75d698861790b0934fb70f8c16d5c4f80d1f85892f6181a1837c2a9dea364840

Sharing

Copy URL Twitter E-mail

General

Target

75d698861790b0934fb70f8c16d5c4f80d1f85892f6181a1837c2a9dea364840
Size

239KB
MD5

a377894c121384dabcdecdd751bd97f0
SHA1

42358cb4482a6f92bffb407e7306b5aca5e98f10
SHA256

75d698861790b0934fb70f8c16d5c4f80d1f85892f6181a1837c2a9dea364840
SHA512

906d86d4f86da27362655f6e83af8a07be52d67735bfca94b11264f1105044adc92474423cc868011019a9e5b20ba70283eacbef348fec2b8d4fc2aa0802ed11
SSDEEP

6144:lAZXgxFlFqyWNEz0P/G4+iAyhChc2kjeT:lARg5YyWNNnxXRhsYja

Score

N/A

Malware Config

Signatures

Files

75d698861790b0934fb70f8c16d5c4f80d1f85892f6181a1837c2a9dea364840
.exe windows x86

ad7435e127dc2b6bc8a0bdf9a9408662

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetGroupAdd
NetReplGetInfo
RxNetAccessGetUserPerms
I_NetServerAuthenticate
I_NetServerAuthenticate3
DsValidateSubnetNameW
NlBindingAddServerToCache
NetDfsSetClientInfo
NetReplExportDirAdd
NetpIsRemote
NetpwNameCompare
DsGetDcSiteCoverageW
DsGetDcNameA
NetpNetBiosReset

wininet

GetUrlCacheEntryInfoExA
RegisterUrlCacheNotification
CommitUrlCacheEntryW
InternetTimeFromSystemTimeW
GetUrlCacheGroupAttributeW
ParseX509EncodedCertificateForListBoxEntry
FindNextUrlCacheEntryExW
GopherOpenFileW
GetUrlCacheConfigInfoA
FindNextUrlCacheEntryW
InternetQueryOptionW
InternetEnumPerSiteCookieDecisionW
GetUrlCacheEntryInfoA
InternetAlgIdToStringW
RetrieveUrlCacheEntryStreamW
FtpSetCurrentDirectoryW
InternetGetPerSiteCookieDecisionW
InternetUnlockRequestFile

mpr

WNetGetNetworkInformationA
WNetFormatNetworkNameA
WNetCloseEnum
WNetCancelConnectionW
WNetOpenEnumA
WNetSupportGlobalEnum
WNetGetUserA
WNetGetConnection2W
WNetSetConnectionW
WNetGetUniversalNameA
WNetGetProviderNameA
WNetConnectionDialog1W
WNetDisconnectDialog
WNetGetResourceInformationA
WNetGetConnection2A
WNetGetResourceParentA
WNetGetHomeDirectoryW
WNetAddConnectionW

kernel32

GetModuleHandleW
GetPrivateProfileSectionA
GetWindowsDirectoryW
GlobalUnWire
LoadLibraryW
_lopen
GetPrivateProfileIntW
FindNextVolumeW
TerminateThread
LoadResource
GetComPlusPackageInstallStatus
MultiByteToWideChar
InterlockedFlushSList
GetStartupInfoW
WriteFileGather
GetProfileSectionA
VirtualAllocEx
GlobalAlloc
SetStdHandle
UpdateResourceA
Heap32ListNext

mapistub

HrValidateParameters@8
DllCanUnloadNow
cmc_act_on
HrDispatchNotifications@4
ScMAPIXFromCMC
RTFSync
FtgRegisterIdleRoutine@20
MNLS_WideCharToMultiByte@32
MapStorageSCode@4
MAPIAllocateBuffer@8
EnableIdleRoutine@8
HrComposeMsgID@24
ScInitMapiUtil@4
SzFindLastCh@8
__ValidateParameters@8
HrAddColumnsEx@20
BMAPISendMail
UlPropSize@4
BMAPIReadMail
cmc_logon
FPropContainsProp@12
FtAdcFt@20
OpenStreamOnFile@24
MAPIDeleteMail
MAPILogon
UFromSz@4
MAPIAdminProfiles
PropCopyMore@16

oleaut32

SafeArrayGetElement
VarCyMul
VarI4FromI2
VarBoolFromUI1
VarR4CmpR8
LoadTypeLibEx
VarDecFromR8
VarI1FromCy
VarCyRound
VarI4FromI1
VarBstrFromUI8
VarI2FromUI8
VarUI8FromUI2
VarI2FromUI1
VarR8FromUI2
DllCanUnloadNow
VarR4FromI2
VarDecDiv
VariantCopy
VarUI4FromI4
VarUI2FromDisp
VarUI1FromR8
VarUI8FromDec

mapi32

MAPIOpenFormMgr@8
WrapCompressedRTFStream@12
UNKOBJ_COFree@8
HrSetOmiProvidersFlagsInvalid
GetTnefStreamCodepage@12
GetAttribIMsgOnIStg@12
DllCanUnloadNow
FtDivFtBogus@20
cmc_send_documents

msdart

?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?ReadLock@CSpinLock@@QAEXXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
??1CDoubleList@@QAE@XZ
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
?_TryLock@CSpinLock@@AAE_NXZ
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?SetDefaultSpinAdjustmentFactor@CCritSec@@SGXN@Z
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?SetSpinCount@CFakeLock@@QAE_NG@Z
?_IsLocked@CSpinLock@@ABE_NXZ
FXMemDetach
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?sm_wDefaultSpinCount@CCritSec@@1GA
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad7435e127dc2b6bc8a0bdf9a9408662

Headers

File Characteristics

Imports

netapi32

wininet

mpr

kernel32

mapistub

oleaut32

mapi32

msdart

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 70KB - Virtual size: 69KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 70KB - Virtual size: 69KB

.rsrc
Size: 1KB - Virtual size: 1KB