3b72d0d51bcfecc8c51d24e972eda7b54bc42b432efab979a3bb71254f32ab08

Sharing

Copy URL Twitter E-mail

General

Target

3b72d0d51bcfecc8c51d24e972eda7b54bc42b432efab979a3bb71254f32ab08
Size

98KB
MD5

0eded158a8f988208518f3cec33ff601
SHA1

4bdacca557a3b03d9ecab11df5f074989290912a
SHA256

3b72d0d51bcfecc8c51d24e972eda7b54bc42b432efab979a3bb71254f32ab08
SHA512

872fd8ec06831139f4cf163600b580ae99ea6accd8124c3e3e537c2d5c0ae2a88a1464c01ee679fe35202f90b9db5f30ce4d2c941aec2d1d87d263855d7e6dc3
SSDEEP

3072:O+UKqtlSGBnKiPT7+O6ZOvejXbpw1EeLW:O+YtgintT7+OdeDSW

Score

N/A

Malware Config

Signatures

Files

3b72d0d51bcfecc8c51d24e972eda7b54bc42b432efab979a3bb71254f32ab08
.exe windows x86

ff11a608668fcbf445be45479dd3510e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

UpdateWindow
GetClipboardData
GetClipboardFormatNameW
VkKeyScanW
GetProcessDefaultLayout
BroadcastSystemMessage
LoadKeyboardLayoutEx
ToUnicode
wvsprintfW
UpdatePerUserSystemParameters
GetClassInfoExW
EnumDesktopWindows
GetDlgItemTextA
LookupIconIdFromDirectoryEx
GetUserObjectSecurity
GetKeyboardState
DdeConnect
BuildReasonArray
FindWindowA
GetMessagePos
GetCapture
SetClassLongA
ShowScrollBar
EnumWindows
MsgWaitForMultipleObjectsEx
RegisterClassExW
CreateCursor
GetTopWindow
GetMenuDefaultItem
DdeAbandonTransaction
SetProcessDefaultLayout
GetLastInputInfo
GetMouseMovePointsEx
DdeAccessData
AllowSetForegroundWindow
UserClientDllInitialize
SetWindowStationUser
GetMenuStringA
SetUserObjectSecurity
GetGUIThreadInfo
GetWindowTextLengthA
EnumDisplayMonitors
EnumPropsA
CreatePopupMenu
GetInputState
ArrangeIconicWindows
DrawTextExW
EndTask
PaintDesktop
RegisterClassW
WinHelpA
UserRealizePalette
DdeCmpStringHandles
UnhookWindowsHookEx
FindWindowExA
GetMessageTime
LoadIconA
SetDebugErrorLevel
LoadAcceleratorsA
DdeQueryStringW
FlashWindowEx
SetMessageExtraInfo
CountClipboardFormats
EqualRect
GetScrollBarInfo
BeginPaint
BroadcastSystemMessageA
SetMenuItemInfoA
GetWindowTextLengthW
DefMDIChildProcA
CreateIcon
RegisterClipboardFormatA
DragObject
CalcMenuBar
GetKeyboardLayoutNameA
CheckMenuItem
CallMsgFilterW
CsrBroadcastSystemMessageExW
RecordShutdownReason
LookupIconIdFromDirectory
SetWindowWord
UserRegisterWowHandlers
IsGUIThread
LoadImageA
ToUnicodeEx
UpdateLayeredWindow
LockSetForegroundWindow
ExitWindowsEx
EndMenu
CreateCaret
GetProcessWindowStation
MenuItemFromPoint
GetRawInputData
DdeConnectList
EnumDisplaySettingsExW
AttachThreadInput
IntersectRect
DrawStateA
GetInputDesktop
PrintWindow
WinHelpW
GetMenuItemRect
GetClassLongA
ChangeDisplaySettingsA
MonitorFromWindow
LoadKeyboardLayoutA
GetDCEx
LoadMenuIndirectW
SetWindowLongW
CreateDialogIndirectParamAorW
RealGetWindowClassW
WINNLSGetIMEHotkey
EnumDisplaySettingsA
IsCharUpperW
RegisterServicesProcess
IMPQueryIMEA
ResolveDesktopForWOW
GetClipboardSequenceNumber
GetClassWord
DefDlgProcA
CopyAcceleratorTableA
IMPQueryIMEW
CliImmSetHotKey

tapi32

lineUnparkA
lineSetMediaControl
phoneInitializeExW
lineSetAppPriority
lineAnswer
lineGetAddressStatusA
LOpenDialAsst
lineOpenA
lineInitializeExW
MMCSetLineInfo
tapiGetLocationInfoW
lineGetRequestA
lineDialA
tapiGetLocationInfo
lineGetAddressIDA
lineCreateAgentSessionA
lineDevSpecific
lineGetDevCaps
phoneSetRing
lineBlindTransfer
lineSetCallParams

wldap32

ldap_count_values
ldap_compare_sA
ldap_parse_sort_controlW
ldap_extended_operation
ldap_bind_s
ldap_delete_extA
ldap_extended_operation_sW
ldap_search_extA
ber_flatten
ldap_stop_tls_s
ldap_simple_bindA
ldap_get_valuesW
ldap_parse_page_controlA
ldap_unbind_s
ldap_search_ext_sA
ber_bvdup
ldap_searchW
ber_bvecfree
ldap_create_page_control
ldap_parse_reference
ldap_count_references
ldap_check_filterA
ldap_simple_bind_sA
ldap_modify_extA
ber_first_element
ldap_search_s
ldap_encode_sort_controlW
ldap_addW
ldap_control_freeA
ldap_count_valuesW
ldap_err2stringA
ldap_modrdn_sA
ldap_bind_sA
ldap_add_ext_s
LdapGetLastError

esent

JetOSSnapshotThaw
JetTerm
JetOSSnapshotPrepare
ese
JetExternalRestore
JetSetLS
JetDupSession
JetDeleteIndex
JetConvertDDL
JetIndexRecordCount
JetExternalRestore2
JetGetAttachInfo
JetGetVersion
JetGetAttachInfoInstance
JetSetSessionContext
JetRetrieveColumns

ntdll

RtlRaiseException
ZwAccessCheckByTypeAndAuditAlarm
fabs
ZwSetInformationToken
NtOpenObjectAuditAlarm
ZwQueryEvent
RtlEnumProcessHeaps
ZwSetSystemInformation
strncat
RtlAddAuditAccessAceEx
NtCreateProfile
RtlGetCurrentDirectory_U
RtlUnhandledExceptionFilter2
ZwQueryIoCompletion
LdrGetDllHandleEx
RtlImpersonateSelf
NtSetIoCompletion
ZwReplyWaitReplyPort
RtlQueryProcessDebugInformation
NtReleaseKeyedEvent
NtRemoveProcessDebug
NtLockRegistryKey
RtlNewSecurityObjectWithMultipleInheritance
RtlTraceDatabaseDestroy
ZwWaitForKeyedEvent
ZwSetLdtEntries
NtQueryDirectoryFile
RtlUnicodeToMultiByteSize
RtlGetElementGenericTable
RtlStartRXact
RtlNewSecurityObject
RtlLargeIntegerToChar
ZwIsProcessInJob
RtlEqualLuid
RtlAnsiCharToUnicodeChar
RtlDeleteTimerQueue
RtlxOemStringToUnicodeSize
ZwTerminateProcess
iswalpha
LdrQueryProcessModuleInformation
ZwOpenEventPair
RtlpNtSetValueKey
RtlIsActivationContextActive
ZwEnumerateValueKey
NtRaiseHardError
vDbgPrintExWithPrefix
RtlAppendStringToString
NtQueryDebugFilterState
LdrShutdownThread
memcmp
RtlInt64ToUnicodeString
RtlDestroyProcessParameters
NtCompactKeys
NtCreateSemaphore
NtMapUserPhysicalPagesScatter
ZwFindAtom
NtLoadDriver
RtlEqualComputerName
RtlAbortRXact
RtlCreateUserThread
ZwDeviceIoControlFile
ZwCreateSymbolicLinkObject
ZwUnlockVirtualMemory
NtAllocateLocallyUniqueId
ZwCreatePort
RtlGetLengthWithoutLastFullDosOrNtPathElement
RtlLockBootStatusData
RtlTraceDatabaseUnlock
DbgUiStopDebugging
NtAdjustGroupsToken
RtlFindLeastSignificantBit
NtReadFileScatter
ZwQueryInformationAtom
strrchr
NtSetSecurityObject
strncmp
NtSetHighWaitLowEventPair
DbgUiRemoteBreakin
RtlCaptureStackBackTrace
towupper
ZwCreateFile
ZwEnumerateBootEntries
RtlInitializeGenericTableAvl
NtOpenJobObject
ZwCompleteConnectPort
ZwClose
ZwWaitForMultipleObjects
RtlMultiAppendUnicodeStringBuffer
LdrEnumResources
ZwWaitForSingleObject
ZwAccessCheckByTypeResultList
NtReplyWaitReceivePort
ZwLoadKey
RtlpNtEnumerateSubKey
strcat
ZwQueryIntervalProfile
RtlLogStackBackTrace
RtlUnlockBootStatusData
RtlCopyMemoryStreamTo
ZwShutdownSystem
_strnicmp
RtlRandom
NtWriteVirtualMemory
ZwOpenThreadTokenEx
NtAcceptConnectPort
RtlGetVersion
ZwCreateNamedPipeFile
LdrSetDllManifestProber
NtCloseObjectAuditAlarm
RtlValidateProcessHeaps
ZwAccessCheckByTypeResultListAndAuditAlarm
RtlInitCodePageTable
RtlDosSearchPath_Ustr
log
ZwSetEvent
ZwSetSystemTime
ZwOpenProcessToken
ZwDeleteBootEntry
NtOpenThreadToken
ZwQueryDefaultUILanguage
RtlAppendAsciizToString
NtReadVirtualMemory
NtQuerySystemInformation
ZwCreateEventPair
NtImpersonateClientOfPort
ZwInitializeRegistry
ZwInitiatePowerAction
ZwSetUuidSeed
RtlCopySid
RtlAnsiStringToUnicodeSize
ZwQueryDirectoryFile
RtlCreateAcl
CsrClientCallServer
RtlUnicodeStringToCountedOemString
NtReplyWaitReplyPort
NtFreeVirtualMemory
islower
strpbrk
ZwCreateProfile
ZwSetInformationThread
RtlCopyOutOfProcessMemoryStreamTo
_i64tow
NlsMbCodePageTag
CsrFreeCaptureBuffer
NtOpenFile
ZwAllocateUuids
NtFlushInstructionCache
ZwReadFileScatter
ZwSetInformationDebugObject
NtWaitForKeyedEvent
RtlFinalReleaseOutOfProcessMemoryStream
RtlNumberOfSetBits
RtlLeaveCriticalSection
RtlCreateAndSetSD
RtlFindClearRuns
RtlDllShutdownInProgress
ZwSignalAndWaitForSingleObject
RtlInterlockedPushEntrySList
RtlFormatMessage
KiUserApcDispatcher
RtlTraceDatabaseCreate
atoi
RtlUpcaseUnicodeStringToCountedOemString
RtlFindSetBits
NtQueryValueKey
NtQueryVirtualMemory
ZwLockVirtualMemory
RtlIsValidHandle
NtMapViewOfSection
ZwAllocateUserPhysicalPages
RtlComputeImportTableHash
NtSaveKey
RtlInitializeCriticalSectionAndSpinCount
ZwQueryPerformanceCounter

rpcrt4

NdrCorrelationPass
NdrStubInitialize
I_RpcDeleteMutex
NDRSContextUnmarshall2
NdrInterfacePointerBufferSize
NdrConformantStructMemorySize
RpcNsBindingInqEntryNameA
I_RpcServerUseProtseqEp2W
RpcNetworkIsProtseqValidA
RpcNetworkInqProtseqsW
I_RpcNsBindingSetEntryNameA
NdrByteCountPointerBufferSize
UuidHash
NDRCContextUnmarshall
I_RpcBindingInqWireIdForSnego
RpcStringBindingParseW
RpcErrorLoadErrorInfo
NdrRpcSsEnableAllocate
I_RpcBindingInqDynamicEndpointW
RpcErrorEndEnumeration
RpcMgmtSetComTimeout
I_RpcTransIoCancelled
CStdStubBuffer_DebugServerQueryInterface
NdrServerInitialize
RpcBindingInqAuthInfoW
RpcServerInqDefaultPrincNameW
TowerExplode
RpcSsFree
RpcEpUnregister
I_RpcAsyncSetHandle
NdrFullPointerQueryPointer
NdrEncapsulatedUnionMarshall
RpcMgmtIsServerListening
RpcRevertToSelf
I_RpcNsBindingSetEntryNameW
NdrComplexStructFree
NdrUserMarshalUnmarshall
NdrNonEncapsulatedUnionUnmarshall
NdrConvert

kernel32

VirtualAllocEx
LoadLibraryA
CreateFileA
GetDriveTypeW
OpenSemaphoreA
GetNumaHighestNodeNumber
EndUpdateResourceW
GetNextVDMCommand
GetCommProperties
FormatMessageA
WritePrivateProfileStructW
GetConsoleAliasesLengthW
SetHandleContext
TransactNamedPipe
ReadConsoleInputW
GetConsoleNlsMode
RaiseException
SignalObjectAndWait
CloseConsoleHandle
LoadModule
BaseUpdateAppcompatCache
lstrcpynW
SetWaitableTimer
DuplicateConsoleHandle
HeapValidate
TermsrvAppInstallMode
SetFirmwareEnvironmentVariableA
CopyFileExA
GetProcessHeap
CreateNamedPipeW
SetThreadLocale
SetDefaultCommConfigA
SetTapePosition
DeviceIoControl
TlsGetValue
SetFileValidData
SetEnvironmentVariableW
GetSystemWindowsDirectoryA
GetCurrentProcessId
GetOverlappedResult
WritePrivateProfileStringW
lstrcmpiA
ReadConsoleOutputCharacterA
GetConsoleAliasExesLengthW
SetConsoleOutputCP
GetOEMCP
EnumResourceTypesW
GlobalAddAtomW
GetCurrencyFormatW
MoveFileWithProgressA
BaseDumpAppcompatCache
Thread32First
SetConsoleActiveScreenBuffer
GetSystemTime
WritePrivateProfileStringA
SetThreadPriority
LocalCompact
RtlFillMemory
SetTermsrvAppInstallMode
QueryPerformanceCounter
HeapSummary
SetTimeZoneInformation
GetConsoleCursorMode
GetCalendarInfoA
OpenWaitableTimerA
GetDefaultCommConfigA
UpdateResourceW
SetHandleCount
ReadProcessMemory
AddConsoleAliasA
IsValidLanguageGroup

ws2_32

WSARecvFrom
WSCInstallNameSpace
WSAAddressToStringA
WSAAsyncSelect
getnameinfo
freeaddrinfo
WSAWaitForMultipleEvents
ntohl
WSACleanup
WSAGetServiceClassInfoA
WSCUpdateProvider

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff11a608668fcbf445be45479dd3510e

Headers

File Characteristics

Imports

user32

tapi32

wldap32

esent

ntdll

rpcrt4

kernel32

ws2_32

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 25KB - Virtual size: 63KB

.rsrc Size: 1024B - Virtual size: 948B

.reloc Size: 2KB - Virtual size: 20KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 25KB - Virtual size: 63KB

.rsrc
Size: 1024B - Virtual size: 948B

.reloc
Size: 2KB - Virtual size: 20KB