ff820a6ff4a6ec528c8b492ad38fd5097a27892d3e5033afc235f72d12bf62f8

Sharing

Copy URL Twitter E-mail

General

Target

ff820a6ff4a6ec528c8b492ad38fd5097a27892d3e5033afc235f72d12bf62f8
Size

238KB
MD5

200520b010560f2d59a1036146ae03b0
SHA1

634462f4262cb95e348da2d5cafccf114794333c
SHA256

ff820a6ff4a6ec528c8b492ad38fd5097a27892d3e5033afc235f72d12bf62f8
SHA512

7e7c500d7f7c17d72b2d26f95b5f0cda2cf1594742147ee4a6a6125fb993a9de015d7c39446127f5b1d86a73180f602bb1ced9b9ba93b8a2db9c6e55cf4b36fd
SSDEEP

3072:pdUtINgZ+9SRTwPqjMBK68XVfg43378NU269qlKEadQ21C3mxh6MOSAke8wYfMJx:pdUtS9SRTNf5d78NUJqza22LxkZDYfux

Score

N/A

Malware Config

Signatures

Files

ff820a6ff4a6ec528c8b492ad38fd5097a27892d3e5033afc235f72d12bf62f8
.exe windows x86

e4a55984b05457fb453fe0a7750b05b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rtm

RtmCloseEnumerationHandle
RtmGetEnumNextHops
RtmReadAddressFamilyConfig
MgmGetMfe
RtmGetExactMatchRoute
RtmLookupIPDestination
RtmBlockDeleteRoutes
RtmGetRoutePointer
RtmCreateRouteEnum
RtmCreateRouteListEnum
RtmGetOpaqueInformationPointer
RtmDeleteRouteList
RtmIsMarkedForChangeNotification
RtmGetFirstRoute
RtmGetEnumRoutes
RtmGetChangedDests
MgmGetNextMfe
MgmReleaseInterfaceOwnership
DestroyTable
RtmReleaseEntityInfo
RtmGetMostSpecificDestination
RtmReleaseNextHops
RtmGetRouteInfo
RtmDeleteRouteTable
RtmIsBestRoute
MgmDeleteGroupMembershipEntry
RtmDeleteEnumHandle
MgmGetNextMfeStats

kernel32

SetTimeZoneInformation
UpdateResourceW
CreateSocketHandle
SetConsoleOS2OemFormat
LoadLibraryW
SetLastError
OpenFileMappingW
GetTimeZoneInformation
CreatePipe
CloseProfileUserMapping
HeapWalk
CreateRemoteThread
GetTickCount
GetConsoleCharType

cmutil

?IsEnabled@CmLogFile@@QAEHXZ
?Stop@CmLogFile@@QAEJXZ
?GetRegPath@CIniA@@QBEPBDXZ
?Generate@CRandom@@QAEHXZ
??1CIniA@@QAE@XZ
??4CIniA@@QAEAAV0@ABV0@@Z
?GetPrimaryFile@CIniW@@QBEPBGXZ
WzToSzWithAlloc
CmLoadSmallIconW
CmBuildFullPathFromRelativeA
?SetRegPath@CIniW@@QAEXPBG@Z
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
GetOSVersion
?SetPrimaryFile@CIniA@@QAEXPBD@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
CmStrrchrW
?SetEntry@CIniW@@QAEXPBG@Z
?Write@CmLogFile@@AAEJPAG@Z
??1CIniW@@QAE@XZ
MakeBold
?GetRegPath@CIniW@@QBEPBGXZ
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
?LoadSection@CIniA@@QBEPADPBD@Z
CmLoadSmallIconA
?SetSection@CIniW@@QAEXPBG@Z

hhsetup

?Save@CCollection@@QAEKXZ
?GetLangId@CCollection@@QAEGPBG@Z
?ParseFile@CCollection@@AAEKPBD@Z
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
??0CFIFOString@@QAE@XZ
?GetVisableRootFolder@CCollection@@QAEPAVCFolder@@XZ
?FirstLocation@CCollection@@QAEPAVCLocation@@XZ
?SetId@CTitle@@QAEXPBD@Z
?CheckTitleRef@CCollection@@AAEKPBDG@Z
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?GetVolume@CLocation@@QAEPADXZ
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?SetLanguage@CTitle@@QAEXG@Z
??0CFolder@@QAE@XZ
?GetFindMergedCHMS@CCollection@@QAEHXZ
??1CCollection@@QAE@XZ
?Release@CCollection@@AAEKXZ
?Open@CCollection@@QAEKPBG@Z
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?SetTitle@CFolder@@QAEXPBD@Z
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?GetLangId@CCollection@@QAEGPBD@Z
?IncrementRefTitleCount@CCollection@@QAEXXZ
?AddChildFolder@CFolder@@QAEKPAV1@@Z
?GetLanguage@CTitle@@QAEGXZ
??1CFIFOString@@QAE@XZ
?SetParent@CFolder@@QAEXPAV1@@Z
?GetId@CLocation@@QBEPADXZ
??4CFolder@@QAEAAV0@ABV0@@Z
?SetFirstChildFolder@CFolder@@QAEXPAV1@@Z

msdtcprx

ShutDownCM
DTC_XaRollback
DTC_XaPrepare
?RemoveDtc@@YGJPAG00@Z
?GetDtcLogPath@@YGHKPAG@Z
DTC_XaClose
?Create@CNameService@@SGJPAPAV1@@Z
ContactToNameObject
?CreateInstance@CTmProxyCore@@SGJPAPAV1@PAUIUnknown@@@Z
DllGetDTCConnectionManager
DllGetDTCUtilObject
DllGetClassObject
DTC_XaOpen
DTC_XaComplete
?InstallDtcClient@@YGJPAGKK@Z
DTC_XaCommit
DTC_XaEnd
DllRegisterServer
DllGetTransactionManagerCore
DTC_XaForget
DTC_XaStart
DTC_XaRecover
DllUnregisterServer
DllGetDTCProxy

t2embed

_TTEmbedFontFromFileA@52
TTIsEmbeddingEnabled
_TTLoadEmbeddedFont@40
TTDeleteEmbeddedFont
_TTRunValidationTests@8
TTGetEmbeddedFontInfo
_TTGetEmbeddingType@8
_TTIsEmbeddingEnabled@8
TTEmbedFont
TTEnableEmbeddingForFacename
TTRunValidationTestsEx
_TTEnableEmbeddingForFacename@8
_TTDeleteEmbeddedFont@12
TTEmbedFontEx
_TTCharToUnicode@24
TTGetEmbeddingType
_TTIsEmbeddingEnabledForFacename@8
_TTGetEmbeddedFontInfo@28
TTRunValidationTests
TTLoadEmbeddedFont
TTCharToUnicode
TTEmbedFontFromFileA
_TTEmbedFont@44
TTIsEmbeddingEnabledForFacename

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4a55984b05457fb453fe0a7750b05b4

Headers

File Characteristics

Imports

rtm

kernel32

cmutil

hhsetup

msdtcprx

t2embed

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 59KB - Virtual size: 58KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 59KB - Virtual size: 58KB

.rsrc
Size: 3KB - Virtual size: 2KB