5d6516fdcc375fe50026585b415da0be17a863f2fe83e5d25a29ebbf1d495f72

Sharing

Copy URL Twitter E-mail

General

Target

5d6516fdcc375fe50026585b415da0be17a863f2fe83e5d25a29ebbf1d495f72
Size

864KB
MD5

a2704909bbe1ea43ea40bbdb6c557330
SHA1

a16f5ef2878806293b6778b8bde360495869c1d3
SHA256

5d6516fdcc375fe50026585b415da0be17a863f2fe83e5d25a29ebbf1d495f72
SHA512

682d503a96ee01504b89cbb2a01ccbfdacc7d3b7808990d620edda4fdbc9f5dbd0f82b92ff60a5283bb97e148a14cadbb04eb2f3c2e159eaf3501737d04b8946
SSDEEP

12288:427+e/0P/kBRKpO1HIXdCpBVbnE6kV+mv0LBxGvzvz17dq8dCGQnSII2xmdpfZtV:P6eESvc+BV7X4bAfmBLUGBkupc8hf

Score

N/A

Malware Config

Signatures

Files

5d6516fdcc375fe50026585b415da0be17a863f2fe83e5d25a29ebbf1d495f72
.exe windows x86

ef72bef6cd67f985330f8a2f635cf5d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

regapi

RegWinStationDeleteW
RegCdEnumerateA
RegUserConfigDelete
RegWdQueryA
RegWinStationSetSecurityW
RegPdDeleteW
RegWdCreateW
RegQueryOEMId
RegWinStationDeleteA
RegUserConfigQuery
RegWinStationAccessCheck
RegGetUserConfigFromUserParameters
RegWdCreateA
RegConsoleShadowQueryA
RegWdEnumerateA
RegBuildNumberQuery
RegGetTServerVersion
RegPdDeleteA
RegCdDeleteA
RegWinStationQueryValueW
RegPdQueryW
RegWinStationQueryNumValueW
RegWdDeleteA
RegWinStationEnumerateW
RegWinStationQueryEx
RegCdCreateW
RegOpenServerW
RegWinStationQuerySecurityW
RegGetMachinePolicy
RegWinStationSetNumValueW
RegDefaultUserConfigQueryA
RegWinStationCreateW
RegIsMachinePolicyAllowHelp
RegConsoleShadowQueryW
RegPdCreateA
RegCdQueryW

samlib

SamGetDisplayEnumerationIndex
SamAddMemberToGroup
SamOpenUser
SamGetMembersInGroup
SamiLmChangePasswordUser
SamAddMemberToAlias
SamiOemChangePasswordUser2
SamGetGroupsForUser
SamChangePasswordUser2
SamiEncryptPasswords
SamDeleteAlias
SamEnumerateUsersInDomain
SamQueryInformationDomain
SamSetMemberAttributesOfGroup
SamOpenDomain
SamCreateUser2InDomain
SamCreateGroupInDomain
SamSetInformationGroup
SamDeleteUser
SamiSetDSRMPasswordOWF
SamLookupDomainInSamServer
SamFreeMemory
SamiChangePasswordUser2
SamConnectWithCreds
SamCreateAliasInDomain
SamCreateUserInDomain
SamDeleteGroup
SamEnumerateGroupsInDomain

msctfp

GetProxyDllInfo
DllGetClassObject

advpack

UserUnInstStubWrapper
RunSetupCommand
ExecuteCab
AddDelBackupEntry
FileSaveRestore
OpenINFEngine
RegRestoreAll
UserInstStubWrapper
RegisterOCX
TranslateInfStringEx
RebootCheckOnInstall
GetVersionFromFileEx
RegInstall
TranslateInfString
LaunchINFSection
AdvInstallFile
RegSaveRestoreOnINF
ExtractFiles
CloseINFEngine
NeedReboot
IsNTAdmin
RegSaveRestore
SetPerUserSecValues
GetVersionFromFile
DoInfInstall
FileSaveMarkNotExist
DelNodeRunDLL32
NeedRebootInit
FileSaveRestoreOnINF
LaunchINFSectionEx

wininet

FindFirstUrlCacheEntryW
InternetSetCookieA
InternetConnectA
CreateUrlCacheGroup
GetUrlCacheEntryInfoExA
InternetCombineUrlW
SetUrlCacheEntryInfoW
InternetFortezzaCommand
ForceNexusLookupExW
UnlockUrlCacheEntryStream
InternetShowSecurityInfoByURL
FtpGetCurrentDirectoryW
InternetDialW
FtpGetFileSize
InternetCheckConnectionA
PrivacySetZonePreferenceW
CreateUrlCacheContainerW
InternetSetFilePointer
InternetUnlockRequestFile
SetUrlCacheGroupAttributeW
HttpAddRequestHeadersA
InternetReadFileExW
RetrieveUrlCacheEntryStreamW
FtpCreateDirectoryW
HttpSendRequestA
InternetTimeFromSystemTimeA
HttpOpenRequestA
PrivacyGetZonePreferenceW
ShowX509EncodedCertificate
FtpSetCurrentDirectoryA
DllInstall
FtpFindFirstFileW
InternetSetCookieExA
InternetSetCookieW
RunOnceUrlCache

kernel32

SetConsoleTitleW
CopyFileExA
InterlockedExchange
SetConsoleMaximumWindowSize
GetThreadPriority
SleepEx
lstrlenA
IsBadHugeWritePtr
NlsGetCacheUpdateCount
ReadConsoleW
SetProcessShutdownParameters
GetPrivateProfileSectionNamesA
GetConsoleOutputCP
GetACP
GetEnvironmentStringsW
FillConsoleOutputCharacterA
SetConsoleNumberOfCommandsW
FindCloseChangeNotification
GetTempFileNameA
GetStartupInfoA
PrepareTape
RtlCaptureContext
SearchPathA
InitAtomTable
GetConsoleScreenBufferInfo
LockFileEx
Heap32Next
GetComputerNameExW
GetProfileStringA
ClearCommError
ReadFile
GetDiskFreeSpaceExW
FindNextVolumeMountPointW
QueueUserAPC
RegisterWowExec
GetVolumeNameForVolumeMountPointA
WritePrivateProfileStructA
DosPathToSessionPathA
CreateMailslotW
CreateFileMappingW
SetFilePointerEx
RegisterWaitForSingleObjectEx
GetConsoleCommandHistoryA
OutputDebugStringA
GetFirmwareEnvironmentVariableA
OpenWaitableTimerA
CommConfigDialogW
QueryMemoryResourceNotification
SetLastError
DeleteTimerQueue
Process32Next
SetConsoleCursorMode
CreateJobSet
GetVersion
ReplaceFile
GetDiskFreeSpaceA
_llseek
GetModuleFileNameA
FreeLibraryAndExitThread
OpenWaitableTimerW
IsSystemResumeAutomatic
LoadLibraryA
SetVolumeLabelW
LocalLock
GetBinaryType
QueueUserWorkItem
WriteConsoleOutputCharacterA
MoveFileWithProgressW
GetNumberFormatA
ReleaseMutex
Module32NextW
GetStartupInfoW
GetNamedPipeHandleStateA
VirtualAlloc
GetThreadTimes
FindFirstVolumeMountPointW
GlobalLock
BindIoCompletionCallback
IsValidCodePage
OpenFileMappingW
SetFileApisToOEM
SwitchToThread
UpdateResourceA

gdi32

EngLockSurface
EngStretchBlt
DeleteObject
QueryFontAssocStatus
GdiGetDevmodeForPage
GdiCreateLocalEnhMetaFile
GdiCreateLocalMetaFilePict
SetTextJustification
CreateEllipticRgn
CLIPOBJ_cEnumStart
GetColorSpace
CreateScalableFontResourceW
SetAbortProc
HT_Get8BPPMaskPalette
DdEntry44
EnableEUDC
GetRelAbs
GdiSetPixelFormat
DdEntry52
CLIPOBJ_ppoGetPath
InvertRgn
EngStretchBltROP
GetDIBits
GdiEntry6
CopyMetaFileW

ir41_qc

CompressEnd
Compress
DllMain
CompressBegin
AllocInstanceData
SetScalability
FreeInstanceData
CompressFramesInfo

msdart

?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?Unlock@CLockedSingleList@@QAEXXZ
?GetSpinCount@CReaderWriterLock2@@QBEGXZ
?ReadUnlock@CSmallSpinLock@@QAEXXZ
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?CheckTable@CLKRLinearHashTable@@QBEHXZ
??0CLockedDoubleList@@QAE@XZ
?ReadUnlock@CLKRHashTable@@QBEXXZ
?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
??0CReaderWriterLock2@@QAE@XZ
?_TryReadLock@CReaderWriterLock@@AAE_NXZ
?First@CDoubleList@@QBEQAVCListEntry@@XZ
?CreateHolder@@YGJPAUIGPDispenser@@HIPAPAUIGPHolder@@@Z
?_CurrentThreadId@CReaderWriterLock3@@CGJXZ
?ReadLock@CLKRLinearHashTable@@QBEXXZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
?SetSpinCount@CReaderWriterLock@@QAE_NG@Z
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?ConvertSharedToExclusive@CReaderWriterLock2@@QAEXXZ
?_Lock@CSpinLock@@AAEXXZ
?ApplyIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@ZP6G?AW4LK_ACTION@@01@Z1W4LK_LOCKTYPE@@@Z
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
mpCalloc
?ConvertExclusiveToShared@CSmallSpinLock@@QAEXXZ
?_TryLock@CSmallSpinLock@@AAE_NXZ
?_ReadLockSpin@CReaderWriterLock2@@AAEXXZ
?_ReadOrWriteLock@CLKRLinearHashTable@@ABE_NXZ

wavemsp

DllGetClassObject

Sections

.tixt
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 347KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef72bef6cd67f985330f8a2f635cf5d7

Headers

DLL Characteristics

File Characteristics

Imports

regapi

samlib

msctfp

advpack

wininet

kernel32

gdi32

ir41_qc

msdart

wavemsp

Sections

.tixt Size: 340KB - Virtual size: 340KB

.rdata Size: 172KB - Virtual size: 172KB

.data Size: 347KB - Virtual size: 1.7MB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 340KB - Virtual size: 340KB

.rdata
Size: 172KB - Virtual size: 172KB

.data
Size: 347KB - Virtual size: 1.7MB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B