f5021b6cc6dd2c1ff53504ce1feece17c3859561ad12e809151a5c9731144c41

Sharing

Copy URL Twitter E-mail

General

Target

f5021b6cc6dd2c1ff53504ce1feece17c3859561ad12e809151a5c9731144c41
Size

1.3MB
MD5

8366085f8824a87fc2c7ea71bd4580a9
SHA1

81874f11fb5986a5fdc8d3902a0c331896d0bb63
SHA256

f5021b6cc6dd2c1ff53504ce1feece17c3859561ad12e809151a5c9731144c41
SHA512

8b7adfa3b95a9346d92ad7c91e1bbf7ad61512c91545821dd2c4d56c130f1b7b16ad3474f6fdcb5b2e6ca0434a0bd66e00f9ad7a847df3b5ac85a936d23b8c34
SSDEEP

24576:2ULdIRbx11kQjyjAOqqzryFSOGLAJlPTlXqRIHly:nOktPLu9gRIHly

Score

N/A

Malware Config

Signatures

Files

f5021b6cc6dd2c1ff53504ce1feece17c3859561ad12e809151a5c9731144c41
.exe windows x86

3b98e301c4fdda27fcefc4b15eca7235

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessMemoryInfo
EnumProcessModules
EnumProcesses
GetModuleBaseNameW

pdh

PdhOpenQueryW
PdhMakeCounterPathW
PdhAddCounterW
PdhComputeCounterStatistics
PdhCloseQuery
PdhGetRawCounterValue
PdhGetFormattedCounterValue
PdhCollectQueryData

perficrcperfmonmgr

?UnInitialize@CiCrcPerfMonMgr@@QAEXXZ
?Instance@CiCrcPerfMonMgr@@SAPAV1@XZ
?Initialize@CiCrcPerfMonMgr@@QAEJXZ
?CloseSingleton@CiCrcPerfMonMgr@@SAXXZ

vsapi32

ord613
ord614
ord640

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

netapi32

NetShareGetInfo
NetApiBufferFree

advapi32

RegOpenKeyExW
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
InitializeAcl
AddAce
DeleteService
CreateServiceW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
RegCreateKeyA
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
ImpersonateLoggedOnUser
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityInfo
GetAclInformation
GetAce
CopySid
IsValidSid
GetLengthSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
RegEnumValueW
RegCloseKey
RegQueryValueExW
GetSecurityDescriptorDacl
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ChangeServiceConfigW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
QueryServiceStatus
StartServiceW
ControlService
SetServiceStatus
RegSetValueExA
RevertToSelf
RegOpenKeyW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueW
GetUserNameW
DuplicateTokenEx
OpenProcessToken

shlwapi

PathAddBackslashW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathCanonicalizeW

rpcrt4

RpcStringFreeW
UuidCreate
UuidToStringW

kernel32

LocalAlloc
GetLogicalDriveStringsW
CreateMailslotW
CreateWaitableTimerA
SetWaitableTimer
CreateMutexA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
GetLocaleInfoW
SetEvent
LeaveCriticalSection
EnterCriticalSection
GetLastError
CloseHandle
ResetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
GetCurrentThreadId
GetShortPathNameW
GetLongPathNameW
GetFullPathNameW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateThread
DeleteCriticalSection
InitializeCriticalSection
SignalObjectAndWait
InterlockedExchange
SystemTimeToFileTime
WaitForSingleObject
GetSystemTime
LocalFree
Sleep
CreateProcessW
lstrlenW
SetCurrentDirectoryW
GetCurrentDirectoryW
LoadLibraryExW
FreeLibrary
FileTimeToSystemTime
LocalFileTimeToFileTime
InterlockedIncrement
GetTickCount
CopyFileW
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
GetVersionExW
OpenEventW
RemoveDirectoryW
SleepEx
SetErrorMode
InterlockedDecrement
GetLocalTime
MoveFileW
GetSystemDirectoryW
ReleaseMutex
WritePrivateProfileStringW
GetWindowsDirectoryW
GetModuleHandleW
WriteFile
SetEndOfFile
SetFilePointer
CreateFileW
GetFileAttributesW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
CreateSemaphoreW
CreateMutexW
TerminateProcess
GetTempPathW
GetTempFileNameW
GetCurrentThread
OpenProcess
GetComputerNameW
WaitForMultipleObjectsEx
SetFileAttributesW
GetSystemDefaultLangID
ReadFile
GetDriveTypeW
DeviceIoControl
QueryDosDeviceW
GetSystemInfo
GetCurrentProcessId
SetThreadPriority
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
CreateEventA
GetSystemTimeAsFileTime
DeleteFileA
FormatMessageA
LockFileEx
UnlockFileEx
CreateFileA
CreateDirectoryA
GetFileSizeEx
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
FlushViewOfFile
GetFileSize
GetExitCodeProcess
MapViewOfFile
VirtualQuery
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
lstrcatA
lstrcpyA
GetUserDefaultLangID
GetVersion
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
IsValidCodePage
GetOEMCP
GetACP
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
GetModuleHandleA
GetFileAttributesA
GetDiskFreeSpaceA
GetDriveTypeA
GetDateFormatA
GetTimeFormatA
GetProcessHeap
GetVersionExA
GetCommandLineA
GetCurrentDirectoryA
SetEnvironmentVariableW
ExitThread
HeapAlloc
HeapFree
RtlUnwind
RaiseException
IsDebuggerPresent
SetNamedPipeHandleState
WaitNamedPipeW
OpenFile
IsBadReadPtr
IsBadWritePtr
GetProcessTimes
InterlockedCompareExchange
GetLocaleInfoA
GetOverlappedResult
SetLastError
PulseEvent
TerminateThread
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleFileNameA
LoadLibraryA
CreateProcessA
GetPrivateProfileStringA
lstrlenA
WaitForSingleObjectEx
ResumeThread
SetProcessWorkingSetSize
GetSystemPowerStatus
FileTimeToLocalFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
GetPrivateProfileIntA

user32

wsprintfA
FindWindowW
SendMessageW
MessageBeep
LoadStringW
wsprintfW
CharUpperW

shell32

SHGetFolderPathW

flowcontrol

FlowEnabled

ofcdog

C_UnRegWatchDog_Ofc
C_RegWatchDog_Ofc
C_OfcDogLockFiles

ofcpluginapi

plgin_ApiDeInit
plgin_MainGetCtrlFlag
plgin_ApiInit

ofcpipc

OIPC_Init
OIPC_ReceiveStart
OIPC_ReplyCommand
OIPC_ReceiveStop
OIPC_DeInit
OIPC_CreateCommand
OIPC_CmdDataCopy
OIPC_SendData
OIPC_FreeCommand

libcntprodres

fnInitProdRes
fnUnInitProdRes
fnGetSpywareScanResult

timestring

__tmGetDateTimeStringW_syst
?_tmSetDateFormatW@@YAXPA_W@Z
?_tmSetTimeFormatW@@YAXPA_W@Z

wintrust

WinVerifyTrust

tmbmcli

ord12
ord16
ord19
ord18
ord9
ord1000
ord10
ord1
ord24
ord22
ord7
ord8
ord2
ord3
ord5
ord25
ord26
ord6
ord17

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 828KB - Virtual size: 824KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b98e301c4fdda27fcefc4b15eca7235

Headers

File Characteristics

Imports

psapi

pdh

perficrcperfmonmgr

vsapi32

version

netapi32

advapi32

shlwapi

rpcrt4

kernel32

user32

shell32

flowcontrol

ofcdog

ofcpluginapi

ofcpipc

libcntprodres

timestring

wintrust

tmbmcli

crypt32

ole32

Sections

.text Size: 828KB - Virtual size: 824KB

.rdata Size: 408KB - Virtual size: 406KB

.data Size: 32KB - Virtual size: 128KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 828KB - Virtual size: 824KB

.rdata
Size: 408KB - Virtual size: 406KB

.data
Size: 32KB - Virtual size: 128KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 16KB - Virtual size: 12KB