80812bb7b79604cabb178eb821960bb1484de31cbbf318acf3b4fd06a49fc25b

Sharing

Copy URL Twitter E-mail

General

Target

80812bb7b79604cabb178eb821960bb1484de31cbbf318acf3b4fd06a49fc25b
Size

285KB
MD5

573450563e17fb6577282e7ddbc54b8d
SHA1

d40a4d57f0c0177462c426791882ce3dc82fdbc1
SHA256

80812bb7b79604cabb178eb821960bb1484de31cbbf318acf3b4fd06a49fc25b
SHA512

ed256e95810422e130ab2d3fbc4bed8080beb41103f13ace3c380134c0ba09f34c4af809c65580fa51b254da02bb87ab3d18088c757decb056245b2790d048c2
SSDEEP

6144:hSjXcnG4rBQLF+Qw4xLPtGCgWgZsOrcu1q0gAbDfcPtj:hVnbQL8QLLPtGCgVZhN1q0NcPtj

Score

N/A

Malware Config

Signatures

Files

80812bb7b79604cabb178eb821960bb1484de31cbbf318acf3b4fd06a49fc25b
.exe windows x86

4f8ee6af7ff3761ef286cd8847c222c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lz32

LZRead
GetExpandedNameA
LZCopy
LZInit
LZClose
LZOpenFileA
LZSeek

ulib

??0FSTRING@@QAE@ABV0@@Z
?Initialize@MEM_BLOCK_MGR@@QAEEKK@Z
?MoveCursorTo@SCREEN@@QAEEGG@Z
?DeleteAllMembers@SORTED_LIST@@UAEEXZ
??_7BSTRING@@6B@
??0BYTE_STREAM@@QAE@XZ
?QueryEnvironmentVariable@SYSTEM@@SGPAVWSTRING@@PBV2@@Z
??OWSTRING@@QBEEABV0@@Z
?Get_Standard_Input_Stream@@YGPAVSTREAM@@XZ
?ConvertUnicodeToOemN@WSTRING@@CGEPADKPAKPAGK@Z
?ValidateVersion@PROGRAM@@UBEXKK@Z

kernel32

ExitProcess
VirtualAlloc
OpenSemaphoreW
GetConsoleScreenBufferInfo
InitializeCriticalSection

dhcpcsvc

DhcpRenewIpAddressLease
DhcpRegisterParamChange
DhcpDeRegisterOptions
DhcpRequestParams
DhcpRenewIpAddressLeaseEx
DhcpRegisterOptions
DhcpDelPersistentRequestParams
McastRenewAddress
DhcpPersistentRequestParams
DhcpOpenGlobalEvent
DhcpCApiCleanup
DhcpReleaseParameters
DhcpUndoRequestParams
DhcpReleaseIpAddressLeaseEx
DhcpLeaseIpAddress
DhcpRemoveDNSRegistrations
DhcpAcquireParameters
DhcpLeaseIpAddressEx
DhcpNotifyConfigChangeEx
DhcpReleaseIpAddressLease
DhcpEnumClasses
DhcpDeRegisterParamChange
McastReleaseAddress
McastApiStartup

ufat

?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
??0FAT_DIRENT@@QAE@XZ
?FreeChain@FAT@@QAEXK@Z
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
Chkdsk
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
??1CLUSTER_CHAIN@@UAE@XZ
??1FILEDIR@@UAE@XZ
?QueryAllocatedClusters@FAT@@QBEKXZ
?Initialize@FAT_DIRENT@@QAEEPAXE@Z
Recover
?Index12@FAT@@ABEKK@Z
??0ROOTDIR@@QAE@XZ
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Initialize@EA_HEADER@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?Write@CLUSTER_CHAIN@@UAEEXZ
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?AllocChain@FAT@@QAEKKPAK@Z
??1EA_SET@@UAE@XZ
??0EA_HEADER@@QAE@XZ
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
??1FAT_SA@@UAE@XZ
?InitFATChkDirty@REAL_FAT_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@@Z
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??0CLUSTER_CHAIN@@QAE@XZ
?IsValidLastWriteTime@FAT_DIRENT@@QBEEXZ
??0EA_SET@@QAE@XZ
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
?Set12@FAT@@AAEXKK@Z
?QueryFileStartingCluster@FAT_SA@@QAEKPBVWSTRING@@PAVHMEM@@PAPAVFATDIR@@PAEPAVFAT_DIRENT@@@Z

wmi

GetTraceEnableFlags
OpenTraceW
WmiMofEnumerateResourcesW
ControlTraceW
WmiQueryGuidInformation
WmiDevInstToInstanceNameA
WmiOpenBlock
WmiQueryAllDataW
OpenTraceA
WmiQuerySingleInstanceW
RegisterTraceGuidsA
WmiSetSingleInstanceW
WmiExecuteMethodW
WmiNotificationRegistrationA
WmiExecuteMethodA
WmiSetSingleItemW
WmiFreeBuffer
SetTraceCallback
WmiSetSingleItemA
CreateTraceInstanceId
WmiCloseBlock
WmiFileHandleToInstanceNameW
WmiMofEnumerateResourcesA
RemoveTraceCallback
RegisterTraceGuidsW
StartTraceW
ControlTraceA
WmiEnumerateGuids
TraceEvent
QueryAllTracesA
WmiDevInstToInstanceNameW
WmiFileHandleToInstanceNameA
QueryAllTracesW
GetTraceEnableLevel

user32

UserLpkPSMTextOut
SetDebugErrorLevel
ScrollWindowEx
DeleteMenu
MapWindowPoints
ReleaseCapture
EnumPropsExW
GetClientRect
GetForegroundWindow
SetLayeredWindowAttributes
MessageBoxW
FindWindowA
SetProcessDefaultLayout
GetGUIThreadInfo
RegisterClassExA
DdePostAdvise
TabbedTextOutW
RegisterClipboardFormatA
FindWindowW
GetWindowWord
DefDlgProcA
CreateIconFromResourceEx
LockWindowStation
ActivateKeyboardLayout
GetDesktopWindow
BlockInput

shlwapi

PathRemoveExtensionA
PathGetDriveNumberA
PathSkipRootW
PathStripPathA
PathStripToRootW
StrCmpIW
PathFindFileNameW
PathFindExtensionW
PathStripToRootA
PathRemoveExtensionW
PathStripPathW
PathFindExtensionA
StrStrIW
PathRemoveBlanksA
StrCSpnA
StrStrW
PathFindFileNameA
StrStrIA
StrTrimW
PathGetDriveNumberW
StrCmpW
StrStrA
StrCSpnW
StrTrimA
PathSkipRootA
PathRemoveBlanksW

ntmarta

AccProvGetAccessInfoPerObjectType
AccRewriteGetNamedRights
AccProvHandleGetTrusteesAccess
AccLookupAccountSid
AccRewriteGetHandleRights
AccProvRevokeAccessRights
AccProvCancelOperation
AccProvIsAccessAudited
AccProvHandleGrantAccessRights
AccProvHandleRevokeAccessRights
AccProvRevokeAuditRights
AccProvHandleRevokeAuditRights
AccConvertAccessToSD
EventNameFree
AccRewriteGetExplicitEntriesFromAcl
AccProvHandleIsObjectAccessible
AccProvSetAccessRights
AccLookupAccountTrustee
AccRewriteSetNamedRights
AccProvHandleGetAllRights
AccConvertAclToAccess
AccProvGetTrusteesAccess
AccProvHandleSetAccessRights
AccConvertSDToAccess
AccProvHandleGetAccessInfoPerObjectType
AccProvGetCapabilities
EventGuidToName
AccGetExplicitEntries
AccSetEntriesInAList
AccProvGetOperationResults
AccRewriteSetEntriesInAcl

scecli

SceGetTimeStamp
SceSetupMoveSecurityFile
SceSvcFree
DeltaNotify
SceUpdateSecurityProfile
SceGetObjectChildren
SceAnalyzeSystem
SceAddToNameList
SceProcessSecurityPolicyGPO

opengl32

glEdgeFlagv
glDepthFunc
glPopAttrib
glColor3sv
glInitNames
glTexCoord3dv
glPixelMapfv
glRasterPos2dv
glRectfv
glEvalCoord2fv
glIndexd
glIndexPointer
glDisable
glRecti
glEvalMesh1
glColor4fv
glTexEnviv
glRotated
glColor3fv
glVertex2sv
glClipPlane
glColor3uiv
glNormal3sv
glEvalPoint2
glScissor
glEnd

msports

ComDBReleasePort
ComDBClaimNextFreePort
ComDBResizeDatabase
PortsClassInstaller
ComDBClose
ParallelPortPropPageProvider
ComDBOpen
ComDBGetCurrentPortUsage
SerialDisplayAdvancedSettings
SerialPortPropPageProvider
ComDBClaimPort

synceng

CountSourceFolderTwins
AnyTwins
AddObjectTwin
CreateRecList
EndReconciliation
IsPathOnVolume
AddFolderTwin
GetFolderTwinStatus
ClearBriefcaseCache
BeginReconciliation
DeleteTwin
IsFolderTwin
GetFileStamp
CompareFileStamps
SaveBriefcase
FindBriefcaseClose
FindNextBriefcase
DestroyTwinList
GetVolumeDescription
DestroyFolderTwinList
OpenBriefcase
RemoveTwinFromTwinList
CreateTwinList
GetOpenBriefcaseInfo
DestroyRecList
FindFirstBriefcase
ReleaseTwinHandle
RemoveAllTwinsFromTwinList
CloseBriefcase
CreateFolderTwinList
GetObjectTwinHandle
AddTwinToTwinList
AddAllTwinsToTwinList
IsOrphanObjectTwin

msi

MsiEnumProductsExA
MsiRemovePatchesA
MsiConfigureProductExW
MsiGetFileVersionW
MsiEnumComponentQualifiersW
MsiDatabaseApplyTransformW
MsiGetComponentStateW
MsiConfigureProductA
MsiProvideQualifiedComponentW
MsiGetFileSignatureInformationW
MsiGetProductPropertyW
MsiGetProductInfoFromScriptW
MsiReinstallProductA
MsiGetFeatureCostA
MsiGetPropertyA
MsiGetSourcePathW
MsiDoActionW
MsiSummaryInfoGetPropertyA
MsiIsProductElevatedW
MsiEnumPatchesW

wmspdmod

DllCanUnloadNow
DllUnregisterServer
DllGetClassObject
DllRegisterServer
CreateInstance

psapi

EnumProcesses
InitializeProcessForWsWatch
QueryWorkingSet
EnumDeviceDrivers
GetDeviceDriverBaseNameW
GetMappedFileNameW
GetModuleInformation
GetModuleBaseNameA
GetDeviceDriverFileNameA
GetDeviceDriverFileNameW
GetModuleFileNameExW
EmptyWorkingSet
GetDeviceDriverBaseNameA
EnumProcessModules
GetMappedFileNameA
GetModuleBaseNameW
GetWsChanges
GetProcessMemoryInfo
GetModuleFileNameExA

comsvcs

CosGetCallContext
ComSvcsExceptionFilter
DllUnregisterServer
GetObjectContext
CoLoadServices
DllRegisterServer
MTSCreateActivity
MiniDumpW
SafeRef
DllGetClassObject
ComSvcsLogError

raschap

RasEapInvokeInteractiveUI
DllCanUnloadNow
RasEapGetIdentity
RasEapInvokeConfigUI
DllUnregisterServer
DllGetClassObject
RasCpGetInfo
RasCpEnumProtocolIds
RasEapGetInfo
DllRegisterServer
RasEapFreeMemory

olecli32

LeSetData
DibSaveToStream
OleCopyFromLink
MfCopy
LeQueryOutOfDate
LeObjectLong
LeSetBounds
OleCreateFromClip
DibClone
OleCreateLinkFromFile
OleCreateLinkFromClip
OleRenameClientDoc
LeQueryProtocol
OleQueryName
OleQueryReleaseStatus
LeChangeData
ErrQueryProtocol
SetNextNetDrive
MfDraw
BmDraw
OleEqual
OleSetBounds
BmEqual
OleSavedClientDoc
OleReconnect

secur32

AcceptSecurityContext
MakeSignature
ImportSecurityContextA
CompleteAuthToken
SaslAcceptSecurityContext
GetUserNameExA
AcquireCredentialsHandleA
SecpTranslateNameEx
LsaGetLogonSessionData
SaslGetProfilePackageA
ImportSecurityContextW
InitializeSecurityContextW
RevertSecurityContext
SaslInitializeSecurityContextW
TranslateNameA
UnsealMessage

Sections

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 247KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 30KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4f8ee6af7ff3761ef286cd8847c222c5

Headers

DLL Characteristics

File Characteristics

Imports

lz32

ulib

kernel32

dhcpcsvc

ufat

wmi

user32

shlwapi

ntmarta

scecli

opengl32

msports

synceng

msi

wmspdmod

psapi

comsvcs

raschap

olecli32

secur32

Sections

.rsrc Size: 1KB - Virtual size: 1KB

.text Size: 247KB - Virtual size: 246KB

.rdata Size: 12KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 3KB

.data Size: 19KB - Virtual size: 30KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 247KB - Virtual size: 246KB

.rdata
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.data
Size: 19KB - Virtual size: 30KB