daab02574645049a04e5a495bc9a5483b9367f959cb1be1e56c9168ba0a8a84a

Sharing

Copy URL Twitter E-mail

General

Target

daab02574645049a04e5a495bc9a5483b9367f959cb1be1e56c9168ba0a8a84a
Size

87KB
MD5

a055c68e5a029a14c69349e8477c3bbb
SHA1

ae5c2291fe62fabf23d0b8a097e38e83b1f7fc5a
SHA256

daab02574645049a04e5a495bc9a5483b9367f959cb1be1e56c9168ba0a8a84a
SHA512

c4d750005bb328fdbcec54c2bd88b29e6dd6f182bf0d7c0c4e6f825bfd0d75cfd7cdfc53ac42f5483f104136513408583a5ccda08b8577b2699a72910fc5dd31
SSDEEP

1536:4jCdRH1PP1ns58UOU/WFZu6EpV9G9/+fGy2CsV+XbbxAmvM000x:Wa1PNnAdNcuhpVc921xsg5A6

Score

N/A

Malware Config

Signatures

Files

daab02574645049a04e5a495bc9a5483b9367f959cb1be1e56c9168ba0a8a84a
.exe windows x86

9aa0306a4f0f1097fbd46a2428386e2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasEnumAutodialAddressesW
RasRenameEntryW
RasGetSubEntryPropertiesW
RasSetCredentialsA
RasSetAutodialParamA
RasEnumConnectionsA
DwEnumEntryDetails
RasGetEntryHrasconnW
RasDialW
RasEnumDevicesW
RasGetSubEntryHandleA
RasCreatePhonebookEntryA
RasSetAutodialAddressA
RasCreatePhonebookEntryW
RasScriptInit
RasConnectionNotificationA

ntdll

RtlQueryInformationActivationContext
ZwDisplayString
NtNotifyChangeDirectoryFile
NtGetPlugPlayEvent
CsrCaptureTimeout
NtQueryQuotaInformationFile
ZwSetHighEventPair
RtlxOemStringToUnicodeSize
RtlpNtCreateKey
ZwUnloadDriver
NtCreateSymbolicLinkObject
ZwAdjustPrivilegesToken
RtlGetControlSecurityDescriptor

lz32

LZSeek
LZCloseFile
LZStart
LZRead
LZCopy
LZOpenFileW
LZCreateFileW
GetExpandedNameA
GetExpandedNameW
LZClose
CopyLZFile
LZOpenFileA
LZDone

kernel32

IsDBCSLeadByteEx
LoadLibraryA
GlobalFix
GetModuleHandleW
GetShortPathNameA
FormatMessageW
BuildCommDCBA
WritePrivateProfileStringA
WriteConsoleOutputAttribute
IsWow64Process
VirtualAlloc
TlsSetValue
GetProcAddress
GetACP
GetEnvironmentVariableA
GetSystemTimeAsFileTime
GlobalAlloc
GetCurrentThreadId
QueryPerformanceCounter
GetVolumeNameForVolumeMountPointA
GetCurrentProcessId
GetConsoleInputWaitHandle

rasser

PortClose
PortClearStatistics
PortGetStatistics
PortChangeCallback
PortSetINetCfg
PortGetInfo
PortSetFraming
PortInit
PortSetInfo
PortReceive
PortConnect
PortDisconnect
PortGetPortState
PortReceiveComplete

msvcrt20

??7ios@@QBEHXZ
signal
isalpha
__p__winminor
localeconv
_mkdir
??0ofstream@@QAE@PBDHH@Z
?seekp@ostream@@QAEAAV1@J@Z
?delbuf@ios@@QBEHXZ
__p__environ
_mbscoll
strcmp
localtime

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9aa0306a4f0f1097fbd46a2428386e2e

Headers

DLL Characteristics

File Characteristics

Imports

rasapi32

ntdll

lz32

kernel32

rasser

msvcrt20

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 19KB - Virtual size: 72KB

.rsrc Size: 22KB - Virtual size: 22KB

.reloc Size: 512B - Virtual size: 312B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 19KB - Virtual size: 72KB

.rsrc
Size: 22KB - Virtual size: 22KB

.reloc
Size: 512B - Virtual size: 312B