2a20bf3adce8e028ad9cc3b7e14322d57d0e328b8917e7ea31cf502b83f12a5b

Sharing

Copy URL Twitter E-mail

General

Target

2a20bf3adce8e028ad9cc3b7e14322d57d0e328b8917e7ea31cf502b83f12a5b
Size

132KB
MD5

0f505e2c51d522e57f326a5f9c296e25
SHA1

3d85d3ec9217b96f5c97040351916827ec762b25
SHA256

2a20bf3adce8e028ad9cc3b7e14322d57d0e328b8917e7ea31cf502b83f12a5b
SHA512

4e3144c0a90e8c3f2f355afc2578e482be86a3c51861049d88dc12f7565bb97321685ec952ac37688c51a269f4958db91e810e818ebe78cae12c7cb392bbba2f
SSDEEP

3072:ztJYNYiFpiDPwVVKn8CWuoO28FM9ePuIr6vZj/xvXrRo:xJaYiGDakzWuj9M9ePZ2R1K

Score

N/A

Malware Config

Signatures

Files

2a20bf3adce8e028ad9cc3b7e14322d57d0e328b8917e7ea31cf502b83f12a5b
.exe windows x86

52a91e04cea2880255a8404e65423329

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFileTimeToFileTime
GetVolumePathNameW
GetModuleHandleA
GetLocaleInfoA
OpenEventW
CancelTimerQueueTimer
WritePrivateProfileStructW
GetCurrentThread
SetCommState
RemoveDirectoryA
LoadLibraryW
SetFileTime
GetLocalTime
VerifyVersionInfoW
SleepEx

ntmarta

AccProvHandleRevokeAccessRights
AccRewriteSetHandleRights
AccConvertAccessMaskToActrlAccess
AccProvCancelOperation
AccGetAccessForTrustee
AccProvHandleIsObjectAccessible
AccProvGetCapabilities
AccFreeIndexArray
AccConvertSDToAccess
AccProvHandleGrantAccessRights
AccProvRevokeAccessRights
AccRewriteGetHandleRights
AccRewriteSetNamedRights

ifsutil

??1INTSTACK@@UAE@XZ
?GetDrive@SECRUN@@QAEPAVIO_DP_DRIVE@@XZ
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
??0SECRUN@@QAE@XZ
?SetSystemId@LOG_IO_DP_DRIVE@@QAEEE@Z
?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
?DiskCopyMainLoop@@YGHPBVWSTRING@@000EPAVMESSAGE@@1@Z

ws2_32

WSANSPIoctl
WSAAsyncSelect
htonl
WSAStartup
WSACancelAsyncRequest
WSAInstallServiceClassW
WSAJoinLeaf
WSASendTo
WSAEventSelect
WSAStringToAddressA
WSARecvDisconnect
WSAAsyncGetServByPort
WSALookupServiceNextW
WSADuplicateSocketW
WSASocketA
WSASetServiceA
getpeername
WSAIoctl
WSAAddressToStringW
WSAGetServiceClassInfoA
WSAAddressToStringA
WEP
WSAInstallServiceClassA

shell32

StrChrA
SHCreateProcessAsUserW
SHGetDataFromIDListA
SHExtractIconsW
SHUpdateRecycleBinIcon
StrRStrIW
SHGetFileInfoW
SHFreeNameMappings
SHChangeNotify
InternalExtractIconListW
AppCompat_RunDLLW
SHGetFileInfo
SHGetDiskFreeSpaceExA
ShellAboutW
Shell_NotifyIconW
StrRStrA
StrRChrA
FindExecutableA
ShellExecuteEx
SHHelpShortcuts_RunDLLA
ShellHookProc
DllUnregisterServer
StrCmpNIA
SHFormatDrive
FindExecutableW
StrCmpNW
SHLoadNonloadedIconOverlayIdentifiers

w32topl

ToplListNumberOfElements
ToplGraphAddVertex
ToplGetSpanningTreeEdgesForVtx
ToplFree
ToplVertexGetOutEdge
ToplGraphMakeRing
ToplAddEdgeToGraph
ToplEdgeGetWeight
ToplGraphRemoveVertex
ToplHeapCreate
ToplVertexInit
ToplScheduleMaxUnavailable
ToplScheduleMerge
ToplSTHeapExtractMin
ToplEdgeFree
ToplVertexSetId
ToplScheduleNumEntries

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52a91e04cea2880255a8404e65423329

Headers

File Characteristics

Imports

kernel32

ntmarta

ifsutil

ws2_32

shell32

w32topl

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB