4bddfa9641d7ab9e4abd7e4b41aef6d70279919c063a87b9ba4678f98aa3f371

Sharing

Copy URL Twitter E-mail

General

Target

4bddfa9641d7ab9e4abd7e4b41aef6d70279919c063a87b9ba4678f98aa3f371
Size

239KB
MD5

0ccb0b47f24f670b51c6404bb1c1c017
SHA1

0bcf31af8ec45ec5cafbdb1afbdc9f3b9cb1086e
SHA256

4bddfa9641d7ab9e4abd7e4b41aef6d70279919c063a87b9ba4678f98aa3f371
SHA512

8452b23f7e80aed3b4327577ad33b794830f3568bfd4630304b87ba7be1d2c6270de7c9166fb51f0ac215b8abae1f2cff4d8821772a088384900c1a4e0ee644d
SSDEEP

6144:lAZXgxFlFqyWNEz0P/G4+iAyhChc2kjeh:lARg5YyWNNnxXRhsYj8

Score

N/A

Malware Config

Signatures

Files

4bddfa9641d7ab9e4abd7e4b41aef6d70279919c063a87b9ba4678f98aa3f371
.exe windows x86

ad7435e127dc2b6bc8a0bdf9a9408662

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetGroupAdd
NetReplGetInfo
RxNetAccessGetUserPerms
I_NetServerAuthenticate
I_NetServerAuthenticate3
DsValidateSubnetNameW
NlBindingAddServerToCache
NetDfsSetClientInfo
NetReplExportDirAdd
NetpIsRemote
NetpwNameCompare
DsGetDcSiteCoverageW
DsGetDcNameA
NetpNetBiosReset

wininet

GetUrlCacheEntryInfoExA
RegisterUrlCacheNotification
CommitUrlCacheEntryW
InternetTimeFromSystemTimeW
GetUrlCacheGroupAttributeW
ParseX509EncodedCertificateForListBoxEntry
FindNextUrlCacheEntryExW
GopherOpenFileW
GetUrlCacheConfigInfoA
FindNextUrlCacheEntryW
InternetQueryOptionW
InternetEnumPerSiteCookieDecisionW
GetUrlCacheEntryInfoA
InternetAlgIdToStringW
RetrieveUrlCacheEntryStreamW
FtpSetCurrentDirectoryW
InternetGetPerSiteCookieDecisionW
InternetUnlockRequestFile

mpr

WNetGetNetworkInformationA
WNetFormatNetworkNameA
WNetCloseEnum
WNetCancelConnectionW
WNetOpenEnumA
WNetSupportGlobalEnum
WNetGetUserA
WNetGetConnection2W
WNetSetConnectionW
WNetGetUniversalNameA
WNetGetProviderNameA
WNetConnectionDialog1W
WNetDisconnectDialog
WNetGetResourceInformationA
WNetGetConnection2A
WNetGetResourceParentA
WNetGetHomeDirectoryW
WNetAddConnectionW

kernel32

GetModuleHandleW
GetPrivateProfileSectionA
GetWindowsDirectoryW
GlobalUnWire
LoadLibraryW
_lopen
GetPrivateProfileIntW
FindNextVolumeW
TerminateThread
LoadResource
GetComPlusPackageInstallStatus
MultiByteToWideChar
InterlockedFlushSList
GetStartupInfoW
WriteFileGather
GetProfileSectionA
VirtualAllocEx
GlobalAlloc
SetStdHandle
UpdateResourceA
Heap32ListNext

mapistub

HrValidateParameters@8
DllCanUnloadNow
cmc_act_on
HrDispatchNotifications@4
ScMAPIXFromCMC
RTFSync
FtgRegisterIdleRoutine@20
MNLS_WideCharToMultiByte@32
MapStorageSCode@4
MAPIAllocateBuffer@8
EnableIdleRoutine@8
HrComposeMsgID@24
ScInitMapiUtil@4
SzFindLastCh@8
__ValidateParameters@8
HrAddColumnsEx@20
BMAPISendMail
UlPropSize@4
BMAPIReadMail
cmc_logon
FPropContainsProp@12
FtAdcFt@20
OpenStreamOnFile@24
MAPIDeleteMail
MAPILogon
UFromSz@4
MAPIAdminProfiles
PropCopyMore@16

oleaut32

SafeArrayGetElement
VarCyMul
VarI4FromI2
VarBoolFromUI1
VarR4CmpR8
LoadTypeLibEx
VarDecFromR8
VarI1FromCy
VarCyRound
VarI4FromI1
VarBstrFromUI8
VarI2FromUI8
VarUI8FromUI2
VarI2FromUI1
VarR8FromUI2
DllCanUnloadNow
VarR4FromI2
VarDecDiv
VariantCopy
VarUI4FromI4
VarUI2FromDisp
VarUI1FromR8
VarUI8FromDec

mapi32

MAPIOpenFormMgr@8
WrapCompressedRTFStream@12
UNKOBJ_COFree@8
HrSetOmiProvidersFlagsInvalid
GetTnefStreamCodepage@12
GetAttribIMsgOnIStg@12
DllCanUnloadNow
FtDivFtBogus@20
cmc_send_documents

msdart

?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?ReadLock@CSpinLock@@QAEXXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
??1CDoubleList@@QAE@XZ
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
?_TryLock@CSpinLock@@AAE_NXZ
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?SetDefaultSpinAdjustmentFactor@CCritSec@@SGXN@Z
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?SetSpinCount@CFakeLock@@QAE_NG@Z
?_IsLocked@CSpinLock@@ABE_NXZ
FXMemDetach
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?sm_wDefaultSpinCount@CCritSec@@1GA
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad7435e127dc2b6bc8a0bdf9a9408662

Headers

File Characteristics

Imports

netapi32

wininet

mpr

kernel32

mapistub

oleaut32

mapi32

msdart

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 70KB - Virtual size: 69KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 70KB - Virtual size: 69KB

.rsrc
Size: 1KB - Virtual size: 1KB