de0facc9f1acdd2dde8608ae1e1bff76c177846eed401155127f4d10c79d776d

Sharing

Copy URL

Twitter E-mail

General

Target

de0facc9f1acdd2dde8608ae1e1bff76c177846eed401155127f4d10c79d776d
Size

867KB
MD5

968749d3499b190d551f0b341bcfa087
SHA1

3e7356b3a326f91292a1e4a66085437e5f40886d
SHA256

de0facc9f1acdd2dde8608ae1e1bff76c177846eed401155127f4d10c79d776d
SHA512

57bc6c0ca092d07124d8c9802cb0f1fba485bce32eb71592cad57616a0893cc621336d1465fceaf60893dbc1353aecb1bd22f31ea6a463bde987d2634dee2c32
SSDEEP

24576:N/EXsIwv9qvSpeGJTKUHRNBUleu1nXI5kxP6KN8mG:bv9gSpDeU7SlF45kNlN8m

Score

N/A

Malware Config

Signatures

Files

de0facc9f1acdd2dde8608ae1e1bff76c177846eed401155127f4d10c79d776d
.exe windows x86

fc17c619b454e5b77e5c57cbb3ea19df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cmutil

??0CmLogFile@@QAE@XZ
CmBuildFullPathFromRelativeA
WzToSzWithAlloc
CmFmtMsgA
CmStrCatAllocW
CmMalloc
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
?SetRegPath@CIniA@@QAEXPBD@Z
CmStrCpyAllocW
?SetEntryFromIdx@CIniW@@QAEXK@Z
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
CmStrTrimW
??_FCIniA@@QAEXXZ
?GPPB@CIniW@@QBEHPBG0H@Z
?Write@CmLogFile@@AAEJPAG@Z
GetOSVersion
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
?SetReadICSData@CIniA@@QAEXH@Z
?SetWriteICSData@CIniA@@QAEXH@Z
?SetEntry@CIniW@@QAEXPBG@Z
CmLoadSmallIconW
??0CIniA@@QAE@PAUHINSTANCE__@@PBD111@Z
?OpenFile@CmLogFile@@AAEJXZ
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
?GPPI@CIniA@@QBEKPBD0K@Z

user32

wvsprintfA
IsDialogMessageW
GetClipboardViewer
GetCursorPos
ExitWindowsEx
TrackPopupMenuEx
EnumPropsExW
GetGuiResources
DdeAddData
ShowCaret
BlockInput
GetInputState
KillTimer
DrawIconEx
CreateAcceleratorTableA
DdeReconnect
ToUnicode
TranslateAcceleratorA
DrawCaptionTempA
CreateMDIWindowA
ToAscii
GetLastInputInfo
BuildReasonArray
GetShellWindow
TranslateAcceleratorW
GetWindowPlacement
UnregisterClassW
ShowScrollBar
SetPropA
DisplayExitWindowsWarnings
GetSysColorBrush
SetRectEmpty
UnregisterDeviceNotification
DdeQueryStringW
RegisterClassExA
MapDialogRect
CreateIcon
GetClipboardSequenceNumber
DeregisterShellHookWindow

ntdll

RtlAreAnyAccessesGranted
RtlRemoveVectoredExceptionHandler
NtCreateKey
ZwCreateSection
ZwNotifyChangeKey
RtlIpv4StringToAddressW
_chkstk
RtlQuerySecurityObject
NtQueryIoCompletion
NtFlushWriteBuffer
RtlLeaveCriticalSection
RtlDestroyHeap
ZwQueryInformationPort
RtlUnlockHeap
NtCreateThread
RtlQueryProcessLockInformation
RtlFormatMessage
RtlGetOwnerSecurityDescriptor
RtlDestroyQueryDebugBuffer
_CIcos
RtlApplicationVerifierStop
NtCancelIoFile
ZwUnlockFile
LdrShutdownThread
RtlTraceDatabaseCreate
ZwQueryAttributesFile
sin
NtAccessCheck
_ltoa
LdrFindResourceEx_U
RtlInterlockedPopEntrySList
ZwSetHighEventPair
NtSetInformationThread
ZwStartProfile
NtSetTimerResolution
RtlUnicodeStringToCountedOemString
ZwGetPlugPlayEvent
_wcsicmp
NtRemoveIoCompletion
NtMapUserPhysicalPages
RtlInitializeResource

apphelp

ApphelpCheckMsiPackage
SdbGetTagDataSize
SdbReadWORDTagRef
ApphelpCheckRunApp
SdbReleaseDatabase
SdbFindNextTagRef
SdbGetFirstChild
SdbOpenApphelpInformation
SdbResolveDatabase
SdbQueryApphelpInformation
ApphelpFixMsiPackageExe
ApphelpShowDialog
SdbTagRefToTagID
SdbReadEntryInformation
SdbFindFirstMsiPackage_Str
SdbGetNextChild
SetPermLayers
SdbGetStringTagPtr
ApphelpCheckIME
SdbRegisterDatabase
SdbReadBinaryTag
SdbGetBinaryTagData
SdbReadStringTagRef
SdbGetMsiPackageInformation
SdbGrabMatchingInfoEx
SdbSetPermLayerKeys
SdbFindFirstTagRef
ApphelpCheckExe
SdbCreateMsiTransformFile
SdbGetTagFromTagID
ApphelpFixMsiPackage
SdbQueryData
ApphelpCheckInstallShieldPackage
SdbFindFirstMsiPackage
SdbReadStringTag
SdbReadMsiTransformInfo
SdbFindFirstTag
ApphelpFreeFileAttributes
SdbOpenApphelpDetailsDatabase
SdbEnumMsiTransforms
SdbUnregisterDatabase
SdbGetPermLayerKeys
ApphelpGetNTVDMInfo
AllowPermLayer
SdbFindNextMsiPackage

clusapi

RegisterClusterNotify
GetNodeClusterState
OpenClusterGroup
OpenClusterNode
ClusterResourceTypeControl
CloseClusterNotifyPort
GetClusterNetworkKey
GetClusterGroupState
ClusterGetEnumCount
ClusterGroupOpenEnum
PauseClusterNode
CloseCluster
ClusterNodeOpenEnum
ClusterResourceControl
CloseClusterResource
SetClusterResourceName
ClusterRegDeleteKey
ClusterNodeEnum
OnlineClusterResource
GetClusterFromNode
ClusterCloseEnum
ClusterNodeCloseEnum
OpenCluster
GetClusterNodeId
CreateClusterResource
ClusterGroupCloseEnum
ClusterResourceTypeCloseEnum
GetClusterQuorumResource
RemoveClusterResourceDependency
ClusterGroupControl
CloseClusterNetInterface
GetClusterNodeKey
ClusterRegSetKeySecurity
ClusterRegQueryInfoKey
ChangeClusterResourceGroup
RestoreClusterDatabase
CloseClusterGroup
ClusterResourceOpenEnum
ClusterResourceTypeOpenEnum
AddClusterResourceNode
GetClusterNetInterfaceState
ClusterResourceEnum
GetClusterNodeState

kernel32

CompareStringA
FillConsoleOutputCharacterW
GetTickCount
GlobalCompact
IsSystemResumeAutomatic
SizeofResource
CreateFileMappingW
GetShortPathNameW
CreateMutexW
IsBadStringPtrW
AddConsoleAliasA
GetBinaryType
CreateRemoteThread
GetNumberOfConsoleMouseButtons
GetConsoleScreenBufferInfo
Module32FirstW
SetSystemTime
LoadLibraryA
HeapValidate
GetLogicalDriveStringsW
GetStringTypeW
ExitVDM
SetConsoleInputExeNameW
BackupRead
AttachConsole
SetProcessWorkingSetSize
LZCloseFile
GetStartupInfoW
LocalFlags
EnumSystemCodePagesW
GetPrivateProfileIntA
GetModuleHandleA
WritePrivateProfileStructA
GetComputerNameA
DefineDosDeviceA
GetConsoleAliasesA
WriteFileEx
EscapeCommFunction
WaitForSingleObjectEx
GetSystemTimeAsFileTime
GetModuleHandleW
CreateFileMappingA
GetConsoleAliasesLengthW
VirtualAlloc
SwitchToFiber
LZSeek

query

??0CColumns@@QAE@ABV0@@Z
?Find@CStaticPropertyList@@UAEPBVCPropEntry@@PBG@Z
?AcqWord@CQueryScanner@@QAEPAGXZ
??1CPhraseRestriction@@QAE@XZ
?AppendListElement@CDbListAnchor@@IAEHGABUtagDBID@@@Z
??1?$XPtr@VCDbColumnNode@@@@QAE@XZ
??0CWorkQueue@@QAE@IW4WorkQueueType@0@@Z
?GetDWORDParam@CCatalogAdmin@@QAEHPBGAAK@Z
?VerifyConsistency@PRcovStorageObj@@QAEXXZ
?GetVPathAuthorization@CMetaDataMgr@@QAEKPBG@Z
??1CNatLanguageRestriction@@QAE@XZ
??3CDbContent@@SGXPAX@Z
??1CSdidLookupTable@@QAE@XZ
?WriteProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
??0CImpersonateRemoteAccess@@QAE@PAVCImpersonationTokenCache@@@Z
??0CTimeLimit@@QAE@KK@Z
?SetValue@CPropertyRestriction@@QAEXAAUtagBLOB@@@Z
?ciDelete@@YGXPAX@Z
?Accept@CQueryScanner@@QAEXXZ
?ReportEventW@CFwEventItem@@QAEXAAUICiCAdviseStatus@@@Z
?GetColumn@CCatState@@QBEPBGI@Z
?CoTaskAllocator@@3VCCoTaskAllocator@@A
??0CDbColId@@QAE@XZ
?MakePath@CFullPath@@QAEXPBG@Z
?_ftFile@CGlobalPropFileRefresher@@0U_FILETIME@@A
?VT_VARIANT_LE@@YGHABUtagPROPVARIANT@@0@Z
?GetOleDBErrorInfo@@YGJPAUIUnknown@@ABU_GUID@@KIPAUtagERRORINFO@@PAPAUIErrorInfo@@@Z
?HTMLEscapeW@@YGXPBGAAVCVirtualString@@K@Z

Sections

.text
Size: 549KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 306KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc17c619b454e5b77e5c57cbb3ea19df

Headers

DLL Characteristics

File Characteristics

Imports

cmutil

user32

ntdll

apphelp

clusapi

kernel32

query

Sections

.text Size: 549KB - Virtual size: 549KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 306KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 549KB - Virtual size: 549KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 306KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB