a970190b8bc0adb31fc5e75bf0cf1935a3db6b341bb2401f8615b3113865c7b6

Sharing

Copy URL Twitter E-mail

General

Target

a970190b8bc0adb31fc5e75bf0cf1935a3db6b341bb2401f8615b3113865c7b6
Size

829KB
MD5

04f6a55710e6f189d02bc094af1290f7
SHA1

77f1614ac132e974409ae6001760c125ea829c7a
SHA256

a970190b8bc0adb31fc5e75bf0cf1935a3db6b341bb2401f8615b3113865c7b6
SHA512

83990fc8fa5f551ac2033fe5e398a147e6e1377d78215b136430662689e69fe2ca24d90368e017af3c0cdc4ce9596539b006e6d573022d4d2a4a6985c92f868e
SSDEEP

24576:SwkvQcGqUUFWXM9f+vtCF7IHumZbyyxOMKu:Swk/pFWOf+yNCbFxrl

Score

N/A

Malware Config

Signatures

Files

a970190b8bc0adb31fc5e75bf0cf1935a3db6b341bb2401f8615b3113865c7b6
.exe windows x86

0efc1e0ba632c71f0300a391521a647a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winipsec

SetTransportFilter
AddMMPolicy
SetMMAuthMethods
CloseTunnelFilterHandle
EnumMMFilters
MatchTransportFilter
EnumTunnelFilters
EnumQMSAs
GetMMAuthMethods
DeleteTransportFilter
GetMMPolicy
SPDApiBufferAllocate
OpenTransportFilterHandle
EnumIPSecInterfaces
QueryIPSecStatistics
EnumQMPolicies
GetMMFilter
MatchTunnelFilter
AddMMFilter
OpenTunnelFilterHandle
AddTransportFilter
GetTunnelFilter
CloseTransportFilterHandle
EnumMMAuthMethods
SetTunnelFilter
SetQMPolicy
MatchMMFilter

crypt32

CryptMsgDuplicate
CertAddSerializedElementToStore
CryptImportPublicKeyInfoEx
CryptRegisterOIDFunction
CryptGetMessageCertificates
CryptInstallOIDFunctionAddress
CertFreeCertificateChain
CryptVerifyCertificateSignature
I_CryptFlushLruCache
I_CertProtectFunction
CertFindSubjectInSortedCTL
I_CryptRegisterSmartCardStore
CryptGetKeyIdentifierProperty
CertGetCTLContextProperty
CryptMsgControl
CryptSIPRetrieveSubjectGuid
CryptGetMessageSignerCount

kernel32

GetNamedPipeHandleStateA
AreFileApisANSI
GetLocaleInfoA
FindFirstVolumeMountPointW
GetProcessAffinityMask
PeekConsoleInputW
lstrcpyA
WTSGetActiveConsoleSessionId
GetCurrentThread
IsProcessInJob
LoadLibraryW
LZCreateFileW
GetModuleHandleW

msvcirt

??4stdiobuf@@QAEAAV0@ABV0@@Z
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
??4strstream@@QAEAAV0@AAV0@@Z
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
?egptr@streambuf@@IBEPADXZ
?sync@streambuf@@UAEHXZ
??4streambuf@@QAEAAV0@ABV0@@Z
?getdouble@istream@@AAEHPADH@Z
??4istream_withassign@@QAEAAV0@ABV0@@Z
?open@ifstream@@QAEXPBDHH@Z
??6ostream@@QAEAAV0@N@Z
??0strstream@@QAE@ABV0@@Z
??_Estdiobuf@@UAEPAXI@Z
??_8ostream_withassign@@7B@
??_Elogic_error@@UAEPAXI@Z
??_7fstream@@6B@
??_7filebuf@@6B@
??_7strstream@@6B@
??0iostream@@IAE@XZ
?init@ios@@IAEXPAVstreambuf@@@Z
??0ofstream@@QAE@HPADH@Z
?get@istream@@QAEAAV1@PACHD@Z
??_7stdiostream@@6B@
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z

odbccp32

SQLConfigDataSource
SQLPostInstallerError
SQLPostInstallerErrorW
SQLWriteFileDSN
SQLInstallDriverEx
SQLGetConfigMode
SQLInstallDriverManagerW
SQLReadFileDSNW
SQLRemoveDriverManager
SQLRemoveDefaultDataSource
SQLGetAvailableDriversW
SQLCreateDataSourceExW
SQLWriteDSNToIni
SQLConfigDriver
SQLSetConfigMode
SQLGetInstalledDriversW
SQLInstallerErrorW

cmutil

?SetEntryFromIdx@CIniA@@QAEXK@Z
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
CmAtolA
SzToWz
?SetFile@CIniA@@QAEXPBD@Z
?SetEntry@CIniW@@QAEXPBG@Z
?SetRegPath@CIniW@@QAEXPBG@Z
?SetPrimaryFile@CIniW@@QAEXPBG@Z
??1CIniW@@QAE@XZ
CmFmtMsgA
?GetLogFilePath@CmLogFile@@QAEPBGXZ
?SetParams@CmLogFile@@QAEJHKPBG@Z
?WPPB@CIniW@@QAEXPBG0H@Z
?SetWriteICSData@CIniW@@QAEXH@Z
GetOSMajorVersion
CmStrtokW
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
?SetFile@CIniW@@QAEXPBG@Z
?SetReadICSData@CIniW@@QAEXH@Z
MakeBold
?GetPrimaryRegPath@CIniA@@QBEPBDXZ
?GPPB@CIniW@@QBEHPBG0H@Z
?SetSection@CIniA@@QAEXPBD@Z
?GetRegPath@CIniW@@QBEPBGXZ
CmStrStrA

oleaut32

VarR4FromCy
SafeArrayGetIID
VarUI8FromBool
VarI2FromUI4
VarCyFix
VarBstrFromDisp
VarDecFromUI8
VarI1FromI8

Sections

.text
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0efc1e0ba632c71f0300a391521a647a

Headers

DLL Characteristics

File Characteristics

Imports

winipsec

crypt32

kernel32

msvcirt

odbccp32

cmutil

oleaut32

Sections

.text Size: 382KB - Virtual size: 382KB

.rdata Size: 83KB - Virtual size: 83KB

.data Size: 181KB - Virtual size: 1.6MB

.rsrc Size: 180KB - Virtual size: 179KB

.reloc Size: 1024B - Virtual size: 888B

.text
Size: 382KB - Virtual size: 382KB

.rdata
Size: 83KB - Virtual size: 83KB

.data
Size: 181KB - Virtual size: 1.6MB

.rsrc
Size: 180KB - Virtual size: 179KB

.reloc
Size: 1024B - Virtual size: 888B