45f2937776f9da55d4d0b8d1dac5584ac7acf7adc2930ee89708e77f1f2d03cf

Sharing

Copy URL Twitter E-mail

General

Target

45f2937776f9da55d4d0b8d1dac5584ac7acf7adc2930ee89708e77f1f2d03cf
Size

243KB
MD5

84613151db1c188420071c2d1a8adb00
SHA1

f1af74712a649cbaeaed5e846860a544860191d8
SHA256

45f2937776f9da55d4d0b8d1dac5584ac7acf7adc2930ee89708e77f1f2d03cf
SHA512

d9d8e81c20999da0ad6d265379f63630c5657f7abe3a2a0276ab2f04738cf38d96fbf300ee7625157fae7261a32707295779c6002aa2b7c4f98cc5cde9211324
SSDEEP

6144:BPVXZujZlthKXf1ZmTEjDBYPqxfG7kAWJIN:zWltcXf1Z7dfmkAb

Score

N/A

Malware Config

Signatures

Files

45f2937776f9da55d4d0b8d1dac5584ac7acf7adc2930ee89708e77f1f2d03cf
.exe windows x86

b1955804f2fb7e5a614af0c668157248

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
lstrcatA
GetUserDefaultLCID
FindResourceExW
CopyLZFile
ReadConsoleInputExW
GetCalendarInfoA
GetFirmwareEnvironmentVariableW
DebugSetProcessKillOnExit
AddConsoleAliasW
MoveFileExA
ReadConsoleOutputW
ReadConsoleInputExA
VirtualFree
FindNextVolumeMountPointW
LoadLibraryW
EnumResourceLanguagesA
FatalAppExitA
GetSystemTimeAsFileTime
InvalidateConsoleDIBits

rasman

RasPortCancelReceive
RasPortGetProtocolCompression
RasSetConnectionUserData
RasPortEnum
RasAddConnectionPort
IsRasmanProcess
RasBundleGetPort
RasPortSetFramingEx
RasIsTrustedCustomDll
RasCompressionSetInfo
RasSetDialParams
RasGetInfoEx
RasRpcGetInstalledProtocolsEx
RasBundleClearStatisticsEx
RasBundleGetStatisticsEx
RasGetHConnFromEntry
RasRegisterPnPEvent
RasRpcGetUserPreferences
RasPortGetBundledPort
RasGetCalledIdInfo
RasRegisterRedialCallback
RasGetInfo
RasRpcRemoteRasDeleteEntry
RasRefConnection
RasSecurityDialogSend

ieakeng

GetAdmWindowHandle
CheckForDupKeys
DoReboot
GetFavoritesMaxNumber
ShowInetcpl
SaveADMItem
GetFavoritesNumber
ModifyRatings
ModifyZones
BToolbar_Edit
BuildPalette
DestroyADMWindow
ShowADMWindow
DisplayADMItem
IsFavoriteItem
CreateADMWindow
ErrorMessageBox
MoveUpFavorite
NewFolder
SelectADMItem
CheckField
ProcessFavSelChange
MoveADMWindow
MoveDownFavorite
CanDeleteADM

winipsec

AddMMAuthMethods
AddTransportFilter
DeleteMMPolicy
AddMMPolicy
CloseTransportFilterHandle
OpenTunnelFilterHandle
EnumMMAuthMethods
SetMMFilter
DeleteMMFilter
SetMMAuthMethods
MatchTunnelFilter
SetTunnelFilter
SPDApiBufferAllocate
DeleteQMPolicy
AddMMFilter
GetMMFilter
GetQMPolicyByID
DeleteMMAuthMethods
EnumMMFilters
EnumMMPolicies
GetMMAuthMethods
AddQMPolicy
OpenTransportFilterHandle
OpenMMFilterHandle
CloseMMFilterHandle

msdart

?MpHeapCompact@@YAKPAX@Z
??1CFakeLock@@QAE@XZ
?IsReadUnlocked@CReaderWriterLock2@@QBE_NXZ
?_DeleteIf@CLKRLinearHashTable@@AAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1AAW42@@Z
?SetDefaultSpinAdjustmentFactor@CCritSec@@SGXN@Z
?ReadOrWriteLock@CCritSec@@QAE_NXZ
?_CmpExch@CReaderWriterLock3@@AAE_NJJ@Z
?_RemoveThisFromGlobalList@CLKRLinearHashTable@@AAEXXZ
?TryWriteLock@CSpinLock@@QAE_NXZ
?_H0@CLKRLinearHashTable@@ABEKK@Z
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A
?Unlock@CLockedSingleList@@QAEXXZ
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA
?SetSpinCount@CSmallSpinLock@@QAE_NG@Z
?SetTableLockSpinCount@CLKRHashTable@@QAEXG@Z
?TryReadLock@CSpinLock@@QAE_NXZ

hid

HidD_GetAttributes
HidP_GetUsageValueArray
HidD_GetConfiguration
HidP_GetScaledUsageValue
HidD_GetHidGuid
HidP_GetValueCaps
HidD_SetConfiguration
HidD_GetNumInputBuffers
HidD_GetProductString
HidD_GetPreparsedData
HidP_GetSpecificButtonCaps
HidP_GetUsages
HidD_GetIndexedString
HidP_SetUsageValueArray
HidP_GetCaps
HidD_FreePreparsedData
HidP_GetSpecificValueCaps
HidD_Hello
HidP_GetUsagesEx
HidD_SetOutputReport
HidD_GetMsGenreDescriptor
HidD_GetSerialNumberString
HidD_FlushQueue
HidP_TranslateUsagesToI8042ScanCodes
HidP_UsageListDifference

crtdll

_scalb
_mkdir
_mbsset
system
_mbctokata
strlen
_heapwalk
??2@YAPAXI@Z
_CIatan
wcsxfrm
_local_unwind2
wcstol
_mbslen
tan

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b1955804f2fb7e5a614af0c668157248

Headers

File Characteristics

Imports

kernel32

rasman

ieakeng

winipsec

msdart

hid

crtdll

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 138KB - Virtual size: 137KB

.data Size: 46KB - Virtual size: 45KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 138KB - Virtual size: 137KB

.data
Size: 46KB - Virtual size: 45KB

.rsrc
Size: 4KB - Virtual size: 3KB