490f83b60921c80a4666ff9b546ce0a233199949d4a00a6035178fa685debbfb

Sharing

Copy URL Twitter E-mail

General

Target

490f83b60921c80a4666ff9b546ce0a233199949d4a00a6035178fa685debbfb
Size

269KB
MD5

cc079380e2de99e692fd73cd25e73bba
SHA1

3e0aecbf8993b9cde76b2cead6b69824d030c45d
SHA256

490f83b60921c80a4666ff9b546ce0a233199949d4a00a6035178fa685debbfb
SHA512

c85aa45659d31732f10a63b95996eac2a664de12a0b32e5d74281e4b6d150b7e279fe436d8de8950807a4ae790620796b441ae1d12e59cb70e7505ee4d715298
SSDEEP

6144:nnHOksoS7iRvedsAY03G0xWC2Bt1TIIxxlUN1JklhYoR9pX8AWqngE:nnHH87iRuH8BL0Gl5qAWrE

Score

N/A

Malware Config

Signatures

Files

490f83b60921c80a4666ff9b546ce0a233199949d4a00a6035178fa685debbfb
.exe windows x86

782a6fa69ff10d79d4614b3b7ff3bb88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
GetModuleHandleA
GetStartupInfoA

rasapi32

RasGetEntryDialParamsW
RasEnumDevicesW
RasEnumDevicesA
RasGetEntryPropertiesW
RasGetCountryInfoW
RasRenameEntryW
RasSetEntryPropertiesA
RasCreatePhonebookEntryA
RasGetConnectStatusA
RasDeleteEntryW
RasGetConnectStatusW
RasSetEntryDialParamsW
RasValidateEntryNameW
RasCreatePhonebookEntryW
RasGetEntryPropertiesA
RasEnumEntriesA
RasHangUpW
RasEditPhonebookEntryW
RasGetErrorStringW

rpcns4

RpcIfIdVectorFree

resutils

ResUtilResourceTypesEqual
ResUtilFreeParameterBlock
ResUtilGetDwordProperty
ResUtilEnumProperties
ClusWorkerTerminate
ResUtilVerifyService
ResUtilGetProperties
ClusWorkerCreate
ResUtilFindDwordProperty
ResUtilSetDwordValue
ResUtilResourcesEqual
ResUtilGetBinaryValue
ResUtilGetResourceDependency
ResUtilIsPathValid
ResUtilGetDwordValue
ResUtilSetPropertyParameterBlock
ResUtilGetPropertySize
ResUtilVerifyPropertyTable
ResUtilGetEnvironmentWithNetName
ResUtilDupParameterBlock
ResUtilFindSzProperty
ResUtilGetAllProperties
ResUtilDupString
ClusWorkerCheckTerminate
ResUtilAddUnknownProperties
ResUtilGetPrivateProperties

rpcrt4

NdrConformantStringMemorySize
NdrNonEncapsulatedUnionFree
NdrComplexArrayMemorySize
NdrServerInitializeMarshall
NdrConformantStringBufferSize
NDRCContextBinding
NdrClientInitializeNew
I_RpcMapWin32Status
NdrFullPointerXlatInit
NdrServerMarshall
NdrNonConformantStringBufferSize
I_RpcNsBindingSetEntryNameA
NdrNonEncapsulatedUnionUnmarshall
I_RpcBindingInqDynamicEndpointA
NdrEncapsulatedUnionUnmarshall
NdrStubCall
MesEncodeDynBufferHandleCreate
NdrServerCall
I_RpcFreePipeBuffer
NdrConvert
NdrRpcSsDefaultAllocate
NdrConformantStringUnmarshall
NdrSimpleTypeUnmarshall
NdrConvert2
NdrConformantArrayMemorySize
MesHandleFree
NdrComplexArrayFree
I_UuidCreate
NdrRpcSmClientFree
NdrClientContextMarshall
MIDL_wchar_strcpy
NdrComplexArrayUnmarshall
DceErrorInqTextA
NdrMesSimpleTypeDecode
MesEncodeIncrementalHandleCreate
NDRSContextUnmarshallEx
NdrFixedArrayUnmarshall
NdrSimpleStructMarshall
NdrClearOutParameters
NdrSimpleStructMemorySize
NdrNonConformantStringMemorySize
I_RpcSendReceive
I_RpcFreeBuffer
I_RpcClearMutex
NdrUserMarshalMemorySize
NdrComplexStructBufferSize
NdrConformantStructUnmarshall
I_RpcGetCurrentCallHandle
NdrRpcSsDisableAllocate
NdrMesTypeEncode
NdrMesSimpleTypeEncode
NdrConformantArrayUnmarshall
NdrServerUnmarshall
NdrOleFree
NdrConformantVaryingStructBufferSize
NdrStubCall2
NdrComplexStructFree
NdrFreeBuffer
NdrUserMarshalMarshall
NdrFullPointerInsertRefId
NdrRpcSmSetClientToOsf
NDRCContextUnmarshall
NdrAllocate
NdrRpcSsDefaultFree
NdrFixedArrayMemorySize
NdrFullPointerQueryPointer
NdrComplexArrayBufferSize
DceErrorInqTextW
NdrFixedArrayBufferSize
NdrByteCountPointerMarshall
NdrUserMarshalSimpleTypeConvert
NdrConformantVaryingArrayBufferSize
I_RpcGetBuffer
NdrConformantVaryingArrayMemorySize
NdrClientInitialize
NdrOleAllocate
NdrSimpleStructBufferSize
NdrConformantVaryingStructUnmarshall
NdrEncapsulatedUnionBufferSize
NdrConformantVaryingArrayUnmarshall
I_RpcNsBindingSetEntryNameW
NdrFixedArrayFree
NdrEncapsulatedUnionFree
NdrMesSimpleTypeAlignSize
NdrNonConformantStringUnmarshall
NdrMapCommAndFaultStatus
NdrConformantStructBufferSize
I_RpcAllocate
I_RpcSend
I_RpcSsDontSerializeContext
NdrConformantStringMarshall
I_RpcBindingInqDynamicEndpointW
NdrClientContextUnmarshall
NdrPointerUnmarshall
NdrPointerMemorySize
NdrByteCountPointerFree
NDRSContextMarshall
NdrConformantStructMarshall
I_RpcDeleteMutex
I_RpcConnectionInqSockBuffSize
NdrPointerMarshall
NdrInterfacePointerBufferSize
NdrRpcSmClientAllocate
MesInqProcEncodingId
MesDecodeIncrementalHandleCreate
NdrComplexStructUnmarshall

pdh

PdhParseInstanceNameA
PdhLookupPerfIndexByNameA
PdhMakeCounterPathA
PdhValidatePathW
PdhOpenQueryA
PdhGetLogFileSize
PdhRemoveCounter
PdhLookupPerfNameByIndexA
PdhLookupPerfNameByIndexW
PdhSetQueryTimeRange
PdhSelectDataSourceA
PdhSelectDataSourceW
PdhOpenLogW
PdhOpenLogA
PdhGetRawCounterValue
PdhParseInstanceNameW
PdhParseCounterPathW
PdhUpdateLogA
PdhLookupPerfIndexByNameW
PdhGetRawCounterArrayW
PdhMakeCounterPathW

msvcrt

??2@YAPAXI@Z
__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit

user32

CreateWindowExW

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 822KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

782a6fa69ff10d79d4614b3b7ff3bb88

Headers

File Characteristics

Imports

kernel32

rasapi32

rpcns4

resutils

rpcrt4

pdh

msvcrt

user32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 822KB

.rsrc Size: 24KB - Virtual size: 20KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 822KB

.rsrc
Size: 24KB - Virtual size: 20KB