948ff487906663569d6a766d8df66b17008eb4d6f3b2ef040fcad85b4ef5a06a

Sharing

Copy URL Twitter E-mail

General

Target

948ff487906663569d6a766d8df66b17008eb4d6f3b2ef040fcad85b4ef5a06a
Size

192KB
MD5

1d7255bc7e87bbfdb49dfc90a82f79e0
SHA1

726065f077973eb393d2fc36032c5de51956f36c
SHA256

948ff487906663569d6a766d8df66b17008eb4d6f3b2ef040fcad85b4ef5a06a
SHA512

7143030b32da612f64b10603c36612d8a7edd65af4644acb4cd1b11a69ebf03ef41f99d7f956393c7db7985893750a732f4a59512ece4f2419bc85ef32e95294
SSDEEP

3072:JmUATkLmCObK6d8vT6+kg+K6J8TPfaJRY0tHGmaLuxCyADyC+koHZ4f0gL:z/CCeKS8TFryCyEJmyc8

Score

N/A

Malware Config

Signatures

Files

948ff487906663569d6a766d8df66b17008eb4d6f3b2ef040fcad85b4ef5a06a
.exe windows x86

de9cf4ea01511dda15a8a2ac7d869852

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSEnumerateSessionsW
WTSShutdownSystem
WTSEnumerateSessionsA
WTSVirtualChannelPurgeOutput
WTSSetSessionInformationW
WTSCloseServer
WTSEnumerateServersW
WTSQueryUserConfigA
WTSOpenServerW
WTSQuerySessionInformationW
WTSOpenServerA
WTSDisconnectSession
WTSVirtualChannelClose
WTSTerminateProcess
WTSSetUserConfigA
WTSFreeMemory
WTSEnumerateProcessesW
WTSLogoffSession
WTSEnumerateProcessesA
WTSQuerySessionInformationA
WTSSetSessionInformationA
WTSVirtualChannelRead
WTSSendMessageA
WTSWaitSystemEvent
WTSSetUserConfigW
WTSSendMessageW
WTSVirtualChannelWrite
WTSVirtualChannelQuery
WTSEnumerateServersA
WTSVirtualChannelOpen
WTSQueryUserConfigW
WTSVirtualChannelPurgeInput

kernel32

VirtualAlloc
GetCurrentThreadId
DelayLoadFailureHook
GetVersion
GetSystemTime
GetCurrentProcessId
CreateFileA
GetCommandLineA
GetFileAttributesA
TlsGetValue
CloseHandle
FreeEnvironmentStringsA
WriteFile
lstrlenA
GetModuleHandleA
GetCurrentProcess
GetConsoleTitleA
QueryPerformanceCounter
GetCompressedFileSizeW
lstrlenW
GetCommandLineW
GetCurrentThread
GetSystemTimeAsFileTime

activeds

FreeADsStr
ADsOpenObject
PropVariantToAdsType2
ADsDecodeBinaryData
AdsTypeToPropVariant
AdsFreeAdsValues
ADsBuildVarArrayStr
ADsSetLastError
ReallocADsStr
DllGetClassObject
DllCanUnloadNow
ADsGetLastError
ReallocADsMem
AllocADsMem
ADsBuildVarArrayInt
ADsFreeEnumerator
ADsEnumerateNext
ConvertSecurityDescriptorToSecDes
ADsGetObject
ConvertSecDescriptorToVariant
PropVariantToAdsType
AllocADsStr
ADsEncodeBinaryData
AdsTypeToPropVariant2
ADsBuildEnumerator
FreeADsMem

msvcrt

_wcsnicoll
freopen
ceil
_wmktemp
_initterm
_beep
__p__commode
fflush
_wspawnve
_wctime
_mbsnset
__set_app_type
_findnext64
__unDName
_vsnprintf
__p__fmode
??_Gbad_cast@@UAEPAXI@Z
fsetpos
_execl
system
_fstat64
_heapchk
iswascii
_mbctoupper
_assert
_strnicoll
__winitenv
_wspawnlp
_putch
__unguarded_readlc_active
_setjmp
_fmode
_itow
fread
_wfdopen
_lsearch
_filelength
_adj_fdiv_m32i
_wcsrev
wcsncat
time

perfctrs

CollectNbfPerformanceData
OpenDhcpPerformanceData
CloseDhcpPerformanceData
CloseTcpIpPerformanceData
CloseSPXPerformanceData
OpenNWNBPerformanceData
OpenSPXPerformanceData
CollectDhcpPerformanceData
CollectTcpIpPerformanceData
OpenTcpIpPerformanceData
CloseNbfPerformanceData
CloseNWNBPerformanceData
CollectIPXPerformanceData
CloseIPXPerformanceData
CollectNWNBPerformanceData
CollectSPXPerformanceData
OpenIPXPerformanceData
OpenNbfPerformanceData

dplayx

DllRegisterServer
DirectPlayCreate
DirectPlayEnumerateW
DirectPlayLobbyCreateA
DllGetClassObject
DllCanUnloadNow
DirectPlayEnumerateA
DirectPlayEnumerate
gdwDPlaySPRefCount
DllUnregisterServer
DirectPlayLobbyCreateW

gdi32

SetICMProfileW
CreateBrushIndirect
EngPlgBlt
SelectObject
EqualRgn
CreatePenIndirect
CreateDIBSection
CreatePen
DeleteObject
EnumFontFamiliesExA

utildll

StrSdClass
WinEnumerateDevices
CompareElapsedTime
ParseDecoratedAsyncDeviceName
SetupAsyncCdConfig
ConfigureModem
RegGetNetworkServiceName
NetBIOSDeviceEnumerate
HaveAnonymousUsersChanged
StrProcessState
DateTimeString
GetAssociatedPortName
RegGetNetworkDeviceName
CachedGetUserFromSid

ole32

DllGetClassObject
OleSetContainedObject
DoDragDrop
STGMEDIUM_UserMarshal
CoGetCallContext
HGLOBAL_UserFree
CoRevertToSelf
HMETAFILEPICT_UserSize
CreateOleAdviseHolder
CoTaskMemRealloc
ReadStringStream
HBITMAP_UserMarshal
CreateGenericComposite
OleDoAutoConvert
CoTreatAsClass
FmtIdToPropStgName
OleConvertOLESTREAMToIStorageEx
HMETAFILEPICT_UserUnmarshal
CreateClassMoniker
CoMarshalHresult
HBRUSH_UserUnmarshal
HMETAFILE_UserUnmarshal
OleCreateEmbeddingHelper
OleCreateFromFileEx
HBITMAP_UserFree
CoQueryProxyBlanket
OleUninitialize

acledit

EditAuditInfo
DllMain
SedDiscretionaryAclEditor
EditPermissionInfo
EditOwnerInfo
SedTakeOwnership
SedSystemAclEditor
FMExtensionProcW

msls31

LsdnFinishDeleteAll
LsEnumLine
LsdnFinishDelete
LssbGetDurTrailInSubline
LsQueryLineDup
LsdnGetCurTabInfo
LsCreateSubline
LsdnModifyParaEnding
LsdnSetRigidDup
LsdnGetFormatDepth
LsSetBreakSubline
LsQueryFLineEmpty
LsSetCompression
LsdnQueryPenNode
LsGetSpecialEffectsSubline
LsdnResolvePrevTab
LsPointUV2FromPointUV1
LsGetLineDur
LssbGetNumberDnodesInSubline
LsGetHihLsimethods
LssbGetVisibleDcpInSubline
LssbGetPlsrunsFromSubline
LsTruncateSubline
LsdnSubmitSublines
LsDisplayLine
LsExpandSubline
LsSetDoc
LsdnFinishBySubline

msasn1

ASN1CEREncChar32String
ASN1BERDotVal2Eoid
ASN1_CloseEncoder2
ASN1BEREncZeroMultibyteString
ASN1CEREncOctetString
ASN1char16string_free
ASN1ztchar32string_free
ASN1BERDecObjectIdentifier2
ASN1_SetDecoderOption
ASN1BEREncOctetString
ASN1open_cmp
ASN1_CloseEncoder
ASN1_CreateDecoderEx
ASN1BERDecCharString
ASN1BEREncMultibyteString
ASN1octetstring_free
ASN1char32string_free
ASN1BEREncCharString
ASN1CEREncBeginBlk
ASN1_Decode
ASN1utctime_cmp

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de9cf4ea01511dda15a8a2ac7d869852

Headers

File Characteristics

Imports

wtsapi32

kernel32

activeds

msvcrt

perfctrs

dplayx

gdi32

utildll

ole32

acledit

msls31

msasn1

Sections

.text Size: 4KB - Virtual size: 2KB

.rsrc Size: 102KB - Virtual size: 101KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 74KB - Virtual size: 73KB

.reloc Size: 2KB - Virtual size: 412B

.text
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 102KB - Virtual size: 101KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 74KB - Virtual size: 73KB

.reloc
Size: 2KB - Virtual size: 412B