8121d44f0fcd91970ca9a4c66fa1482507c1915b303f8948a24d825ea57aaea4

Sharing

Copy URL Twitter E-mail

General

Target

8121d44f0fcd91970ca9a4c66fa1482507c1915b303f8948a24d825ea57aaea4
Size

845KB
MD5

08bd0b2015ee964cde49b5081281452c
SHA1

e7ccf43d4d8ec2ee090eeb4f58cc28201d01bb50
SHA256

8121d44f0fcd91970ca9a4c66fa1482507c1915b303f8948a24d825ea57aaea4
SHA512

bd6a6e095329051b900916a7e4034d58e042cb42ea223711b8f5f94e71c0302621c4a3ee66da5261f02096f1011e44d3f000e258b00ba68cf146a57c5bbdf3db
SSDEEP

12288:E1i1M6Y3QYQQX62f7TlXY14g5F5cAEBhcNwUqkSoetn6HnqOy9H3xVo2U:ExtQu62f9Y14ghBYe6rkSoe2qOyN7

Score

N/A

Malware Config

Signatures

Files

8121d44f0fcd91970ca9a4c66fa1482507c1915b303f8948a24d825ea57aaea4
.exe windows x86

e71462bd5756c21b90fdafefa508a594

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dhcpcsvc

McastRenewAddress
DhcpOpenGlobalEvent
DhcpDeRegisterOptions
DhcpRequestParams
DhcpAcquireParameters
McastReleaseAddress
DhcpRegisterOptions
McastRequestAddress
DhcpUndoRequestParams
DhcpReleaseParameters
McastGenUID
DhcpDelPersistentRequestParams
DhcpReleaseIpAddressLease
DhcpLeaseIpAddress
DhcpRegisterParamChange
DhcpNotifyConfigChangeEx
DhcpEnumClasses
McastApiCleanup
DhcpNotifyConfigChange
DhcpDeRegisterParamChange
McastEnumerateScopes
DhcpStaticRefreshParams
DhcpHandlePnPEvent
DhcpRequestOptions
DhcpCApiCleanup
DhcpPersistentRequestParams
DhcpRemoveDNSRegistrations
DhcpRenewIpAddressLease
DhcpReleaseIpAddressLeaseEx
DhcpFallbackRefreshParams

crypt32

CertEnumCRLsInStore
RegOpenKeyExU
RegQueryValueExU
CryptGetOIDFunctionAddress
CertGetCertificateContextProperty
CryptHashMessage
CertAddCTLLinkToStore
CryptMsgOpenToEncode
PFXIsPFXBlob
I_CryptFreeLruCache
CryptImportPublicKeyInfoEx
CertSetCertificateContextPropertiesFromCTLEntry
CryptSignMessageWithKey
CryptSetProviderU
I_CryptFlushLruCache
CertEnumCertificateContextProperties

mapistub

BMAPIResolveName
ScRelocNotifications@20
HrSetOmiProvidersFlagsInvalid@4
CloseIMsgSession@4
SwapPlong@8
HrThisThreadAdviseSink@8
UlPropSize@4
FtNegFt@8
MAPIDeleteMail
MAPIDeinitIdle@0
MAPISaveMail
UNKOBJ_COFree@8

polstore

IPSecEnumNFAData
IPSecFreeISAKMPData
IPSecDeleteISAKMPData
IPSecCopyISAKMPData
IPSecEnumNegPolData
IPSecEnumFilterData
IPSecGetFilterData
IPSecFreePolStr
IPSecFreeNegPolData
IPSecCreateNegPolData
IPSecCreateISAKMPData
IPSecAllocPolStr
IPSecFreeMulISAKMPData

ntdll

ZwIsSystemResumeAutomatic
RtlWalkHeap
ZwQueryInstallUILanguage
ZwFlushKey
RtlInitAnsiString
RtlLockHeap
DbgQueryDebugFilterState
CsrCaptureTimeout
ZwWaitForKeyedEvent
RtlxOemStringToUnicodeSize
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
RtlSizeHeap
RtlMoveMemory
RtlEnterCriticalSection
wcstol
vDbgPrintEx
_wtoi
NtQueryAttributesFile
ZwCreateWaitablePort
RtlCompareMemory

wininet

InternetGetCertByURL
InternetUnlockRequestFile
FreeUrlCacheSpaceA
FtpRenameFileA
InternetCrackUrlA
InternetSetOptionA
InternetSetPerSiteCookieDecisionA
DeleteUrlCacheContainerA
GopherCreateLocatorA
InternetSetCookieA
FindFirstUrlCacheEntryA
CreateUrlCacheEntryW
FindCloseUrlCache
GopherFindFirstFileA
FtpSetCurrentDirectoryW
FtpOpenFileW
InternetSetOptionW
InternetOpenUrlW
FtpPutFileW
SetUrlCacheConfigInfoA
UnlockUrlCacheEntryFileW
FtpCommandA
IncrementUrlCacheHeaderData
InternetAutodialHangup
GetUrlCacheGroupAttributeA
ResumeSuspendedDownload
DeleteUrlCacheGroup
DeleteUrlCacheEntryW
InternetGetPerSiteCookieDecisionA
FtpRemoveDirectoryW

odbc32

SQLExecDirectA
SQLTablePrivilegesW
SQLGetDiagFieldW
SQLGetData
SQLDriverConnectW
SQLStatisticsA
SQLGetConnectOptionA
SQLDescribeColA
SQLGetCursorNameW
SQLColumnsA
CollectODBCPerfData
SQLMoreResults
SQLBindParam
SQLColAttributeA
SQLDataSources
SQLNumResultCols
SQLGetDiagRec
SQLSetStmtAttrW
VRetrieveDriverErrorsRowCol
ODBCGetTryWaitValue
SQLGetDescRecW

kernel32

TransmitCommChar
GetSystemWindowsDirectoryA
Heap32ListFirst
GetOEMCP
_lclose
FindNextFileW
GetConsoleOutputCP
SetProcessAffinityMask
lstrcat
AddConsoleAliasA
HeapCreate
WriteConsoleInputW
LoadLibraryW
SetConsoleCP
GetVolumeNameForVolumeMountPointA
SetConsoleNlsMode
RemoveDirectoryW
GetProcessVersion
GetCommConfig

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

fnqjldh
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e71462bd5756c21b90fdafefa508a594

Headers

File Characteristics

Imports

dhcpcsvc

crypt32

mapistub

polstore

ntdll

wininet

odbc32

kernel32

Sections

.text Size: 376KB - Virtual size: 375KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 157KB - Virtual size: 1.6MB

.rsrc Size: 202KB - Virtual size: 201KB

.reloc Size: 1024B - Virtual size: 29KB

fnqjldh Size: - Virtual size: 4KB

.text
Size: 376KB - Virtual size: 375KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 157KB - Virtual size: 1.6MB

.rsrc
Size: 202KB - Virtual size: 201KB

.reloc
Size: 1024B - Virtual size: 29KB

fnqjldh
Size: - Virtual size: 4KB