cfd9d4f6fc16e6cf4f5960b5c1b3ad5724f86ec0eefd6e87ab154c4b1e156443

Sharing

Copy URL Twitter E-mail

General

Target

cfd9d4f6fc16e6cf4f5960b5c1b3ad5724f86ec0eefd6e87ab154c4b1e156443
Size

262KB
MD5

746db0a9fcc88401eac707bc10a38e06
SHA1

1991fcaae45289cf412e98f132dfd7a4b3f0671e
SHA256

cfd9d4f6fc16e6cf4f5960b5c1b3ad5724f86ec0eefd6e87ab154c4b1e156443
SHA512

0452f1a961a3a0a4d2a81267c334c012d1fe8727c11f9011065f2743d9d8ed3a142c866ae12ffec788096582857118e23d18ef303bcded09c25ed65fa26d5e9a
SSDEEP

6144:+0yPYsfpiidRYTv9j0TabhsNzpWpqyDDzDYLOLVhijWzWh:yPYsf4Sohlw8oyDrYLOLVIb

Score

N/A

Malware Config

Signatures

Files

cfd9d4f6fc16e6cf4f5960b5c1b3ad5724f86ec0eefd6e87ab154c4b1e156443
.exe windows x86

2ea02c072fc50719470c08dbee504b6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcns4

RpcIfIdVectorFree

olepro32

ord251
ord253
ord249
ord248
ord250

rasapi32

RasEnumDevicesW
RasValidateEntryNameA
RasEditPhonebookEntryA
RasDialW
RasGetEntryDialParamsA
RasGetEntryPropertiesW
RasGetCountryInfoW
RasSetEntryDialParamsA
RasDialA
RasGetConnectStatusW
RasEditPhonebookEntryW
RasEnumConnectionsA
RasSetEntryPropertiesW
RasCreatePhonebookEntryW
RasGetEntryDialParamsW
RasSetEntryPropertiesA
RasEnumEntriesA

resutils

ResUtilGetDwordProperty
ResUtilGetResourceDependency
ResUtilDupString
ResUtilAddUnknownProperties
ResUtilGetResourceNameDependency
ResUtilGetProperties
ResUtilGetProperty
ResUtilSetPropertyParameterBlock
ResUtilIsPathValid
ResUtilGetBinaryProperty
ResUtilStopService
ClusWorkerCheckTerminate
ResUtilVerifyPropertyTable
ResUtilSetPropertyTable
ResUtilDupParameterBlock
ResUtilSetMultiSzValue
ResUtilVerifyPrivatePropertyList
ResUtilVerifyService
ResUtilSetExpandSzValue
ClusWorkerTerminate
ResUtilGetAllProperties
ResUtilEnumPrivateProperties
ResUtilSetDwordValue
ResUtilSetPrivatePropertyList
ResUtilGetPrivateProperties
ResUtilResourceTypesEqual

advapi32

RegCloseKey

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit
??2@YAPAXI@Z

rpcrt4

NdrComplexArrayMemorySize
NdrGetBuffer
NdrConformantStructUnmarshall
NdrConformantVaryingStructMarshall
MesBufferHandleReset
NdrConformantVaryingStructFree
I_RpcIfInqTransferSyntaxes
NdrInterfacePointerBufferSize
RpcRaiseException
NdrConformantArrayFree
NdrConformantStructFree
NdrRpcSsDefaultFree
NdrUserMarshalFree
NdrGetDcomProtocolVersion
NdrComplexStructBufferSize
NdrVaryingArrayFree
NdrFixedArrayMarshall
NdrNonEncapsulatedUnionBufferSize
MIDL_wchar_strcpy
NdrRpcSsEnableAllocate
I_RpcBindingInqTransportType
RpcObjectInqType
NdrComplexStructMarshall
NdrInterfacePointerMarshall
I_RpcSsDontSerializeContext
NdrComplexArrayMarshall
RpcEpRegisterNoReplaceW
I_RpcConnectionSetSockBuffSize
RpcNetworkIsProtseqValidA
RpcMgmtSetComTimeout
RpcMgmtStatsVectorFree
NdrNonEncapsulatedUnionMarshall
RpcMgmtInqServerPrincNameA
NdrPointerBufferSize
RpcBindingServerFromClient
NdrClientInitializeNew
RpcEpResolveBinding
NdrComplexArrayFree
IUnknown_Release_Proxy
MesDecodeIncrementalHandleCreate
I_RpcFreePipeBuffer
NdrNsSendReceive
RpcBindingSetObject
I_RpcConnectionInqSockBuffSize
RpcMgmtSetAuthorizationFn
NdrInterfacePointerUnmarshall
RpcBindingSetAuthInfoExA
RpcAsyncCancelCall
I_RpcAllocate
NdrComplexStructFree
NdrAsyncServerCall
NdrNonConformantStringBufferSize
NdrRpcSmSetClientToOsf
I_RpcNsBindingSetEntryNameA
IUnknown_AddRef_Proxy
NdrNonConformantStringMarshall
RpcMgmtInqComTimeout
NdrServerInitializeUnmarshall
NdrConvert
NdrConformantStructBufferSize
RpcProtseqVectorFreeW
MIDL_wchar_strlen
NdrSimpleTypeMarshall
NdrNonConformantStringMemorySize
NdrNonConformantStringUnmarshall
RpcNsBindingInqEntryNameA
NdrVaryingArrayBufferSize
RpcAsyncAbortCall
NdrEncapsulatedUnionMarshall
RpcAsyncInitializeHandle
IUnknown_QueryInterface_Proxy
NDRSContextUnmarshallEx
NdrEncapsulatedUnionBufferSize
RpcServerInqDefaultPrincNameA
RpcBindingSetAuthInfoA
NdrNsGetBuffer
MesEncodeIncrementalHandleCreate
NdrStubCall2
RpcEpRegisterNoReplaceA
NdrComplexArrayBufferSize
NdrRpcSmClientFree
RpcBindingToStringBindingW
NdrSimpleStructMarshall
NdrClearOutParameters
NDRCContextMarshall
MesDecodeBufferHandleCreate
NdrRpcSsDefaultAllocate
NdrMesTypeEncode
NdrConformantStringMarshall
RpcBindingReset
MesIncrementalHandleReset
I_UuidCreate
RpcNetworkInqProtseqsA
NdrFixedArrayBufferSize
NdrFullPointerQueryPointer
NdrConformantStringUnmarshall
RpcServerInqDefaultPrincNameW
NdrOleFree
NdrMesTypeAlignSize
RpcMgmtStopServerListening
I_RpcServerRegisterForwardFunction
I_RpcSendReceive
I_RpcNsBindingSetEntryNameW
I_RpcClearMutex
NdrServerInitialize
NdrUserMarshalUnmarshall
NdrConvert2
NdrFullPointerXlatInit
NdrXmitOrRepAsUnmarshall
NdrMesSimpleTypeDecode
NdrPointerFree
MesInqProcEncodingId
NdrConformantVaryingArrayUnmarshall
RpcNsBindingInqEntryNameW
NdrComplexStructMemorySize
MesHandleFree
NdrServerContextUnmarshall
I_RpcGetBuffer
NdrXmitOrRepAsFree
RpcMgmtSetServerStackSize
RpcBindingFromStringBindingA
RpcMgmtEnableIdleCleanup
RpcRevertToSelfEx
NdrMapCommAndFaultStatus
NdrFreeBuffer
RpcBindingInqAuthClientW

pdh

PdhExpandCounterPathA
PdhLookupPerfIndexByNameW
PdhGetDataSourceTimeRangeW
PdhParseCounterPathW
PdhEnumMachinesA
PdhEnumObjectsA
PdhAddCounterA
PdhBrowseCountersA
PdhCloseQuery
PdhEnumObjectItemsW
PdhCalculateCounterFromRawValue
PdhGetDefaultPerfObjectA
PdhRemoveCounter
PdhLookupPerfNameByIndexW
PdhMakeCounterPathA
PdhGetCounterTimeBase
PdhParseInstanceNameW
PdhOpenQueryA
PdhAddCounterW
PdhGetFormattedCounterArrayW
PdhGetDataSourceTimeRangeA
PdhOpenQueryW
PdhReadRawLogRecord
PdhUpdateLogW
PdhLookupPerfIndexByNameA
PdhGetFormattedCounterValue
PdhGetCounterInfoW
PdhGetDefaultPerfObjectW
PdhConnectMachineW
PdhCollectQueryDataEx

oleaut32

VariantCopy
VarUI4FromDec
VarUI1FromDec
VarUI4FromDate
VarUI1FromR8
VarRound
VarUI2FromDisp
VarUI1FromUI2
VarR8Pow
VarUdateFromDate
VectorFromBstr
VarUI2FromStr
VarR8FromI2
VarUI2FromR8
VarUI1FromUI4
VarR8FromUI4
VarUI1FromI2
VarUI2FromDec
VarUI1FromBool
VarR8FromBool
VarR4FromStr
VariantTimeToDosDateTime
VarUI2FromUI1
VarUI4FromI4
VarUI4FromR8
VarUI2FromDate
VarUI2FromUI4
VarWeekdayName
VarUI4FromUI2
VarUI4FromCy
VarUI2FromCy
VariantChangeType

kernel32

GetStartupInfoA
GetModuleHandleA

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ea02c072fc50719470c08dbee504b6d

Headers

File Characteristics

Imports

rpcns4

olepro32

rasapi32

resutils

advapi32

msvcrt

rpcrt4

pdh

oleaut32

kernel32

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2.0MB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2.0MB

.rsrc
Size: 4KB - Virtual size: 3KB