a6afb7059b36c4c269f42fa5a0f77466fbac0af5c4fbd94210eb0025499c5043

Sharing

Copy URL Twitter E-mail

General

Target

a6afb7059b36c4c269f42fa5a0f77466fbac0af5c4fbd94210eb0025499c5043
Size

232KB
MD5

590f1bef177ab26c216b83abcf2773a0
SHA1

a82810ac60819c407a97d2e368e28f74f26ce394
SHA256

a6afb7059b36c4c269f42fa5a0f77466fbac0af5c4fbd94210eb0025499c5043
SHA512

70554d17ff6a3e17d4f4c0b76ed9b12f8d9fcf7ee732c6dd529fbce428419384c3405fc3daf88aad9bd968a449309b0aa6aa6bab96c68ee53f16c57bf3e1f19c
SSDEEP

6144:D6ovf9TamQG4jC+38HIF8FMyavbv3xh8wCpRrN:WOf9mm/AQM7vBqBppN

Score

N/A

Malware Config

Signatures

Files

a6afb7059b36c4c269f42fa5a0f77466fbac0af5c4fbd94210eb0025499c5043
.exe windows x86

0cd05272e4464415af0e555ab38bf258

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasman

RasProtocolEnum
RasPortSetFraming
RasRequestNotification
RasPortGetProtocolCompression
RasFreeBuffer
RasBundleGetPort
RasGetTimeSinceLastActivity
RasGetPortUserData
RasPortReceive
RasGetDevConfigEx
RasPortGetStatistics
RasGetHConnFromEntry
RasRpcConnectServer
RasSendCreds
RasRpcGetCountryInfo
RasCreateConnection
RasSetCachedCredentials
RasCompressionSetInfo
RasIsTrustedCustomDll
RasRpcGetVersion
RasEnumLanNets
RasServerPortClose

olecli32

OleSaveToStream
ErrObjectLong
MfEnumFormat
MfQueryBounds
LeShow
PbCreateLinkFromFile
ErrClose
LeChangeData
GenSaveToStream
LeCopyFromLink
OleGetLinkUpdateOptions
OleSavedClientDoc
OleActivate
OleUnlockServer
OleSetColorScheme
OleQueryName
PbGetData
OleCreateFromClip
LeEnumFormat
ErrQueryOutOfDate

kernel32

_lwrite
LockResource
BaseFlushAppcompatCache
LoadLibraryW
SetLastError
GetLocaleInfoW
GetEnvironmentStringsA
FoldStringW
SetConsoleActiveScreenBuffer
SetCalendarInfoW
GetConsoleInputExeNameA
GetThreadContext
QueryDosDeviceW
Process32NextW
SetCurrentDirectoryA

vssapi

??1CVssWriter@@UAE@XZ
VssFreeSnapshotProperties
?Uninitialize@CVssJetWriter@@QAGXXZ
?OnAbortEnd@CVssJetWriter@@UAGXXZ
??1CVssJetWriter@@UAE@XZ
?OnPrepareSnapshotBegin@CVssJetWriter@@UAG_NXZ
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
IsVolumeSnapshotted
?OnFreezeBegin@CVssJetWriter@@UAG_NXZ

authz

AuthziModifyAuditEvent
AuthziInitializeAuditQueue
AuthziFreeAuditEventType
AuthzInitializeResourceManager
AuthziInitializeAuditEvent
AuthziLogAuditEvent
AuthziFreeAuditQueue
AuthziModifyAuditQueue
AuthzFreeHandle
AuthziAllocateAuditParams
AuthzFreeAuditEvent
AuthzFreeContext
AuthziInitializeAuditParamsWithRM
AuthzInitializeContextFromSid
AuthziModifyAuditEventType
AuthzInitializeObjectAccessAuditEvent
AuthzAccessCheck
AuthzGetInformationFromContext
AuthziInitializeAuditEventType
AuthziFreeAuditParams
AuthziInitializeAuditParamsFromArray

crypt32

CryptVerifyDetachedMessageSignature
CertFindRDNAttr
CertDeleteCRLFromStore
CertEnumSubjectInSortedCTL
PFXExportCertStoreEx
CertGetNameStringW
CryptExportPublicKeyInfo
CertFindCertificateInStore
CertDuplicateStore
CryptSIPRemoveSignedDataMsg

sqlunirl

_ShellExecuteEx_@4
_GetDiskFreeSpaceEx_@16
_EnumDesktops_@12
_FindResource@12
_InsertMenuItem_@16
_CreateStatusWindow_@16
_lstrcmp_@8
_SetFileAttributes_@8
_InitiateSystemShutdown_@20
newWideCharFromMultiByte
_SetCurrentDirectory_@4
_CompareString_@24
_GetSystemDirectory_@8
_EnumICMProfiles_@12
_CommDlg_OpenSave_GetFolderPath@12
_SendMessageTimeout_@28
_CreateFont@56
_lstrcmpi_@8
_ResetDC_@8
_GetCompressedFileSize_@8
_RegQueryMultipleValues_@20
_LoadString@16
ConvertMultiSZNameToW
_NDdeGetTrustedShare_@20
_UnregisterClass_@8

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cd05272e4464415af0e555ab38bf258

Headers

File Characteristics

Imports

rasman

olecli32

kernel32

vssapi

authz

crypt32

sqlunirl

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 61KB - Virtual size: 60KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 61KB - Virtual size: 60KB

.rsrc
Size: 1KB - Virtual size: 1KB