aac89bd6b17bb71ceab9c1e3fa39bb3970eb8786307f4fd85ff9a20c1d9d07b2

Sharing

Copy URL Twitter E-mail

General

Target

aac89bd6b17bb71ceab9c1e3fa39bb3970eb8786307f4fd85ff9a20c1d9d07b2
Size

819KB
MD5

0b79b5b3b6e821ff7a2a6d271d15162b
SHA1

2b7dd73a04dd18fb4ef621deec929f2ce77ef746
SHA256

aac89bd6b17bb71ceab9c1e3fa39bb3970eb8786307f4fd85ff9a20c1d9d07b2
SHA512

868f2615c2bc1ab2ae517496aadc45127aef340dd9fa51b090f980506ea682e51c8886e0789f1915909b4ace949e25d1e573a5c9780bee28a2bb564e5a8337c7
SSDEEP

24576:4vAmy0cwPoHdGcjHE1YN9CVHC7BtsIISZf:sAPMs8c3CFYAfSh

Score

N/A

Malware Config

Signatures

Files

aac89bd6b17bb71ceab9c1e3fa39bb3970eb8786307f4fd85ff9a20c1d9d07b2
.exe windows x86

9a968538ab90423367424a20836024d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHRegEnumUSValueW
SHReleaseThreadRef
StrCmpNIA
SHRegDeleteEmptyUSKeyA
SHDeleteOrphanKeyW
StrRChrA
wnsprintfW
SHRegQueryUSValueA
SHCreateStreamOnFileA
PathIsDirectoryEmptyA
PathRemoveBackslashW
StrCmpLogicalW
StrTrimW
StrRChrW
PathIsRootW
StrCpyNW
StrIsIntlEqualW
StrCatW
SHRegDeleteUSValueA
PathCombineW
SHDeleteKeyA
StrFormatByteSizeA
SHCreateStreamOnFileEx
ColorRGBToHLS
PathIsUNCA
UrlGetLocationW
StrCSpnW
UrlCanonicalizeA
StrFromTimeIntervalA
PathAppendA
UrlHashW
PathSearchAndQualifyA
SHOpenRegStream2W
PathStripPathW
StrPBrkW

kernel32

GlobalAlloc
SetLastError
GetACP
SetThreadPriority
GetCurrencyFormatA
DeleteTimerQueueEx
WriteProfileStringA
ProcessIdToSessionId
GetOEMCP
GetProcessAffinityMask
GetWriteWatch
VerSetConditionMask
SwitchToThread
GetTempPathA
SetThreadLocale
LockResource
CreateWaitableTimerA
ZombifyActCtx
SearchPathW
GetStartupInfoA
EnumResourceLanguagesA
VirtualAlloc
GetComputerNameA
Heap32Next
DosPathToSessionPathW
EnumCalendarInfoA
ReadConsoleOutputW
GetModuleHandleW
DebugBreakProcess
LZOpenFileW
LoadLibraryA
SetFileAttributesA
FindVolumeClose

crtdll

__iscsymf
calloc
tanh
_ismbclower
_ultow
_ctype
ceil
_snwprintf
_initterm
clearerr
wcstod
_cpumode_dll
_mbsnset
_fstat
_sopen
_CIcosh
_setmode
_ismbchira
strftime
_tzset
tan
_copysign
wcsncat
_osmode_dll
_strcmpi
div
_findnext
_strncnt
_ismbbprint
_mbsninc
_wcsicoll
isxdigit
vwprintf
_CItan
__threadhandle

ifsutil

??1CANNED_SECURITY@@UAE@XZ
??0INTSTACK@@QAE@XZ
??1TLINK@@UAE@XZ
?EnableFileSystem@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Initialize@INTSTACK@@QAEEXZ
?QuerySectorSize@DP_DRIVE@@UBEKXZ
?RestoreThreadExecutionState@@YGXJK@Z
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?QueryDriveHandle@DP_DRIVE@@QBEPAXXZ
?GetDrive@SUPERAREA@@QAEPAVIO_DP_DRIVE@@XZ
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??0MOUNT_POINT_MAP@@QAE@XZ
?GetNext@TLINK@@QAEPAXPAX@Z
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
?GetCannedSecurity@IFS_SYSTEM@@SGPAVCANNED_SECURITY@@XZ
?Initialize@CANNED_SECURITY@@QAEEXZ
?CheckAndAdd@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?NtDriveNameToDosDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?QueryPageSize@IFS_SYSTEM@@SGKXZ
?AddEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
??0READ_CACHE@@QAE@XZ
?AddDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
??0VOL_LIODPDRV@@IAE@XZ
??1SECRUN@@UAE@XZ
?IsFrontEndPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?Remove@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z

inetcomm

MimeOleFindCharset
HrAttachDataFromBodyPart
MimeOleGetRelatedSection
CreateRangeList
EssContentHintEncodeEx
MimeOleGetCharsetInfo
CreateNNTPTransport
MimeOleParseMhtmlUrl
MimeOleSetPropA
MimeOleSetDefaultCharset
MimeOleGetCertsFromThumbprints
MimeOleSMimeCapGetHashAlg
MimeOleParseRfc822AddressW
MimeOleGetInternat
MimeOleAlgNameFromSMimeCap
MimeOleClearDirtyTree
MimeGetAddressFormatW
CreateSMTPTransport
EssSignCertificateDecodeEx
EssReceiptDecodeEx
MimeOleGetPropertySchema
MimeOleGetBodyPropW
EssReceiptRequestEncodeEx
MimeOleCreatePropertySet
HrGetLastOpenFileDirectory
MimeOleGetCodePageInfo
MimeOleParseRfc822Address
EssReceiptEncodeEx
MimeOleFileTimeToInetDate

msvcirt

??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?setmode@ifstream@@QAEHH@Z
?close@ifstream@@QAEXXZ
?eback@streambuf@@IBEPADXZ
?width@ios@@QBEHXZ
?write@ostream@@QAEAAV1@PBCH@Z
??5istream@@QAEAAV0@PAC@Z
??0strstreambuf@@QAE@ABV0@@Z
?attach@filebuf@@QAEPAV1@H@Z
?adjustfield@ios@@2JB
?cerr@@3Vostream_withassign@@A
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
?get@istream@@QAEHXZ
?get@istream@@IAEAAV1@PADHH@Z
?base@streambuf@@IBEPADXZ
??0istream@@QAE@PAVstreambuf@@@Z
?gbump@streambuf@@IAEXH@Z
??_7strstreambuf@@6B@
??0ifstream@@QAE@PBDHH@Z
??0fstream@@QAE@PBDHH@Z
?open@ofstream@@QAEXPBDHH@Z
?setmode@ofstream@@QAEHH@Z
?pcount@strstream@@QBEHXZ
??1istream@@UAE@XZ
?bad@ios@@QBEHXZ
?pbackfail@streambuf@@UAEHH@Z
??Bios@@QBEPAXXZ
?overflow@filebuf@@UAEHH@Z
?pptr@streambuf@@IBEPADXZ
??0ofstream@@QAE@PBDHH@Z

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a968538ab90423367424a20836024d8

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

crtdll

ifsutil

inetcomm

msvcirt

Sections

.text Size: 369KB - Virtual size: 368KB

.rdata Size: 137KB - Virtual size: 137KB

.data Size: 185KB - Virtual size: 1.5MB

.rsrc Size: 125KB - Virtual size: 125KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 369KB - Virtual size: 368KB

.rdata
Size: 137KB - Virtual size: 137KB

.data
Size: 185KB - Virtual size: 1.5MB

.rsrc
Size: 125KB - Virtual size: 125KB

.reloc
Size: 1KB - Virtual size: 1KB