eaa8c0d6281c2a3317402338405628dd438e6abcda0f79c1602e18b7690f18f8

Sharing

Copy URL

Twitter E-mail

General

Target

eaa8c0d6281c2a3317402338405628dd438e6abcda0f79c1602e18b7690f18f8
Size

243KB
MD5

91809ba8f3e9fd41628cb1b0820ef840
SHA1

0acf715b44e4cdc934b8cf4e49bf0651e22b50a7
SHA256

eaa8c0d6281c2a3317402338405628dd438e6abcda0f79c1602e18b7690f18f8
SHA512

2873d58420b9c5a19a24b10c7b39c4591bd75dab32ab7c11f3dc9ecfbcafeea93e979a215a098a0e0b769d8c143dc2ed4950206274915829394311b7c82ec526
SSDEEP

6144:dFB2fiDv6glRq2QtRwuQ7S4+QCDmDraBNHGU54dqhs/dHW:dFBDv6glJQ8S4+QCKDrINmUehd2

Score

N/A

Malware Config

Signatures

Files

eaa8c0d6281c2a3317402338405628dd438e6abcda0f79c1602e18b7690f18f8
.exe windows x86

f3102c53bd74c83ba94e2d17174f7390

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

traffic

TcOpenInterfaceW
TcDeregisterClient
TcModifyFlow
TcEnumerateInterfaces
TcSetFlowW
TcSetInterface
TcAddFlow
TcQueryFlowA
TcGetFlowNameA
TcCloseInterface
TcOpenInterfaceA
TcQueryFlowW
TcQueryInterface
TcGetFlowNameW
TcRegisterClient
TcDeleteFlow
TcDeleteFilter
TcEnumerateFlows
TcAddFilter

mprapi

MprAdminMIBBufferFree
MprConfigInterfaceGetInfo
MprConfigGetFriendlyName
MprConfigTransportDelete
MprAdminIsDomainRasServer
MprConfigInterfaceTransportGetInfo
MprAdminDeviceEnum
RasPrivilegeAndCallBackNumber
MprConfigServerDisconnect
MprAdminServerGetCredentials
MprConfigServerConnect
MprConfigServerRestore
MprConfigInterfaceEnum
MprAdminUserClose
MprAdminInterfaceConnect
MprAdminMIBEntryGetFirst
MprConfigInterfaceTransportEnum
MprAdminInterfaceDeviceSetInfo
MprAdminInterfaceGetCredentials
MprConfigTransportCreate
MprInfoBlockFind
MprAdminInterfaceSetCredentialsEx

dbghelp

MiniDumpReadDumpStream
SymEnumerateSymbols64
ImageRvaToSection
SymLoadModule64
SymSetSearchPath
SymEnumSourceFiles
FindExecutableImageEx
SymUnloadModule64
SymGetLineFromName64
MapDebugInformation
omap
SymGetLineFromName
ImagehlpApiVersion
SearchTreeForFile
ExtensionApiVersion
SymEnumerateSymbolsW
UnDecorateSymbolName
SymGetLineFromAddr64
SymSetOptions
SymFromName
SymMatchString
MiniDumpWriteDump
SymGetTypeFromName
SymFromAddr
SymGetSymFromAddr64
SymGetLineNext
SymMatchFileName
MakeSureDirectoryPathExists

kernel32

ReadFileEx
GetConsoleTitleW
Module32FirstW
GetFileAttributesA
FlushConsoleInputBuffer
SetConsoleScreenBufferSize
LZRead
CreateJobObjectW
CompareFileTime
OpenFileMappingW
RegisterConsoleIME
GetStartupInfoW
DeleteTimerQueueEx
InterlockedExchange
SetProcessPriorityBoost
GlobalAlloc
GetConsoleHardwareState
GetLocalTime
GetProfileStringW
GetStartupInfoA
lstrcpynA
GlobalLock
CreateFileW
LoadLibraryW
GetModuleHandleW
GetVolumeInformationA
GetNumberOfConsoleFonts
AreFileApisANSI
OpenSemaphoreA
SetFileApisToOEM
GetFileSize

mfcsubs

??H@YG?AVCString@@DABV0@@Z
?SpanIncluding@CString@@QBE?AV1@PBG@Z
?Lock@CCriticalSection@@UAEHK@Z
?Format@CString@@QAAXIZZ
??4CString@@QAEABV0@PBE@Z
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
??1CMapStringToPtr@@UAE@XZ
??1CCriticalSection@@UAE@XZ
??8@YG_NPBGABVCString@@@Z
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?AfxExtractSubString@@YGHAAVCString@@PBGHG@Z
?Collate@CString@@QBEHPBG@Z
??0CString@@QAE@PBG@Z
?SetAt@CString@@QAEXHG@Z
??0CMapStringToPtr@@QAE@H@Z
?IsEmpty@CString@@QBEHXZ
??O@YG_NPBGABVCString@@@Z
?TrimLeft@CString@@QAEXXZ
?data@CPlex@@QAEPAXXZ
?RemoveAt@CStringArray@@QAEXHH@Z
??0CObject@@IAE@XZ
?Append@CStringArray@@QAEHABV1@@Z
??ACStringArray@@QAEAAVCString@@H@Z
?UnlockBuffer@CString@@QAEXXZ
??YCString@@QAEABV0@PBG@Z
??H@YG?AVCString@@ABV0@PBG@Z
?Mid@CString@@QBE?AV1@H@Z
?GetStartPosition@CMapStringToPtr@@QBEPAU__POSITION@@XZ

wldap32

ber_free
ber_bvfree
ldap_extended_operation_sW
ldap_delete_sA
ldap_control_free
ldap_simple_bindW
ldap_parse_sort_controlA
ldap_free_controlsW
ldap_get_values_lenW
LdapUnicodeToUTF8
ldap_simple_bind_s
ldap_count_valuesA
ldap_delete_ext_sW
ldap_search_st
ldap_parse_resultW
ldap_parse_result
ldap_initA
ldap_parse_sort_controlW
ldap_modrdn_sA
ldap_escape_filter_elementA
ldap_dn2ufnW
ldap_value_free
ldap_get_option
ldap_err2string

hhsetup

?AddLocation@CCollection@@QAEPAVCLocation@@PBG000PAK@Z
??4CLocation@@QAEAAV0@ABV0@@Z
?AddRef@CCollection@@QAEXXZ
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetVolume@CLocation@@QAEPADXZ
?DeleteFolder@CCollection@@QAEKPAVCFolder@@@Z
?SetId@CLocation@@QAEXPBG@Z
?Open@CCollection@@QAEKPBG@Z
??0CPointerList@@QAE@XZ
?GetRefTitleCount@CCollection@@QAEKXZ
?GetColNo@CCollection@@QAEKXZ
?DeleteChildren@CCollection@@AAEXPAPAVCFolder@@@Z
?SetPath@CLocation@@QAEXPBD@Z
?GetTail@CFIFOString@@QAEKPAPAD@Z
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?MergeKeywords@CCollection@@QAEHPAD@Z
?GetTitleW@CFolder@@QAEPBGXZ
?SetId@CTitle@@QAEXPBD@Z
??4CCollection@@QAEAAV0@ABV0@@Z
?SetOrder@CFolder@@QAEXK@Z
?GetSampleLocationW@CCollection@@QAEPBGXZ
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
??4CFIFOString@@QAEAAV0@ABV0@@Z
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z
?SetTitle@CFolder@@QAEXPBD@Z
?Save@CCollection@@QAEKXZ
?bIsVisable@CFolder@@QAEHXZ
?AddLocationHistory@CTitle@@QAEKKPBG00PBVCLocation@@00H@Z

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3102c53bd74c83ba94e2d17174f7390

Headers

File Characteristics

Imports

traffic

mprapi

dbghelp

kernel32

mfcsubs

wldap32

hhsetup

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 65KB - Virtual size: 64KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 65KB - Virtual size: 64KB

.rsrc
Size: 1KB - Virtual size: 1KB