e48791cf353aa06515a1160db278a1b6fc10384831933e253047b82ab7c3e828

Sharing

Copy URL Twitter E-mail

General

Target

e48791cf353aa06515a1160db278a1b6fc10384831933e253047b82ab7c3e828
Size

40KB
MD5

48b04e0d52c5dc45f9e2494160991c16
SHA1

890c48b14fe9629c6d719e62fb9a3cf3e9a7f962
SHA256

e48791cf353aa06515a1160db278a1b6fc10384831933e253047b82ab7c3e828
SHA512

760f51daae319a418306ca89f0645c5b06b0bed933ed0a5ac88afee9230ae735d906e01b586e4157dc6dc2f4e46b59abbc4267a59a8e68baf478e2f5bb8bfeea
SSDEEP

768:zehr062BahbIxpBjrgvj6sru/ihn7DVRwjXQTEuX7s4YqOUegqudP:zK2Mh0Jgb6vKhnVqEFrs4lOurdP

Score

N/A

Malware Config

Signatures

Files

e48791cf353aa06515a1160db278a1b6fc10384831933e253047b82ab7c3e828
.exe windows x86

b5d041a3ff03031f033e801ba6f32f0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rtm

RtmHoldDestination
RtmCreateRouteListEnum
RtmGetChangedDests
RtmBlockSetRouteEnable
RtmIsBestRoute
RtmGetListEnumRoutes
RtmGetNextHopPointer
RtmWriteInstanceConfig
RtmDeregisterClient
MgmGetNextMfe
RtmReleaseEntities
RtmDeleteRouteTable
MgmGetFirstMfe
RtmGetEntityInfo
RtmGetLessSpecificDestination
RtmReleaseNextHops
RtmDeleteNextHop
MgmRegisterMProtocol
RtmGetDestInfo
RtmReadInstanceConfig
RtmReleaseRoutes
RtmAddRouteToDest
RtmAddRoute
RtmGetRouteAge
RtmIgnoreChangedDests
MgmTakeInterfaceOwnership
RtmGetInstances
RtmReleaseChangedDests
RtmDeleteRouteToDest
RtmGetEnumRoutes
RtmEnumerateGetNextRoute
RtmLockRoute
MgmGetMfeStats
RtmDeleteRoute
MgmGroupEnumerationStart

olecli32

ErrObjectConvert
BmRelease
OleReconnect
DibChangeData
LeEnumFormat
LeCreateInvisible
MfClone
OleCreateLinkFromClip
ErrUpdate
LeSetTargetDevice
OleRename
ErrReconnect
PbQueryBounds
OleSaveToStream
DibGetData
OleDraw
LeQueryOutOfDate
MfDraw
OleQueryReleaseError
DibQueryBounds
OleQueryCreateFromClip
ErrShow
PbCreateFromClip
MfRelease
MfCallbackFunc
OleQueryOutOfDate
OleSetTargetDevice

wldap32

ldap_abandon
LdapUTF8ToUnicode
ldap_parse_sort_controlW
ldap_search_stW
ldap_create_vlv_controlA
ldap_add_ext
ldap_extended_operation_sW
ldap_simple_bind_s
ldap_modrdn_sA
ldap_value_freeA
ldap_count_entries
ldap_create_sort_control
ldap_count_valuesW
ldap_create_page_controlA
ldap_conn_from_msg
ldap_delete_sA
ber_free
ldap_set_optionA
ldap_openW
ldap_bindW
ldap_result
ldap_explode_dnW
LdapUnicodeToUTF8
ldap_compare_ext_s
ldap_delete_ext_sA
ldap_value_free
ldap_get_next_page
ldap_sasl_bindW
ldap_delete_sW
ldap_extended_operation_sA
ldap_stop_tls_s
ldap_dn2ufnW

ifsutil

?GetNext@TLINK@@QAEPAXPAX@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@E@Z
?IsArcSystemPartition@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?NtDriveNameToDosDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?GetAt@MOUNT_POINT_MAP@@QAEEKPAVWSTRING@@0@Z
?IsThisNtfs@IFS_SYSTEM@@SGEVBIG_INT@@KPAX@Z
??1DP_DRIVE@@UAE@XZ
?Add@NUMBER_SET@@QAEEPBV1@@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@EE@Z
?Initialize@MOUNT_POINT_MAP@@QAEEXZ
?GetData@TLINK@@QAEAAVBIG_INT@@G@Z
?Initialize@SECRUN@@QAEEPAVMEM@@PAVIO_DP_DRIVE@@VBIG_INT@@K@Z
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?Initialize@DIGRAPH@@QAEEK@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EG@Z
?QueryNumber@NUMBER_SET@@QBE?AVBIG_INT@@V2@@Z
?ShellSort@TLINK@@QAEXXZ
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?IsFrontEndPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?RemoveEdge@DIGRAPH@@QAEEKK@Z
?QuerySectors@DP_DRIVE@@UBE?AVBIG_INT@@XZ
??0DIGRAPH_EDGE@@QAE@XZ
?QueryAutochkTimeOut@VOL_LIODPDRV@@SGEPAK@Z
?GetFirst@TLINK@@QAEPAXXZ
?SendSonyMSTestUnitReadyCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
??0MOUNT_POINT_TUPLE@@QAE@XZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
?SendSonyMSInquiryCmd@DP_DRIVE@@QAEEPAUSONY_MS_INQUIRY_DATA@@@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z
?Initialize@SPARSE_SET@@QAEEXZ
??1SUPERAREA@@UAE@XZ
?QueryCompressedInteger@BIG_INT@@QBEXPAE0@Z
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?CloseDriveHandle@DP_DRIVE@@QAEXXZ

kernel32

VirtualAlloc
LoadLibraryA
GetTempFileNameW
CreateHardLinkW
GetSystemDefaultUILanguage
GetTickCount
SetTermsrvAppInstallMode
LocalFlags
FindResourceW
GetStartupInfoW
RequestWakeupLatency
GetProfileStringW
GetLargestConsoleWindowSize
LocalLock
GetModuleHandleA
VirtualQueryEx
GlobalUnlock
DnsHostnameToComputerNameA
TlsSetValue
SetConsoleActiveScreenBuffer
GetDevicePowerState
GetPrivateProfileStructA
CreateConsoleScreenBuffer
IsBadCodePtr
LocalHandle
LocalUnlock
GetStartupInfoA
TlsGetValue
SetConsoleMaximumWindowSize
GetModuleHandleW
CreateMemoryResourceNotification
InitAtomTable
RequestDeviceWakeup
GetLocalTime
DisconnectNamedPipe
GetConsoleInputExeNameA
ReplaceFile
DosPathToSessionPathW

crtdll

sinh
_mbctolower
putchar
??3@YAXPAX@Z
_endthread
_CIatan2
mblen
_timezone_dll
_mbsncmp
wcstombs
_access
_winmajor_dll
_spawnvpe
_mbcjistojms
_strspnp
_isctype
_ismbbkpunct
_expand
_CIsqrt
_ltow
_XcptFilter
_strerror
iswprint
_ismbslead
_findnext
strcpy
_ctype

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5d041a3ff03031f033e801ba6f32f0f

Headers

DLL Characteristics

File Characteristics

Imports

rtm

olecli32

wldap32

ifsutil

kernel32

crtdll

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 1KB