6f36d821a7267f205ae35dcf786cd0fb10a4e971a2070b5657ab90416db673a7

Sharing

Copy URL Twitter E-mail

General

Target

6f36d821a7267f205ae35dcf786cd0fb10a4e971a2070b5657ab90416db673a7
Size

128KB
MD5

61f22ecd8e8f8845c48ae616e7e6dc10
SHA1

a878e98fec826b198c7365e1f757d6004a79b1cd
SHA256

6f36d821a7267f205ae35dcf786cd0fb10a4e971a2070b5657ab90416db673a7
SHA512

24f696f8caf8841a8261fab0f747556ae8eaca9ac8e087659a5408ac4db2a3d8de61f11cec9522a7308219bbbf3817f83d6409ef163b42fff1c62b94e059a4de
SSDEEP

3072:EsZ5MwwR2uoUskZ5FqocmPQ4Ug6UJQM3WMUWk2g6ZWB5P:3ZrwR9oJk7FqocmPQrQJf3WMUj6Z

Score

N/A

Malware Config

Signatures

Files

6f36d821a7267f205ae35dcf786cd0fb10a4e971a2070b5657ab90416db673a7
.exe windows x86

7540d8ef23bb556746c4aad00a471fa4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoCreateInstance
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoResumeClassObjects
CoUninitialize

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
LoadRegTypeLi
LoadTypeLi
RegisterTypeLi
SysStringLen

nailog

_naimcomn_SetSystem@4
_naimcomn_InitTracer@0
_naimcomn_SetLogToStdout@4
_naimcomn_StartFileLogging@4
_naimcomn_EndFileLogging@0
naimcomn_LogInfoW

kernel32

GetSystemDirectoryA
LocalFree
RaiseException
LocalAlloc
SetLastError
GetLastError
CloseHandle
GetThreadPriority
SetThreadPriority
HeapDestroy
LoadResource
SizeofResource
LoadLibraryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
InterlockedExchange
CompareStringA
GetCurrentThread
SetEvent
FreeLibrary
LeaveCriticalSection
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetCommandLineW
EnterCriticalSection
lstrlenA
GetCurrentProcess
GetUserDefaultLangID
GetCurrentThreadId
InterlockedDecrement
WaitForSingleObject
CreateThread
SetProcessWorkingSetSize
Sleep

nacmnlib

GetResString
??1CSEException@@QAE@XZ
?cmnlib_ExpandMacro@@YA?AV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@ABV12@00ABHPBG@Z
??0CnaAutoCriticalSection@@QAE@AAVCnaCriticalSection@@@Z
?Enter@CnaAutoCriticalSection@@QAEXXZ
??1CnaAutoCriticalSection@@UAE@XZ
??1CnaCriticalSection@@UAE@XZ
??0CnaCriticalSection@@QAE@XZ
?AddMessageW@CnaLogger@@SAJW4ESUBSYSTEM@@W4naimcomn_LogLevel@@PBGZZ
?cmnlib_MonitorRegistryLogLevel@@YAXXZ
?cmnlib_GetFrameworkDataDir@@YA?AV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@XZ
?naimcomn_IsWinNT@@YAHXZ
?cmnlib_NormalExit@@YAXXZ
?IsWinNT@@YAHXZ
?install@CSEException@@SAXXZ
LoadResourceDLLW
?Leave@CnaAutoCriticalSection@@QAEXXZ

naxml

?CreateAttribute@Element@AdvXMLParser@@QAEAAVAttribute@2@PBG@Z
?GetText@Element@AdvXMLParser@@QAE?AV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@I@Z
?GetElement@Element@AdvXMLParser@@QAEAAV12@PBGI@Z
?GetChild@NodeContainer@AdvXMLParser@@IBEAAVNode@2@PBGIH@Z
?IsNull@Node@AdvXMLParser@@QBE_NXZ
?GenerateXML@Document@AdvXMLParser@@QBE?AV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@XZ
?AddElementInto@Element@AdvXMLParser@@QAEAAV12@PBG@Z
?AddElementInto@Element@AdvXMLParser@@QAEAAV12@ABV12@@Z
?DeleteChildren@NodeContainer@AdvXMLParser@@QAEXXZ
?Delete@Node@AdvXMLParser@@QAEXXZ
??0Element@AdvXMLParser@@QAE@ABV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@@Z
?AddInto@Element@AdvXMLParser@@QAEAAV12@ABV12@@Z
??1Element@AdvXMLParser@@UAE@XZ
??1Document@AdvXMLParser@@UAE@XZ
??0Document@AdvXMLParser@@QAE@PBG@Z
?AddText@NodeContainer@AdvXMLParser@@QAEXABV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@@Z
?CreateElement@Element@AdvXMLParser@@QAEAAV12@PBGI@Z
?GetData@Document@AdvXMLParser@@UBE?AV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@XZ
?GetValue@Document@AdvXMLParser@@UBE?AV?$basic_string@GV?$char_traits@G@std@@V?$__malloc_alloc_template@$0A@@2@@std@@XZ
?IsKindOf@Document@AdvXMLParser@@UBE_NH@Z
?CloneNode@Document@AdvXMLParser@@UBEPAVNode@2@AAVNodeContainer@2@@Z
?GenerateXML@Document@AdvXMLParser@@UBEXAAVGenerateContext@2@@Z
?null@Attribute@AdvXMLParser@@2V12@A
?null@Comment@AdvXMLParser@@2V12@A
?null@Pi@AdvXMLParser@@2V12@A
?null@CData@AdvXMLParser@@2V12@A
??0Parser@AdvXMLParser@@QAE@XZ
?ParseXML@AdvXMLParser@@YAPAVDocument@1@PBGHAAW4PARSER_ERROR@1@AAH2@Z
??1Parser@AdvXMLParser@@UAE@XZ
?null@Element@AdvXMLParser@@2V12@A
?GetAttribute@Element@AdvXMLParser@@QAEAAVAttribute@2@PBG@Z

naisign

naisign_Reserved

msvcrt

__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_wcsnicmp
?terminate@@YAXXZ
memcmp
_CxxThrowException
strncpy
memmove
wcslen
exit
fprintf
strlen
_iob
_wcsicmp
__CxxFrameHandler
_EH_prolog
free
memcpy
malloc
??2@YAPAXI@Z
_snwprintf
realloc
memset
_except_handler3
_purecall
_wtol
_ultow
_i64tow
wcscpy
wcsstr
wcscat
wcscmp
wcsncpy
wcsrchr
strcpy
swprintf
_wtoi64

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7540d8ef23bb556746c4aad00a471fa4

Headers

File Characteristics

Imports

ole32

oleaut32

nailog

kernel32

nacmnlib

naxml

naisign

msvcrt

Sections

.text Size: 76KB - Virtual size: 72KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 12KB - Virtual size: 10KB

.text
Size: 76KB - Virtual size: 72KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 12KB - Virtual size: 10KB