80be293ac1f3a18e023244445f93d31111dfef55e90f3653248a5b4493e5a94f

Sharing

Copy URL Twitter E-mail

General

Target

80be293ac1f3a18e023244445f93d31111dfef55e90f3653248a5b4493e5a94f
Size

828KB
MD5

d56cad5225a3820adfae23f6152f863c
SHA1

e1158cdac96a66446ce9e9fac699781922e660af
SHA256

80be293ac1f3a18e023244445f93d31111dfef55e90f3653248a5b4493e5a94f
SHA512

114e1b4b3eeb27e068ce5800051055b8a85d9f0ea6b2fb27305b6d69dd738e8a4355f786ec8e8bbdc13caa394245e049b918674a7af387030683166f5e9bb4b4
SSDEEP

12288:tAWgxhBm3sqw1aaimv/yRDypynuBysea01nN6XqHSmkTwsC6G3Nq8GE4iM8fjBsv:KW+zqErv/eDUfyb1EXqH8eN2EamSb6r

Score

N/A

Malware Config

Signatures

Files

80be293ac1f3a18e023244445f93d31111dfef55e90f3653248a5b4493e5a94f
.exe windows x86

c3852269eca22a1bc9af1ed6881dfcb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

expsrv

rtcInStrRev
__vbaVarCmpGe
rtcQBColor
rtcDir
__vbaStrAryToAnsi
__vbaStrVarMove
rtcSYD
rtcFileDateTime
rtcVarFromError
__vbaLateMemStAd
__vbaVarImp
rtcTrimBstr
rtcTypeName
__vbaVarTstGe
__vbaNameFile
_adj_fdivr_m32
rtcErrObj
rtcCompareBstr
__vbaGet3
__vbaStrToAnsi
__vbaDerefAry1
rtcInStrChar
__vbaBoolStr
__vbaSetSystemError
GetMemObj
rtcSpaceVar
rtcVarStrFromVar
__vbaVarEqv
rtcLowerCaseBstr
__vbaVarPow
__vbaLateIdSt
__vbaRedimPreserveVar
_adj_fdivr_m64
rtcGetSetting
__vbaVarAnd
rtcCurrentDir
rtcPartition
__vbaPrintFile
__vbaForEachVar
__vbaR4Var
IID_IVbaHost
EVENT_SINK2_AddRef
Zombie_AddRef
rtcGetPresentDate
GetMemNewObj
rtcCallByName
__vbaVarIndexLoadRefLock
EVENT_SINK_GetIDsOfNames
__vbaAryCopy
rtcLowerCaseVar
__vbaStrI4
rtcMsgBox
__vbaVarTextCmpNe
__vbaGetOwner3
__vbaPutOwner3
__vbaStrCompVar
__vbaVarCat
rtBoolFromErrVar
rtcSetDateBstr
__vbaVarNeg
__vbaStrTextLike
__vbaEraseNoPop
__vbaHresultCheckObj
__vbaVargUnkAddref
CreateIExprSrvObj
rtcPackTime
rtcIsNull
TipUnloadInstance
__vbaVarCopy
rtcCreateObject2
EVENT_SINK_QueryInterface
rtcDateAdd
rtcFileCopy
rtcBstrFromError
rtcMidVar
__vbaOnError

kernel32

EnumCalendarInfoW
RtlCaptureContext
GetWriteWatch
PeekConsoleInputA
SetCriticalSectionSpinCount
GetDiskFreeSpaceA
IsValidLanguageGroup
GetNumberFormatA
GetCPInfo
GetExpandedNameA
VirtualAlloc
ExpandEnvironmentStringsW
FindActCtxSectionStringA
SetUserGeoID
LoadLibraryExW
SetTimerQueueTimer
DeleteFiber
GetHandleInformation
BaseDumpAppcompatCache
GetCommTimeouts
QueryDepthSList
GetConsoleAliasA
RtlCaptureStackBackTrace
VirtualProtectEx
GetSystemTimeAsFileTime
VerLanguageNameA
GetLargestConsoleWindowSize
SetVolumeLabelW
LoadLibraryA
FindAtomW
FindVolumeMountPointClose
RegisterWaitForSingleObjectEx
SetConsoleLocalEUDC
GetMailslotInfo

mfcsubs

?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
??4CString@@QAEABV0@ABV0@@Z
??YCString@@QAEABV0@G@Z
??4CString@@QAEABV0@PBE@Z
?Init@CString@@IAEXXZ
??0CString@@QAE@ABV0@@Z
??_7CCriticalSection@@6B@
?AfxW2AHelper@@YGPADPADPBGH@Z
?ElementAt@CStringArray@@QAEAAVCString@@H@Z
??H@YG?AVCString@@ABV0@D@Z
?Release@CString@@KGXPAUCStringData@@@Z
?Lock@CCriticalSection@@UAEHK@Z
?AllocBeforeWrite@CString@@IAEXH@Z
?IsEmpty@CMapStringToPtr@@QBEHXZ
?CompareNoCase@CString@@QBEHPBG@Z
??YCString@@QAEABV0@D@Z
?Find@CString@@QBEHG@Z
?Compare@CString@@QBEHPBG@Z
?CopyBeforeWrite@CString@@IAEXXZ
??O@YG_NPBGABVCString@@@Z
??N@YG_NABVCString@@0@Z
??9@YG_NPBGABVCString@@@Z
?FreeDataChain@CPlex@@QAEXXZ
??_7CMapStringToPtr@@6B@
?HashKey@CMapStringToPtr@@QBEIPBG@Z
??4CPlex@@QAEAAU0@ABU0@@Z
?SetAt@CString@@QAEXHG@Z
??4CString@@QAEABV0@PBD@Z
?TrimRight@CString@@QAEXXZ
?UnlockBuffer@CString@@QAEXXZ
?TrimLeft@CString@@QAEXXZ
?Mid@CString@@QBE?AV1@H@Z
??0CSyncObject@@QAE@PBG@Z

setupapi

CM_Dup_Range_List
CM_Register_Device_Driver
pSetupGuidFromString
CM_Query_Arbitrator_Free_Size_Ex
SetupDiSetSelectedDriverA
pSetupStringTableLookUpString
CM_Get_Depth_Ex
SetupCloseLog
pSetupInstallCatalog
SetupDiRemoveDeviceInterface
SetupGetInfInformationA
pSetupGetGlobalFlags
SetupQueryDrivesInDiskSpaceListW
pSetupUnicodeToMultiByte
SetupGetFileCompressionInfoExA
CM_Get_Device_IDW
SetupSetFileQueueAlternatePlatformA
SetupBackupErrorW
CM_Invert_Range_List
CM_Register_Device_Driver_Ex
CM_Get_Device_ID_List_ExA
CM_Get_Device_ID_List_SizeW
SetupDiOpenClassRegKeyExA
SetupGetTargetPathA
SetupDiGetDeviceInstanceIdW
CM_Get_Log_Conf_Priority_Ex
SetupRemoveFromSourceListW
pSetupStringTableAddString
CM_Get_First_Log_Conf
CM_Query_Arbitrator_Free_Data
CM_Disable_DevNode
CM_Get_Device_ID_List_SizeA
CM_Get_Res_Des_Data
CM_Set_DevNode_Problem
CM_Modify_Res_Des_Ex
SetupFindNextLine
SetupSetDirectoryIdA
SetupDiOpenClassRegKeyExW
CM_Get_DevNode_Custom_PropertyA
CM_Detect_Resource_Conflict_Ex
SetupGetSourceInfoW

msdart

?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?Lock@CLockedSingleList@@QAEXXZ
?IsWriteLocked@CReaderWriterLock3@@QBE_NXZ
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?DeleteIf@CLKRLinearHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?_TryWriteLock@CReaderWriterLock@@AAE_NXZ
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?sm_wDefaultSpinCount@CSpinLock@@1GA
?_ReadOrWriteUnlock@CLKRLinearHashTable@@ABEX_N@Z
?Clear@CLKRHashTable@@QAEXXZ
?Unlock@CLockedDoubleList@@QAEXXZ
MPInitializeCriticalSection
?Size@CLKRHashTable@@QBEKXZ
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
?Push@CSingleList@@QAEXQAVCSingleListEntry@@@Z
?_SegIndex@CLKRLinearHashTable@@ABEKK@Z
?RemoveHead@CLockedDoubleList@@QAEQAVCListEntry@@XZ
??1CSmallSpinLock@@QAE@XZ
?IsUsable@CLKRLinearHashTable@@QBE_NXZ
?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ
?IsLocked@CLockedDoubleList@@QBE_NXZ
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?IsWin95@CMdVersionInfo@@SAHXZ
?_LockSpin@CReaderWriterLock@@AAEX_N@Z
?ReadLock@CLKRLinearHashTable@@QBEXXZ

iphlpapi

SendARP
NotifyRouteChange
SetIpStatistics
_PfUnBindInterface@4
CreateIpNetEntry
DeleteIpForwardEntry
GetUdpStatistics
IpRenewAddress
Icmp6SendEcho2
Icmp6CreateFile
InternalCreateIpNetEntry
GetIpAddrTable
GetTcpTable
AddIPAddress
do_echo_rep
GetUdpTable
SetIfEntry
DeleteProxyArpEntry
_PfRemoveFilterHandles@12
GetBestRoute
_PfGetInterfaceStatistics@16
IcmpCloseHandle
_PfBindInterfaceToIndex@16
SetIpTTL
_PfDeleteLog@0
AllocateAndGetIpAddrTableFromStack

mapi32

HrSzFromEntryID@12
MAPIAllocateBuffer@8
GetTnefStreamCodepage@12
HrAddColumns@16
MAPIAllocateMore
MAPILogoff
__CPPValidateParameters@8
MAPIUninitialize@0
BMAPIGetReadMail
MAPIInitialize@4
SzFindCh@8
ScGenerateMuid@4
cmc_free
UlFromSzHex@4
BMAPIResolveName
ScCountProps@12
SwapPword@8
MapStorageSCode@4
MNLS_WideCharToMultiByte@32
cmc_query_configuration
FBadPropTag@4
MAPIFindNext
FBadColumnSet@4
LaunchWizard@20
MAPISendDocuments
FtAddFt@16
ScMAPIXFromCMC
InstallFilterHook@4
FBadRowSet@4
LPropCompareProp@8
cmc_look_up
cmc_logon
FPropExists@8
OpenTnefStreamEx
MAPIOpenFormMgr

query

??0CNatLanguageRestriction@@QAE@PBGABVCFullPropSpec@@K@Z
?RefreshParams@CWorkQueue@@QAEXKK@Z
??1CNatLanguageRestriction@@QAE@XZ
?IsCatalogInactive@CCatalogAdmin@@QAEHXZ
?Add@CDbColumns@@QAEHABVCDbColId@@I@Z
??1?$XPtr@VCDbColumnNode@@@@QAE@XZ
?Add@CWorkQueue@@QAEXPAVPWorkItem@@@Z
?ParseStringColumns@@YGPAVCDbColumns@@PBGPAUIColumnMapper@@KPAVPVariableSet@@PAV?$CDynArray@G@@@Z
??1CRegNotify@@MAE@XZ
?AddError@CEventItem@@QAEXK@Z
??0CGetDbProps@@QAE@XZ
?Release@CQueryUnknown@@UAGKXZ
_LoadBHIFilter@16
?StrLen@CKey@@QBEIXZ
?BorrowBuffer@CPhysStorage@@QAEPAKKHH@Z
??1CImpersonateClient@@QAE@XZ
?Remove@CColumns@@QAEXI@Z
?BuildRegistryScopesKey@@YGXAAV?$XArray@G@@PBG@Z
?Find@CPropertyList@@UAEPBVCPropEntry@@PBG@Z
?GetBlob@CMemDeSerStream@@UAEXPAEK@Z
??1CPhysStorage@@UAE@XZ
?PutWString@@YGXAAVPSerStream@@PBG@Z
??1CPhraseRestriction@@QAE@XZ
?IsWriteProtected@CDriveInfo@@QAEHXZ
?AddRef@CEmptyPropertyList@@UAGKXZ
??1CFwEventItem@@QAE@XZ
?Add@CKeyArray@@QAEHHABVCKeyBuf@@@Z
FsCiShutdown
?Reset@CRegChangeEvent@@QAEXXZ
?Release@CFwPropertyMapper@@UAGKXZ

catsrv

DllCanUnloadNow
?ReleaseReadICR@@YGXPAPAUIComponentRecords@@@Z
GetCatalogCRMClerk
?GetWriteICR@@YGJPAPAUIComponentRecords@@@Z
DllRegisterServer
?CancelWriteICR@@YGJPAPAUIComponentRecords@@@Z
CreateComponentLibraryTS
?SaveWriteICR@@YGJPAPAUIComponentRecords@@@Z
OpenComponentLibraryTS
DllGetClassObject
DllUnregisterServer

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 588KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3852269eca22a1bc9af1ed6881dfcb9

Headers

DLL Characteristics

File Characteristics

Imports

expsrv

kernel32

mfcsubs

setupapi

msdart

iphlpapi

mapi32

query

catsrv

Sections

.text Size: 95KB - Virtual size: 94KB

.rdata Size: 137KB - Virtual size: 136KB

.data Size: 588KB - Virtual size: 1.9MB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 344B

.text
Size: 95KB - Virtual size: 94KB

.rdata
Size: 137KB - Virtual size: 136KB

.data
Size: 588KB - Virtual size: 1.9MB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 344B