cfa9bb279f21e4bfa9b2a4b20d481084b8c7d46ad019819b62c3cb43ab046537

Sharing

Copy URL

Twitter E-mail

General

Target

cfa9bb279f21e4bfa9b2a4b20d481084b8c7d46ad019819b62c3cb43ab046537
Size

409KB
MD5

a269bf4e38753b9b24de166b7a25da80
SHA1

e15f3bf63f35e0328f7342498b428c4bcfcca595
SHA256

cfa9bb279f21e4bfa9b2a4b20d481084b8c7d46ad019819b62c3cb43ab046537
SHA512

509168ecb8e1a2836efc1fe2167bccf0a8a5dafe4ff7ca609d48c0ab63432527b0b3d500e3e9883697045a1bfb90738e7a9fa677088953dfeafc9da0b3f35c57
SSDEEP

6144:JzsKjh5Ay7hrERfGZNFNISsFN/4puSIWtvRYicRH2Qon9eMJAQOSZE5RAcch+p3b:Z5n7R6OVNRmquFWRt7eMVbZE5RU+pnL

Score

N/A

Malware Config

Signatures

Files

cfa9bb279f21e4bfa9b2a4b20d481084b8c7d46ad019819b62c3cb43ab046537
.exe windows x86

a3f89ca8b9d7f5b276f2a48b69273638

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

samlib

SamConnectWithCreds
SamiSetBootKeyInformation
SamOpenUser
SamTestPrivateFunctionsUser
SamLookupIdsInDomain
SamQueryInformationGroup
SamiLmChangePasswordUser
SamChangePasswordUser
SamAddMemberToGroup
SamConnect
SamEnumerateDomainsInSamServer
SamFreeMemory
SamiEncryptPasswords
SamGetMembersInAlias

urlmon

CoInternetCreateZoneManager
ObtainUserAgentString
URLOpenStreamA
IsValidURL
CreateURLMoniker
CoInternetCreateSecurityManager
GetClassFileOrMime
CoGetClassObjectFromURL
CopyStgMedium
URLDownloadW
IsLoggingEnabledW
MkParseDisplayNameEx
RevokeFormatEnumerator
URLDownloadToCacheFileA
RegisterMediaTypeClass
RegisterMediaTypes

cryptui

CryptUIWizFreeDigitalSignContext
CryptUIWizBuildCTL
CryptUIDlgSelectStoreW
CryptUIGetCertificatePropertiesPagesA
CryptUIDlgViewSignerInfoW
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgViewCRLA
CryptUIDlgSelectCertificateW
ACUIProviderInvokeUI
CryptUIFreeViewSignaturesPagesW
CryptUIFreeViewSignaturesPagesA
CryptUIDlgViewCertificatePropertiesW
CryptUIStartCertMgr

advpack

GetVersionFromFile
ExtractFiles

kernel32

UpdateResourceA
GetSystemTime
GetSystemWindowsDirectoryW
LCMapStringW
GetProcessPriorityBoost
SystemTimeToFileTime
SetSystemTimeAdjustment
GetTempPathA
FindNextVolumeMountPointW
DnsHostnameToComputerNameA
GetVersion
GetWriteWatch
SetMessageWaitingIndicator
FindVolumeClose
SetFileApisToOEM
SystemTimeToTzSpecificLocalTime
SetThreadExecutionState
LocalLock
GetProfileIntA
TlsGetValue
Process32NextW
FindResourceExA
FileTimeToDosDateTime
SetThreadPriorityBoost
GetVolumeNameForVolumeMountPointW
WaitForSingleObjectEx
_hread
GlobalMemoryStatusEx
FindAtomW
GetProcessWorkingSetSize
SetSystemPowerState
FindResourceW

user32

IsDialogMessageW
ScrollWindow
SwitchToThisWindow
MonitorFromRect
CallMsgFilterA
GetFocus
SetClassWord
GetSystemMetrics
SetDlgItemTextA
GetPropW
EnumThreadWindows
IMPGetIMEA
InsertMenuW
SetForegroundWindow
SendNotifyMessageA
GetCursorPos
DdeImpersonateClient
GetPropA
WindowFromDC
SetCursor
VkKeyScanExA
ValidateRgn
OpenIcon
InvalidateRect
GetCursor
GetKBCodePage
DrawTextExW
SendInput
EnumDesktopsW
SetMenuItemBitmaps
DdeAbandonTransaction

mscms

InternalGetPS2ColorSpaceArray
SpoolerCopyFileEvent
RegisterCMMA
SetColorProfileHeader
UnregisterCMMW
InternalGetDeviceConfig
SelectCMM
InstallColorProfileW
CreateColorTransformW
InternalGetPS2PreviewCRD
OpenColorProfileA
EnumColorProfilesA
GetStandardColorSpaceProfileA
GetColorDirectoryA
CheckColors
UninstallColorProfileW
GetPS2ColorRenderingIntent
GetColorProfileHeader
SetColorProfileElementReference
ConvertColorNameToIndex
OpenColorProfileW
CheckBitmapBits
InternalSetDeviceConfig
CreateDeviceLinkProfile
UninstallColorProfileA
GetColorDirectoryW

mpr

WNetCancelConnection2A
WNetAddConnection2W
WNetDisconnectDialog1W
WNetConnectionDialog1A
WNetGetResourceParentW
WNetUseConnectionA
WNetAddConnectionA
WNetCloseEnum
WNetUseConnectionW
WNetGetResourceInformationA
WNetGetResourceParentA
WNetEnumResourceA
WNetGetUserA
WNetDisconnectDialog1A
WNetAddConnection2A

mswsock

GetServiceA
rexec
getnetbyname
EnumProtocolsW
GetNameByTypeW
inet_network
s_perror
SetServiceW
EnumProtocolsA
AcceptEx
GetAddressByNameA
WSARecvEx

setupapi

CM_Unregister_Device_Interface_ExW
CM_Get_Child_Ex
SetupDiGetDeviceInterfaceAlias
SetupDiRegisterCoDeviceInstallers
SetupInstallFileA
SetupDiGetHwProfileList
CM_Request_Device_EjectA
SetupGetLineCountW
CM_Free_Res_Des_Handle
CM_Connect_MachineW
CM_Request_Eject_PC_Ex
SetupDiClassGuidsFromNameExA
SetupQueryFileLogA
SetupDiGetSelectedDriverA
SetupDiClassNameFromGuidW
SetupDiSetSelectedDriverW
CM_Add_Res_Des
InstallHinfSectionA
SetupDiBuildClassInfoList
SetupCancelTemporarySourceList
CM_Dup_Range_List
SetupDecompressOrCopyFileW
CM_Get_Device_Interface_ListW
CM_Get_DevNode_Registry_Property_ExA
CM_Register_Device_Interface_ExW
SetupGetLineCountA
SetupQueueRenameW
SetupRemoveSectionFromDiskSpaceListW
SetupDiGetClassInstallParamsW
SetupQueryInfFileInformationA
SetupGetIntField

ole32

ReadClassStg
StringFromGUID2
CoSetCancelObject
CoEnableCallCancellation
CLIPFORMAT_UserUnmarshal
GetHGlobalFromILockBytes
STGMEDIUM_UserMarshal
CoRevertToSelf
SNB_UserUnmarshal
HICON_UserSize
CoGetInstanceFromIStorage
OleRegEnumFormatEtc
CoSwitchCallContext
OleCreateLinkToFile
CoGetInterfaceAndReleaseStream
HPALETTE_UserFree
OleConvertIStorageToOLESTREAMEx
CoDisconnectObject
CreateStdProgressIndicator
MkParseDisplayName
HMETAFILE_UserUnmarshal
SNB_UserFree
CreateOleAdviseHolder
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
StgOpenStorage
StgOpenStorageOnILockBytes
CoGetStdMarshalEx
IsEqualGUID
OleDuplicateData

msvcrt

_wspawnvpe
_lrotr
_strdup
_unlink
_wspawnlp
mbstowcs
__pioinfo
_wunlink
_wexecle
_adjust_fdiv
_mbsrev
rewind
_inpw
strstr
_execvpe
_wcsncoll
_ismbbkpunct
_wspawnv
_mbschr
__p__pgmptr
_ctype
_chsize
_i64toa
_mbstok
_strset
_pclose
_inp
ldiv
iswpunct
asin
_chkesp

clusapi

OpenClusterNetInterface
ClusterNetInterfaceControl
GetClusterNotify
FailClusterResource
ClusterOpenEnum
SetClusterGroupNodeList
ClusterRegGetKeySecurity
ClusterResourceOpenEnum
ClusterRegOpenKey
RemoveClusterResourceNode
BackupClusterDatabase
AddClusterResourceNode
SetClusterName
GetClusterResourceTypeKey
ClusterGroupOpenEnum
ClusterNetworkControl
GetClusterInformation
CloseClusterNotifyPort
OpenClusterNetwork
GetClusterGroupKey
ClusterEnum
ClusterRegSetValue
GetClusterQuorumResource
OfflineClusterGroup
GetClusterKey
ClusterRegSetKeySecurity
RemoveClusterResourceDependency
GetClusterNetInterfaceState
ClusterRegQueryValue

netapi32

I_NetLogonControl2
NetServerTransportDel
RxNetAccessGetInfo
NetServerComputerNameAdd
NetLocalGroupDel
NetReplImportDirDel
NetReplImportDirAdd
NetDfsManagerSendSiteInfo
DsGetDcNameW
NetUserSetInfo
NetMessageNameEnum
NetSessionEnum
DsRoleFreeMemory
NetDfsAddStdRoot
NetDfsRemoveFtRoot
NetReplExportDirSetInfo
NetReplSetInfo
RxNetAccessEnum
NetAuditWrite
I_NetLogonControl
NetDfsAdd
NetErrorLogWrite
NetDfsSetClientInfo
NetLocalGroupAddMembers
RxNetAccessAdd
DsRoleGetPrimaryDomainInformation
NetLogonGetTimeServiceParentDomain
NetFileEnum

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 219KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3f89ca8b9d7f5b276f2a48b69273638

Headers

File Characteristics

Imports

samlib

urlmon

cryptui

advpack

kernel32

user32

mscms

mpr

mswsock

setupapi

ole32

msvcrt

clusapi

netapi32

Sections

.text Size: 133KB - Virtual size: 133KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 31KB - Virtual size: 379KB

.rsrc Size: 219KB - Virtual size: 218KB

.text Size: 6KB - Virtual size: 6KB

.text
Size: 133KB - Virtual size: 133KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 31KB - Virtual size: 379KB

.rsrc
Size: 219KB - Virtual size: 218KB

.text
Size: 6KB - Virtual size: 6KB