2fc3de7201afb39552c4a2d7f339bf40316a64ded81940f1e7f92e8cd0e994ae

Sharing

Copy URL Twitter E-mail

General

Target

2fc3de7201afb39552c4a2d7f339bf40316a64ded81940f1e7f92e8cd0e994ae
Size

161KB
MD5

100ec0644f5b74739d14af1ae751e29f
SHA1

6fdbb05d02b7ad12a250325c6f2b48ef02055498
SHA256

2fc3de7201afb39552c4a2d7f339bf40316a64ded81940f1e7f92e8cd0e994ae
SHA512

a425d39e1b72904bb8a9338b347c6ecaf9f38d6d3af65141c9ffd2b3e842642f68a5ce4e429f428212bd1e51f828ea7452b0e13bd0fb6fae7d1b8ac28a052aff
SSDEEP

3072:35AZFrgj0fPki8mApbCp6ZO3qGHKQ9dvlLoHsSQA5afjaETsA1OmHEinlFUc7:35A/ggXki8/pe6ZUHDdvl+kuE4mHESUy

Score

N/A

Malware Config

Signatures

Files

2fc3de7201afb39552c4a2d7f339bf40316a64ded81940f1e7f92e8cd0e994ae
.exe windows x86

9af9e6168eaba0345fcfd731e57c2f73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

EngFillPath
GetBitmapDimensionEx
GdiConsoleTextOut
SetMiterLimit
GetRasterizerCaps
GetTextAlign
SetRelAbs
StrokePath
CreateDCW
GdiConvertDC
EngDeletePalette
CloseMetaFile
XLATEOBJ_cGetPalette
EngWideCharToMultiByte
RemoveFontResourceExA
SetICMProfileA
PATHOBJ_bEnum
GetTextExtentExPointWPri
EngCreateBitmap
SelectPalette
FONTOBJ_pvTrueTypeFontFile
SetBoundsRect
ClearBitmapAttributes
GetViewportOrgEx
GetTextFaceW
SetPixelFormat
DdEntry34
SetSystemPaletteUse
CreateFontIndirectW
CreateBrushIndirect
GdiGetSpoolMessage
GdiQueryFonts
EnumFontFamiliesW
RemoveFontResourceExW
GdiPlayJournal
GdiEntry6
GetEnhMetaFilePixelFormat
EngDeleteSemaphore
FrameRgn
GetTextCharset

kernel32

UnregisterWait
GetGeoInfoW
FindFirstFileExA
GetModuleHandleA
OpenConsoleW
HeapUnlock
GetUserDefaultLCID
BaseCheckAppcompatCache
LZOpenFileA
ReadFileScatter
ReadConsoleOutputAttribute
FileTimeToSystemTime
GetDiskFreeSpaceA
EnumSystemGeoID
GetFileAttributesW
GlobalHandle
FormatMessageW
SetConsoleDisplayMode
LocalAlloc
GetCurrentThread
GlobalAlloc
FlushViewOfFile
GetBinaryTypeA
GetHandleInformation
ReadConsoleW
Module32FirstW
GlobalGetAtomNameW
OpenSemaphoreA
IsValidCodePage
FlushFileBuffers
LoadLibraryA
VirtualAlloc
CreatePipe

rasman

RasGetProtocolInfo
RasPortGetInfo
RasProtocolEnum
RasCompressionSetInfo
RasPortEnumProtocols
RasGetNdiswanDriverCaps
RasRpcRemoteGetUserPreferences
RasGetInfo
RasPortOpenEx
RasPortFree
RasRpcGetUserPreferences
RasIsTrustedCustomDll
RasRpcGetVersion
RasRpcRemoteGetSystemDirectory
RasSetConnectionUserData
RasBundleGetStatisticsEx
RasGetFramingCapabilities
RasGetTimeSinceLastActivity
RasGetPortUserData
RasRpcGetInstalledProtocolsEx
RasPortSetInfo
RasRequestNotification
RasPortConnectComplete
RasPortGetBundle
RasPortGetStatisticsEx
RasRefConnection
RasReferenceCustomCount
RasPortSetFramingEx
RasGetDevConfig
RasGetDeviceConfigInfo

mapistub

MAPISendMail
MNLS_lstrcmpW@8
HrDispatchNotifications@4
GetAttribIMsgOnIStg@12
GetOutlookVersion@0
UNKOBJ_ScSzFromIdsAlloc@20
ScInitMapiUtil@4
EncodeID@12
MAPIUninitialize@0
HrValidateParameters@8
SwapPword@8
FtMulDwDw@8
MAPIInitialize@4
SetAttribIMsgOnIStg@16
IsBadBoundedStringPtr@8
DllGetClassObject
MNLS_MultiByteToWideChar@24
MNLS_CompareStringW@24
FreePadrlist@4
HrGetOmiProvidersFlags@8
cmc_send
HrSetOneProp@8
HrDecomposeMsgID@24
UNKOBJ_Free@8
MAPIFindNext
UlPropSize@4
FGetComponentPath
OpenIMsgSession@12
cmc_query_configuration
HrEntryIDFromSz@12
UNKOBJ_ScCOAllocate@12
InstallFilterHook@4

msdart

?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?_Apply@CLKRLinearHashTable@@AAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@AAW4LK_PREDICATE@@@Z
?BucketSize@CLKRHashTableStats@@SGJJ@Z
?BucketSizes@CLKRHashTableStats@@SGPBJXZ
mpMalloc
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?_H1@CLKRLinearHashTable@@CGKKK@Z
??0CSingleList@@QAE@XZ
?Last@CLockedDoubleList@@QAEQAVCListEntry@@XZ
??4CLockedSingleList@@QAEAAV0@ABV0@@Z
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
?WriteLock@CLKRLinearHashTable@@QAEXXZ
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?_AddRefRecord@CLKRLinearHashTable@@ABEXPBXH@Z
?SetDefaultSpinCount@CReaderWriterLock@@SGXG@Z
?ApplyIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@ZP6G?AW4LK_ACTION@@01@Z1W4LK_LOCKTYPE@@@Z
?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
?WriteLock@CFakeLock@@QAEXXZ
?IsEmpty@CLockedSingleList@@QBE_NXZ
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?IsWriteUnlocked@CLKRHashTable@@QBE_NXZ
?RemoveEntry@CDoubleList@@SGXQAVCListEntry@@@Z
?ConvertExclusiveToShared@CSpinLock@@QAEXXZ
?_CurrentThreadId@CSmallSpinLock@@CGJXZ
SetMemHook
?ValidSignature@CLKRHashTable@@QBE_NXZ

ntdll

RtlReAllocateHeap
LdrShutdownProcess
RtlRegisterSecureMemoryCacheCallback
ZwCreateIoCompletion
_wcsnicmp
__toascii
RtlTimeToSecondsSince1970
NtRenameKey
ZwSetSystemTime
RtlUpperChar
ZwOpenProcessTokenEx
NtOpenSymbolicLinkObject
NtSetValueKey
NtFlushBuffersFile
RtlFormatCurrentUserKeyPath
wcscat
NtPrivilegeObjectAuditAlarm
ZwSetBootEntryOrder
ZwWaitForSingleObject
RtlActivateActivationContextEx
RtlDestroyProcessParameters
NtDeleteObjectAuditAlarm
RtlEqualComputerName
ZwSetQuotaInformationFile
RtlFindNextForwardRunClear
ZwQueryTimerResolution
RtlFindMessage
strspn
log
NtDebugContinue
NtQueryObject
NtImpersonateClientOfPort
ZwTerminateProcess
RtlTimeToElapsedTimeFields
NtCreateProcessEx
strcmp
RtlAnsiCharToUnicodeChar
RtlAddAccessDeniedAce

unimdmat

UmMonitorModem
UmHangupModem
UmLogStringA
UmGetDiagnostics
UmIssueCommand
UmAbortCurrentModemCommand
UmGenerateDigit
UmDuplicateDeviceHandle
UmOpenModem
UmInitializeModemDriver
UmDialModem
UmWaveAction
UmSetSpeakerPhoneState
UmCloseModem
UmSetPassthroughMode
UmDeinitializeModemDriver
UmAnswerModem
UmInitModem
UmLogDiagnostics

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9af9e6168eaba0345fcfd731e57c2f73

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

rasman

mapistub

msdart

ntdll

unimdmat

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 79KB - Virtual size: 156KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 908B

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 79KB - Virtual size: 156KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 908B