072d559ec8ba84e7b26894edd1971bab7d6b5417faccb351c789ddedacf3514c

Sharing

Copy URL

Twitter E-mail

General

Target

072d559ec8ba84e7b26894edd1971bab7d6b5417faccb351c789ddedacf3514c
Size

84KB
MD5

414d0e0614eb0cd2a00274bef09e164e
SHA1

9337b8ad4e4fa4b22c0c488111588d4787b60314
SHA256

072d559ec8ba84e7b26894edd1971bab7d6b5417faccb351c789ddedacf3514c
SHA512

3fe66955819a89941aa8354f4d0ad9cc622e905418d989f16304a40b0353b423f8520526b2499336df0ad27a6a8ab411c354c2f680e9a2b8d771a57810ebf4df
SSDEEP

1536:qcRhan1TvJPfQf4yu+wt0cNYgUZg4AULwowJWI4sBvLIPUm+MY9:qcRKufcflrF68qI4S0+MY9

Score

N/A

Malware Config

Signatures

Files

072d559ec8ba84e7b26894edd1971bab7d6b5417faccb351c789ddedacf3514c
.exe windows x86

7e28add64f58f612b4a938abe113b35f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netcfgx

NetCfgDiagFromCommandArgs
DllRegisterServer
DllUnregisterServer
HrDiAddComponentToINetCfg
NetClassInstaller
DllGetClassObject
NetPropPageProvider
DllCanUnloadNow
NetCfgDiagRepairRegistryBindings
LanaCfgFromCommandArgs

kernel32

GetStringTypeW
CommConfigDialogW
WriteConsoleOutputA
FindFirstVolumeMountPointW
GlobalSize
CmdBatNotification
GetCommandLineW
WriteConsoleInputVDMW
GetSystemDefaultUILanguage
EnumLanguageGroupLocalesA
GetCommProperties
GetStartupInfoA
VirtualAlloc
HeapCreate
UnregisterWait
GetLogicalDriveStringsA
GetLastError
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
HeapValidate
LoadLibraryA
GetTickCount
GetNumberOfConsoleMouseButtons

query

?WriteProperty@CPropStoreManager@@QAEJAAVCCompositePropRecordForWrites@@KABVCStorageVariant@@@Z
?GetOffset@CKeyDeComp@@QAEXAAUBitOffset@@@Z
SvcEntry_CiSvc
?AddRef@CEnumWorkid@@UAGKXZ
??0CWorkQueue@@QAE@IW4WorkQueueType@0@@Z
?Release@CImpersonateRemoteAccess@@QAEXXZ
?ReadProperty@CPropStoreManager@@QAEHAAVCCompositePropRecord@@KPAUtagPROPVARIANT@@PAI@Z
??0CFileBuffer@@QAE@AAVCFileMapView@@I@Z
?WideCharToXArrayMultiByte@@YGKPBGKIAAV?$XArray@E@@@Z
?Add@CDbSortSet@@QAEHABVCDbSortKey@@I@Z
?Release@CWorkQueue@@QAEXPAVCWorkThread@@@Z
??1?$XPtr@VCDbColumnNode@@@@QAE@XZ
?AddCatalog@CMachineAdmin@@QAEXPBG0@Z

user32

EditWndProc
MessageBoxTimeoutW
DisableProcessWindowsGhosting
RealGetWindowClassW
GetClassInfoW
LoadStringW
SetScrollPos
SendMessageCallbackW
GetClassNameA
GetDesktopWindow
DrawFocusRect
FlashWindowEx
LockWorkStation
SetWindowRgn
CharUpperA
CharPrevA
HiliteMenuItem

iphlpapi

SetTcpEntry
_PfDeleteInterface@4
GetNumberOfInterfaces
GetIpErrorString
AllocateAndGetIpAddrTableFromStack
IcmpSendEcho2
_PfSetLogBuffer@28
GetFriendlyIfIndex
GetBestRoute
DeleteIpForwardEntry
GetUdpTable
InternalGetIpAddrTable
_PfTestPacket@20
DisableMediaSense
IcmpSendEcho
_PfRemoveGlobalFilterFromInterface@8
GetIcmpStatistics

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e28add64f58f612b4a938abe113b35f

Headers

DLL Characteristics

File Characteristics

Imports

netcfgx

kernel32

query

user32

iphlpapi

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 18KB - Virtual size: 41KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 292B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 18KB - Virtual size: 41KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 292B