e6a674931b9002bef1625a542028570acb6edb4c4a0e3d24aa103fb5fc26ae35

Sharing

Copy URL Twitter E-mail

General

Target

e6a674931b9002bef1625a542028570acb6edb4c4a0e3d24aa103fb5fc26ae35
Size

7KB
MD5

931384d407b45ba45b5e59b9ab6f2300
SHA1

61ad7ee0cbfb64b5d7f8e1b63dc8b513d0890c01
SHA256

e6a674931b9002bef1625a542028570acb6edb4c4a0e3d24aa103fb5fc26ae35
SHA512

2f9853580bbd00237a2741184ba708cf513e7c1cfc75aa38fb634a398a8fb6d90f7638f899a23919a1277a5db3cf3bd368d92b2b2e16a2d5afab1b7773049011
SSDEEP

192:3yCBTTCm545BmnXrgJg+/v+SFWeiuVwxtH:3pTCmLXgn+IRVqH

Score

N/A

Malware Config

Signatures

Files

e6a674931b9002bef1625a542028570acb6edb4c4a0e3d24aa103fb5fc26ae35
.exe windows x86

e5f3038ae1ca95502f3fb30483d6f13c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netshell

DllGetClassObject
NcIsValidConnectionName
DllRegisterServer
NcFreeNetconProperties
HrCreateDesktopIcon
DllCanUnloadNow
DllUnregisterServer
HrRenameConnection
HrLaunchConnection

avifil32

AVIFileOpen
EditStreamSetInfo

sisbkup

SisRestoredCommonStoreFile

ieakeng

ModifyAuthCode
NewFolder
GetAdmWindowHandle
DisplayADMItem
SelectADMItem
BToolbar_Remove
SaveADMItem
CreateADMWindow
ProcessFavSelChange
BuildPalette
CheckField
IsFavoriteItem
DestroyADMWindow
DoReboot
GetFavoritesMaxNumber
CanDeleteADM
BToolbar_Edit
CheckForDupKeys
ShowADMWindow
MoveADMWindow
ModifyRatings
ErrorMessageBox
ShowInetcpl
ModifyZones
MoveDownFavorite
GetFavoritesNumber
MoveUpFavorite

gdi32

GetTextExtentPoint32A
ChoosePixelFormat
ResetDCW

msvidctl

GetProxyDllInfo
DllRegisterServer
DllCanUnloadNow
DllGetClassObject
DllUnregisterServer

iprtprio

SetPriorityInfo
GetPriorityInfo
ComputeRouteMetric

msvbvm60

rtUI1FromErrVar
__vbaVarForInit
__vbaRecUniToAnsi
__vbaVarLikeVar
rtcLowerCaseBstr
__vbaObjSetAddref
__vbaAryLock
__vbaUdtVar
rtcFormatNumber
__vbaLdZeroAry
__vbaGenerateBoundsError
rtcSetDateVar
rtcGetDayOfWeek
Zombie_Invoke
_CIlog
__vbaUI1I4
__vbaR4Var
rtcRightTrimBstr
__vbaVarTextLikeVar
rtI2FromErrVar
__vbaLateMemNamedCallSt
rtcAnsiValueBstr
__vbaAryVarVarg
rtcGetObject
rtcRemoveDir
GetMemNewObj
__vbaR8Sgn
__vbaLsetFixstrFree
rtcRate
__vbaCopyBytes
__vbaVarTextCmpGt
__vbaVargParmRef
PutMem8
rtcChangeDrive
rtcCreateObject2

kernel32

VirtualAlloc
CreateFileW
GetLastError
CloseHandle
CreateMutexA

qdvd

DllRegisterServer
DllCanUnloadNow
DllGetClassObject
DllUnregisterServer

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 480KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e5f3038ae1ca95502f3fb30483d6f13c

Headers

DLL Characteristics

File Characteristics

Imports

netshell

avifil32

sisbkup

ieakeng

gdi32

msvidctl

iprtprio

msvbvm60

kernel32

qdvd

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: - Virtual size: 480KB

.rsrc Size: 1024B - Virtual size: 820B

.reloc Size: 512B - Virtual size: 36B

.rdata Size: 114KB - Virtual size: 113KB

.text
Size: 3KB - Virtual size: 3KB

.data
Size: - Virtual size: 480KB

.rsrc
Size: 1024B - Virtual size: 820B

.reloc
Size: 512B - Virtual size: 36B

.rdata
Size: 114KB - Virtual size: 113KB