fc22da627669b9781c938cf1a8514559dfbc9aa96c530ddd792fbb8885aecc57

Sharing

Copy URL

Twitter E-mail

General

Target

fc22da627669b9781c938cf1a8514559dfbc9aa96c530ddd792fbb8885aecc57
Size

823KB
MD5

0fedda8b5117255f7981b0ff09d7f14c
SHA1

5f7b3dbad24684bdd2b159603dbabae80e8ba274
SHA256

fc22da627669b9781c938cf1a8514559dfbc9aa96c530ddd792fbb8885aecc57
SHA512

2aa38b45fa00bcc61cb02b10bd9d0d24ec7fec530350e12f29cddee8264e4ae63beafe906f4a4d97272e063d21175748652258156c98d6127eaef08a3fd94320
SSDEEP

24576:aRZYB8/bxGHvxnJ7QkOyVVy7phBjuuYS766q0PMxeOUTVOEjZ:aRZYBKxGHZndQkOyHylhBjloVPxn4Z

Score

N/A

Malware Config

Signatures

Files

fc22da627669b9781c938cf1a8514559dfbc9aa96c530ddd792fbb8885aecc57
.exe windows x86

ccae960ac6d9d9d984108624a3c28669

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

_lseek
_chmod
_controlfp
atexit
__doserrno
ldexp
iswdigit
_CIpow
_rotl
isalnum
system
_expand
is_wctype
isdigit
_mkdir
_wtoi
sqrt
_strset
_tzname
_y1
_getdrive
isprint

iphlpapi

GetIpStatisticsEx
_PfDeleteLog@0
NotifyRouteChange
GetUdpStatisticsEx
EnableRouter
CreateIpNetEntry
GetUdpTable
FlushIpNetTable
GetPerAdapterInfo
CreateProxyArpEntry
SetIpNetEntry
GetIpAddrTable
GetRTTAndHopCount

msdart

??4CReaderWriterLock@@QAEAAV0@ABV0@@Z
?DeleteRecord@CLKRHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
?IsWriteLocked@CReaderWriterLock2@@QBE_NXZ
?SetSpinCount@CReaderWriterLock3@@QAE_NG@Z
?NumSubTables@CLKRHashTable@@QBEHXZ
?GetSpinCount@CReaderWriterLock3@@QBEGXZ
MPDeleteCriticalSection
?WriteUnlock@CSpinLock@@QAEXXZ
?GetSpinCount@CCritSec@@QBEGXZ
??4CDoubleList@@QAEAAV0@ABV0@@Z
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?Last@CDoubleList@@QBEQAVCListEntry@@XZ
?IsWriteUnlocked@CFakeLock@@QBE_NXZ
MpHeapAlloc
?IsWriteUnlocked@CSpinLock@@QBE_NXZ
?ConvertExclusiveToShared@CSmallSpinLock@@QAEXXZ
?WriteLock@CReaderWriterLock3@@QAEXXZ
?WriteLock@CSmallSpinLock@@QAEXXZ
?ConvertExclusiveToShared@CLKRLinearHashTable@@QBEXXZ
?ConvertExclusiveToShared@CLKRHashTable@@QBEXXZ
?_WriteLockSpin@CReaderWriterLock@@AAEXXZ
?DeleteIf@CLKRLinearHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?IsEmpty@CLockedSingleList@@QBE_NXZ
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
??0CSingleList@@QAE@XZ
?GetStatistics@CLKRLinearHashTable@@QBE?AVCLKRHashTableStats@@XZ

d3d8thk

OsThunkDdColorControl
OsThunkDdGetInternalMoCompInfo
OsThunkDdCreateDirectDrawObject
OsThunkDdFlip
OsThunkDdUpdateOverlay
OsThunkDdCreateSurfaceObject
OsThunkDdDestroyMoComp
OsThunkDdDeleteSurfaceObject
OsThunkDdUnlock
OsThunkDdAddAttachedSurface
OsThunkDdAlphaBlt
OsThunkDdSetExclusiveMode
OsThunkDdFlipToGDISurface

kernel32

LeaveCriticalSection
GetUserDefaultUILanguage
QueryPerformanceCounter
CreateMemoryResourceNotification
SetVolumeMountPointA
QueryPerformanceFrequency
ExpandEnvironmentStringsA
MapUserPhysicalPages
IsBadHugeReadPtr
WriteFileEx
EnumResourceLanguagesW
GetThreadSelectorEntry
EnumSystemCodePagesA
SetCriticalSectionSpinCount
GetCurrentThread
GetCurrentDirectoryA
GetDefaultCommConfigA
Process32NextW
GetModuleHandleW
RemoveLocalAlternateComputerNameA
GetLocaleInfoW
LoadLibraryW

ntdll

ZwFlushInstructionCache
RtlMakeSelfRelativeSD
NtRegisterThreadTerminatePort
RtlSelfRelativeToAbsoluteSD2
RtlUnlockHeap
_ultoa
NtSetInformationKey
RtlApplyRXact
RtlTryEnterCriticalSection
cos
RtlExpandEnvironmentStrings_U
NtSetInformationFile
NtWaitForSingleObject
NtOpenJobObject
RtlSetCurrentDirectory_U
_lfind
NtSaveMergedKeys
NtCreateEvent
ZwConnectPort
NtCreateProfile
RtlDeactivateActivationContext
RtlAddAccessAllowedObjectAce
NtQueryEaFile
ZwReplaceKey
RtlFindMessage

ddraw

CompleteCreateSysmemSurface
GetSurfaceFromDC
GetDDSurfaceLocal
ReleaseDDThreadLock
DDGetAttachedSurfaceLcl
DirectDrawCreateEx
DirectDrawEnumerateExW
DSoundHelp
AcquireDDThreadLock
DDInternalUnlock
D3DParseUnknownCommand
DirectDrawCreate
DirectDrawCreateClipper
DirectDrawEnumerateA
DllGetClassObject
GetOLEThunkData
DllCanUnloadNow
DirectDrawEnumerateW
DirectDrawEnumerateExA
RegisterSpecialCase
DDInternalLock

Sections

.text
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ccae960ac6d9d9d984108624a3c28669

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

iphlpapi

msdart

d3d8thk

kernel32

ntdll

ddraw

Sections

.text Size: 370KB - Virtual size: 369KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 197KB - Virtual size: 1.6MB

.rsrc Size: 131KB - Virtual size: 131KB

.reloc Size: 1024B - Virtual size: 864B

.text
Size: 370KB - Virtual size: 369KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 197KB - Virtual size: 1.6MB

.rsrc
Size: 131KB - Virtual size: 131KB

.reloc
Size: 1024B - Virtual size: 864B