2eb4206c88ddda54d02100d6955517f43c225ed9d8dbdb86e8847df98fca1903

Sharing

Copy URL Twitter E-mail

General

Target

2eb4206c88ddda54d02100d6955517f43c225ed9d8dbdb86e8847df98fca1903
Size

840KB
MD5

09a5a3be4def69b5d0a1da77567fee14
SHA1

132406a5c214acd8c6b371b5c75e07e3f0d9d530
SHA256

2eb4206c88ddda54d02100d6955517f43c225ed9d8dbdb86e8847df98fca1903
SHA512

d155373a863645fa34e36efb681cbd9b3cdbc3ce49f3eab810bc7bdc3a760fe7a79b355596b138a79e61e273a69365ca3d8a21bbbda02a3b49047da3f6d41b70
SSDEEP

12288:UVv5YZsDIAhbnoRY490bHZq9toztHbDOYdpvUeI5LkqF0SHH+sTxj2rhxOoR:aTDpFnoR/Gq9toztHbPd3Ib9sL

Score

N/A

Malware Config

Signatures

Files

2eb4206c88ddda54d02100d6955517f43c225ed9d8dbdb86e8847df98fca1903
.exe windows x86

4f60dbada5e19488e5f9459e9d5ab6cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LsaGetSystemAccessAccount
SetPrivateObjectSecurityEx
ConvertSidToStringSidW
GetNamedSecurityInfoW
MD5Final
ConvertSecurityDescriptorToStringSecurityDescriptorA
ObjectDeleteAuditAlarmA
CredDeleteA
WmiFileHandleToInstanceNameA
UnlockServiceDatabase
LsaSetInformationPolicy
GetNumberOfEventLogRecords
GetPrivateObjectSecurity
ElfChangeNotify
LsaLookupPrivilegeDisplayName
SetSecurityDescriptorRMControl
LsaICLookupSids
GetCurrentHwProfileW
CloseTrace
FindFirstFreeAce

cfgmgr32

CM_Add_Empty_Log_Conf_Ex
CM_Unregister_Device_Interface_ExW
CM_Get_Res_Des_Data_Ex
CM_Get_HW_Prof_Flags_ExA
CM_Get_Resource_Conflict_DetailsW
CM_Add_Range
CM_Set_HW_Prof_FlagsA
CM_Get_HW_Prof_FlagsA
CM_Query_Remove_SubTree
CM_Setup_DevNode_Ex
CM_Get_Version
CM_Open_Class_Key_ExA
CM_Set_Class_Registry_PropertyW
CM_Set_DevNode_Registry_PropertyA
CM_Is_Dock_Station_Present
CM_Get_Res_Des_Data
CM_Get_Hardware_Profile_InfoW
CM_Get_Resource_Conflict_Count
CM_Unregister_Device_InterfaceW
CM_Run_Detection_Ex
CM_Get_Next_Log_Conf
CM_Free_Log_Conf
CM_Get_Class_Key_Name_ExW
CM_Get_Device_Interface_List_Size_ExW

kernel32

FileTimeToLocalFileTime
SetLastError
RemoveVectoredExceptionHandler
HeapCompact
GetConsoleCommandHistoryLengthW
AddLocalAlternateComputerNameA
ShowConsoleCursor
GetWindowsDirectoryA
SetConsolePalette
GetStartupInfoA
LZClose
LoadLibraryW
OpenThread
SearchPathW
SetTapeParameters
LocalAlloc
GetProcAddress
GetConsoleCursorMode
OpenFile
GetConsoleDisplayMode
TryEnterCriticalSection
GetNamedPipeInfo
GlobalAlloc
lstrcmpiW
EnumResourceLanguagesA
HeapCreate
FindClose
WritePrivateProfileSectionA
OpenJobObjectW
Heap32Next
OpenSemaphoreA
DeleteTimerQueueEx
RemoveDirectoryW
WriteConsoleInputW
SetClientTimeZoneInformation
GetThreadPriority
GlobalFindAtomA
GetConsoleOutputCP
CloseHandle
FormatMessageA
OpenProfileUserMapping
GetDiskFreeSpaceA
Heap32ListFirst
AddConsoleAliasA
GetCommMask
GetThreadPriorityBoost
RequestWakeupLatency
lstrcpynA
IsDebuggerPresent
SetThreadIdealProcessor
EnumCalendarInfoW
BackupRead

ufat

??0FAT_DIRENT@@QAE@XZ
?Read@REAL_FAT_SA@@UAEEPAVMESSAGE@@@Z
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
??1FAT_DIRENT@@UAE@XZ
FormatEx
??1ROOTDIR@@UAE@XZ
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?QueryNthCluster@FAT@@QBEKKK@Z
??0EA_SET@@QAE@XZ
?Read@CLUSTER_CHAIN@@UAEEXZ
??1CLUSTER_CHAIN@@UAE@XZ
?Write@CLUSTER_CHAIN@@UAEEXZ
?IsValidCreationTime@FAT_DIRENT@@QBEEXZ
??0CLUSTER_CHAIN@@QAE@XZ
?Initialize@FAT_DIRENT@@QAEEPAX@Z
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
??0EA_HEADER@@QAE@XZ
?Initialize@REAL_FAT_SA@@UAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@E@Z
?Initialize@ROOTDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KJ@Z
?QueryLongName@FATDIR@@QAEEJPAVWSTRING@@@Z
Chkdsk
??0FILEDIR@@QAE@XZ
?Read@EA_SET@@UAEEXZ
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
?QueryEaSetClusterNumber@EA_HEADER@@QBEGG@Z
Recover
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
?Index12@FAT@@ABEKK@Z

wininet

InternetWriteFile
GopherGetAttributeW
SetUrlCacheHeaderData
GopherCreateLocatorW
SetUrlCacheEntryGroup
GetUrlCacheEntryInfoW
FtpRemoveDirectoryA
ForceNexusLookup
InternetClearAllPerSiteCookieDecisions
InternetTimeToSystemTimeA
InternetCrackUrlA
FtpDeleteFileA
DeleteUrlCacheEntryW
InternetDialA
InternetGetCertByURLA

avifil32

AVIFileGetStream
AVISaveVA
AVIStreamFindSample
EditStreamSetInfoW
AVIFileOpenW
AVIStreamBeginStreaming
AVISaveA
EditStreamCut
AVIMakeCompressedStream
AVIStreamReadData
AVIFileAddRef
AVISaveVW
AVIClearClipboard
AVIFileInfoA
IID_IAVIFile
AVIGetFromClipboard
AVIMakeFileFromStreams

Sections

.text
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f60dbada5e19488e5f9459e9d5ab6cb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

cfgmgr32

kernel32

ufat

wininet

avifil32

Sections

.text Size: 366KB - Virtual size: 366KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 189KB - Virtual size: 1.6MB

.rsrc Size: 167KB - Virtual size: 166KB

.reloc Size: 1024B - Virtual size: 904B

.text
Size: 366KB - Virtual size: 366KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 189KB - Virtual size: 1.6MB

.rsrc
Size: 167KB - Virtual size: 166KB

.reloc
Size: 1024B - Virtual size: 904B