size: 372KB - Virtual size: 372KB

.rdata
Size: 104KB - Virtual size: 104KB

.data
Size: 181KB - Virtual size: 1.6MB

.rsrc
Size: 168KB - Virtual size: 167KB

.reloc
Size: 1024B - Virtual size: 920B