007ee52e85f86a9b5d2370ba701b61c650cd5703e0560a9b79cdbfbe67683a4c

Sharing

Copy URL Twitter E-mail

General

Target

007ee52e85f86a9b5d2370ba701b61c650cd5703e0560a9b79cdbfbe67683a4c
Size

863KB
MD5

7b0e4c96e0a93ab652c8c6644b23ba50
SHA1

62841e8e41c74388d938a8ff45235b46ee28fe6e
SHA256

007ee52e85f86a9b5d2370ba701b61c650cd5703e0560a9b79cdbfbe67683a4c
SHA512

fb457a7c89c9320ca336f13a2c7fe119c8f85725223a8c63730f360f64352882b7af88f11e470acc53f006004b4a5671fe85437c9d06ece069863a65741a2bd8
SSDEEP

24576:a8jiPattNt0LC+PKZ/LyvetxxsqhulnIiZC54X:vjwgu1PUy2TqIulIiZZ

Score

N/A

Malware Config

Signatures

Files

007ee52e85f86a9b5d2370ba701b61c650cd5703e0560a9b79cdbfbe67683a4c
.exe windows x86

518578bcade84dc434fe2f17e34f3a80

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
GetCPInfoExW
GetDriveTypeW
GetPrivateProfileSectionA
GetTapePosition
GetTapeStatus
GetPrivateProfileStructA
Process32Next
FreeEnvironmentStringsW
GetTimeFormatA
SetThreadPriority
BuildCommDCBW
LoadLibraryA
CreateDirectoryA
lstrcpyW
GlobalMemoryStatusEx
GetSystemWindowsDirectoryA
IsBadCodePtr
ResetWriteWatch
GetProcessHeap
GetProcessId
WritePrivateProfileSectionW
CreateWaitableTimerW
UpdateResourceW
SetConsoleTitleA
IsValidLocale
DeleteFiber
FindFirstChangeNotificationW
CreateProcessInternalW
IsBadHugeWritePtr
GetProfileStringA
BaseInitAppcompatCacheSupport
GetExpandedNameA
TlsFree
RemoveLocalAlternateComputerNameA
GetConsoleInputWaitHandle
CreateSocketHandle
InterlockedDecrement
BuildCommDCBAndTimeoutsA
GetThreadPriority
FindNextVolumeW
DefineDosDeviceW
ConvertDefaultLocale
GetLongPathNameA
GetStartupInfoW
GetUserDefaultLangID
SetCommBreak
GetCurrencyFormatW
VirtualAlloc
GetSystemDefaultLCID
EnumDateFormatsExW
GetNativeSystemInfo
GetSystemWow64DirectoryW
AreFileApisANSI
GetVolumeNameForVolumeMountPointW
EnumResourceNamesW
GetVolumePathNamesForVolumeNameA
SetConsoleCtrlHandler
GlobalUnlock
CreateIoCompletionPort
SetConsoleMode
WideCharToMultiByte
BaseFlushAppcompatCache
Thread32First

msasn1

ASN1CEREncGeneralizedTime
ASN1uint32_uoctets
ASN1BERDotVal2Eoid
ASN1CEREncBitString
ASN1BERDecObjectIdentifier
ASN1BEREncSX
ASN1_CloseModule
ASN1_SetEncoderOption
ASN1intx_uoctets
ASN1CEREncChar16String
ASN1BERDecUTCTime
ASN1_Encode
ASN1intx2int32
ASN1EncSetError
ASN1intx2uint32
ASN1BEREncObjectIdentifier2
ASN1BEREncCharString
ASN1BEREoid_free
ASN1BEREncGeneralizedTime
ASN1ztcharstring_cmp
ASN1BERDecTag
ASN1intx_setuint32
ASN1BERDecZeroMultibyteString
ASN1bitstring_free
ASN1_FreeEncoded
ASN1BERDecChar32String
ASN1BERDecPeekTag
ASN1BERDecBitString
ASN1BERDecS16Val
ASN1BEREncExplicitTag
ASN1BEREncCheck
ASN1char16string_free
ASN1BERDecZeroChar16String
ASN1BEREncNull
ASN1BERDecSkip
ASN1char32string_cmp
ASN1objectidentifier2_cmp
ASN1DecRealloc
ASN1charstring_free
ASN1_FreeDecoded
ASN1BERDecS8Val
ASN1ztchar16string_free
ASN1ztchar32string_free
ASN1CEREncZeroMultibyteString
ASN1generalizedtime_cmp

crtdll

exit
wprintf
_get_osfhandle
??3@YAXPAX@Z
_mbspbrk
_cputs
memmove
rename
_mbsnbicmp
_CIasin
_dup
_mbsnccnt
_sys_nerr_dll
__iscsymf
gets
system
_snprintf
_isctype
perror
wcslen
_wcsdup
fwprintf
_basemajor_dll
_commit
fopen
__threadhandle

mspatcha

TestApplyPatchToFileA
ApplyPatchToFileW
ApplyPatchToFileExA
ApplyPatchToFileA
GetFilePatchSignatureA
ApplyPatchToFileByHandles
ApplyPatchToFileByHandlesEx
GetFilePatchSignatureByHandle
ApplyPatchToFileExW
TestApplyPatchToFileW
TestApplyPatchToFileByHandles
GetFilePatchSignatureW

user32

CreateDialogIndirectParamAorW
ExitWindowsEx
SetDebugErrorLevel
FlashWindow
SetPropW
DrawStateW
CtxInitUser32
CharNextW
GetWindowTextLengthA
EnumWindowStationsW
GetWindowTextLengthW
FindWindowW
CharLowerW
ImpersonateDdeClientWindow
BroadcastSystemMessageExW
DrawEdge
IsIconic
NotifyWinEvent
GetAltTabInfoA
GetWindowModuleFileName
MessageBoxTimeoutA
RegisterWindowMessageW
SendNotifyMessageW
GetWindowInfo
GetPropW
GetDlgItemTextW
ScrollWindow
CreateIconFromResourceEx
WINNLSEnableIME
HideCaret
GetRawInputBuffer
ModifyMenuA
RegisterClipboardFormatA
EndDialog
GetSysColor
CharUpperW
ReuseDDElParam
SetWindowLongA
WinHelpA
GetKeyboardState
GetNextDlgTabItem
DefDlgProcW
MessageBoxW
ClientToScreen
CreateIconIndirect
GetScrollBarInfo

msvcrt

exit
__p__wcmdln
fputc
_ungetwch
_ismbbalnum
__p__timezone
_popen
_putenv
_heapchk
wcscat
__set_app_type
_lseeki64
_wcserror
_mbsdup
_getdcwd
_snprintf
__p__commode
putwc
?_set_new_mode@@YAHH@Z
_wchmod
__getmainargs
iswpunct
_close
__CxxExceptionFilter
__RTCastToVoid
realloc
_ismbbpunct
_wspawnv
_j1
strxfrm
__crtLCMapStringW
pow
_commit
__p__winver
_adj_fdiv_m32
_locking
__threadid
__pxcptinfoptrs
_fsopen
_set_SSE2_enable
puts
iscntrl
_mbsnbcmp
_execvp
_aligned_offset_malloc
_spawnlp
_getmaxstdio
iswgraph
_stati64

msdart

?BucketSize@CLKRHashTableStats@@SGJJ@Z
?IsReadUnlocked@CReaderWriterLock3@@QBE_NXZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
MpHeapCreate
?SetSpinCount@CFakeLock@@QAE_NG@Z
??4CDoubleList@@QAEAAV0@ABV0@@Z
UMSEnterCSWraper
?MaxSize@CLKRLinearHashTable@@QBEKXZ
?sm_wDefaultSpinCount@CSmallSpinLock@@1GA
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?SetSpinCount@CSpinLock@@QAE_NG@Z
?ReadUnlock@CReaderWriterLock@@QAEXXZ
?_CurrentThreadId@CReaderWriterLock3@@CGJXZ
?WriteLock@CSpinLock@@QAEXXZ
?SetDefaultSpinAdjustmentFactor@CFakeLock@@SGXN@Z
?_TryReadLock@CReaderWriterLock3@@AAE_NXZ
?GetSpinCount@CReaderWriterLock3@@QBEGXZ
?GetDefaultSpinAdjustmentFactor@CFakeLock@@SGNXZ
?Clear@CLKRHashTable@@QAEXXZ
??1CDoubleList@@QAE@XZ
?_DeleteRecord@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@PBXK@Z
?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?IsWriteLocked@CCritSec@@QBE_NXZ
MpHeapDestroy
?TryWriteLock@CSmallSpinLock@@QAE_NXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
?GetDefaultSpinCount@CSmallSpinLock@@SGGXZ
?IsReadLocked@CReaderWriterLock2@@QBE_NXZ
?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
?First@CDoubleList@@QBEQAVCListEntry@@XZ
??1CLKRLinearHashTable@@QAE@XZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock3@@1NA
mpCalloc
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z

query

?_FindOrAddAnchor@CDbSortNode@@AAEPAVCDbSortListAnchor@@XZ
?Eof@CMmStreamConsecBuf@@QAEHXZ
?Get@CRegAccess@@QAEKPBG@Z
?AppendListElement@CDbListAnchor@@IAEHPAVCDbCmdTreeNode@@@Z
?PropertyToPropId@CStandardPropMapper@@QAEKABVCFullPropSpec@@H@Z
?Start@CCatalogAdmin@@QAEHXZ
?PutWString@CDbCmdTreeNode@@SGXAAVPSerStream@@PBG@Z
?GetChar@CMemDeSerStream@@UAEXPADK@Z
?CheckHasIndexTable@CiStorage@@SGHPBG@Z
?NumberOfColumns@CCatState@@QBEIXZ
?SetSecret@@YGXPBG00K@Z
?AllocAndCopyWString@CDbCmdTreeNode@@SGPAGPBG@Z
??0CPhysStorage@@IAE@AAVPStorage@@AAVPStorageObject@@KPAVPMmStream@@W4EOpenMode@1@HIH@Z
?GetGlobalStaticPropertyList@@YGPAVCStaticPropertyList@@XZ
DllGetClassObject
DoneCIPerformanceData
??0CEventItem@@QAE@GGKGKPBX@Z
??0CFwEventItem@@QAE@GKGKPAX@Z
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?SetFILETIME@CStorageVariant@@QAEXU_FILETIME@@I@Z
?SetExclude@CScopeAdmin@@QAEXH@Z
?PidToRealPid@CPidMapper@@QAEKK@Z
??0CAllocStorageVariant@@QAE@AAUtagPROPVARIANT@@AAVPMemoryAllocator@@@Z
?GetPhysicalPath@CWebServer@@QAEKPBGPAGKK@Z
?PeekULong@CMemDeSerStream@@UAEKXZ
?GetStartupData@CGenericCiProxy@@QAEPBEAAU_GUID@@AAK@Z

inseng

CheckTrustEx
GetICifFileFromFile
DownloadFile
PurgeDownloadDirectory
CheckTrust
GetICifRWFileFromFile
DllGetClassObject
CheckForVersionConflict

shell32

SHGetMalloc

Sections

.tixt
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 314KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

518578bcade84dc434fe2f17e34f3a80

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msasn1

crtdll

mspatcha

user32

msvcrt

msdart

query

inseng

shell32

Sections

.tixt Size: 536KB - Virtual size: 536KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 314KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 536KB - Virtual size: 536KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 314KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B