46914fcfa695799c37833dc3b2b8430bc008a11595e2b4285b78854809ec18b3

Sharing

Copy URL Twitter E-mail

General

Target

46914fcfa695799c37833dc3b2b8430bc008a11595e2b4285b78854809ec18b3
Size

771KB
MD5

535ea611bc691fd486f9d83e63454cc0
SHA1

567b39905324ae7d69ec6a345d00c787d7f675bb
SHA256

46914fcfa695799c37833dc3b2b8430bc008a11595e2b4285b78854809ec18b3
SHA512

bcd8a4cfefdd87ff92f8b0cf0532628e9598d9de7e573f2f6b8fb4fd6c7933602816922422be4ec195d902c35984e74b2b958a82361be40904f3a503192e4a15
SSDEEP

12288:mdWSx/ifhrKODqRTwCrYrIC/p+AYpgllDm9omL50KFDYvKt8f+gx0X2cC5j:jSXlY3Y3pIW/1yvX1

Score

N/A

Malware Config

Signatures

Files

46914fcfa695799c37833dc3b2b8430bc008a11595e2b4285b78854809ec18b3
.exe windows x86

90fe3e57b1c12ec2e9e71473a5ef1cd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ulib

?QueryFullPathString@PATH@@QBEPAVWSTRING@@XZ
?Initialize@MEM_ALLOCATOR@@QAEE_KK@Z
?Initialize@CLASS_DESCRIPTOR@@QAEEXZ
?SetClassDescriptor@OBJECT@@IAEXPBVCLASS_DESCRIPTOR@@@Z
?Initialize@REST_OF_LINE_ARGUMENT@@QAEEXZ
??0PATH_ARGUMENT@@QAE@XZ
?Initialize@BYTE_STREAM@@QAEEPAVSTREAM@@K@Z
??1PROGRAM@@UAE@XZ
?Initialize@FSTRING@@QAEPAVWSTRING@@PAGK@Z
?QueryClassId@OBJECT@@QBEKXZ
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Initialize@FSN_FILTER@@QAEEXZ
?Initialize@PROGRAM@@QAEEKKK@Z
?Stricmp@WSTRING@@QBEJPBV1@KKKK@Z
?GetLexemeAt@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@K@Z
??0REST_OF_LINE_ARGUMENT@@QAE@XZ
?IsDrive@PATH@@QBEEXZ
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
?SetFileName@FSN_FILTER@@QAEEPBD@Z
?QueryWSTR@WSTRING@@QBEPAGKKPAGKE@Z
??1FSN_FILTER@@UAE@XZ
??0HMEM@@QAE@XZ
??0DSTRING@@QAE@XZ
??0BITVECTOR@@QAE@XZ
?Resize@DSTRING@@UAEEK@Z
??0LONG_ARGUMENT@@QAE@XZ
?Initialize@TIMEINFO@@QAEXPBV1@@Z
??1MESSAGE@@UAE@XZ

cfgmgr32

CM_Get_DevNode_Status_Ex
CM_Enumerate_Classes_Ex
CM_Free_Res_Des_Handle
CM_Get_Res_Des_Data_Ex
CM_Get_Hardware_Profile_Info_ExW
CM_Get_Parent_Ex
CM_Get_First_Log_Conf_Ex
CM_Open_Class_Key_ExW
CM_Get_Device_ID_Size
CM_Get_DevNode_Registry_PropertyW
CM_Get_Child
CM_Free_Log_Conf_Handle
CM_Get_DevNode_Registry_Property_ExW
CM_Connect_MachineW
CM_Set_HW_Prof_Flags_ExW
CM_Get_Parent
CM_Get_Device_Interface_List_Size_ExW

mpr

WNetOpenEnumA
WNetCancelConnection2W
WNetAddConnection2W
WNetGetUserA
WNetEnumResourceW
WNetGetResourceInformationW
WNetAddConnection3W
WNetGetUniversalNameA
WNetUseConnectionW
WNetOpenEnumW
WNetGetUserW
WNetGetProviderNameW
WNetGetLastErrorW
WNetGetConnectionA
WNetGetConnectionW
WNetGetUniversalNameW
WNetCloseEnum
WNetEnumResourceA

shell32

ExtractAssociatedIconA
SHGetInstanceExplorer
ExtractIconA
SHGetIconOverlayIndexW
ExtractIconExW
SheChangeDirExW
SHGetSpecialFolderPathW
SHUpdateRecycleBinIcon
SHGetFolderLocation
SHSetLocalizedName
SHGetFolderPathW
SHGetSpecialFolderPathA
SHBrowseForFolderW
DragQueryFileW
SHBindToParent
SHGetDataFromIDListW
SHGetSettings
ShellExecuteExW
DragAcceptFiles
SHGetFileInfoW
SHAddToRecentDocs
DragFinish
SHOpenFolderAndSelectItems
DragQueryFileA
SHGetFolderPathA
CommandLineToArgvW
FindExecutableA

odbc32

CursorLibLockStmt
SearchStatusCode
LockHandle
CursorLibLockDbc
PostODBCError
CursorLibTransact
SQLGetDiagRecA
CursorLibLockDesc
VFreeErrors
PostODBCComponentError
VRetrieveDriverErrorsRowCol
ValidateErrorQueue

advapi32

AddAuditAccessObjectAce
CryptSignHashW
OpenThreadToken
RegSetValueExA
EqualDomainSid
AddAccessDeniedAce
LsaCreateTrustedDomainEx
CryptSignHashA
WmiOpenBlock
OpenSCManagerW
CryptGenRandom
InitiateSystemShutdownExW
RegLoadKeyW
WriteEncryptedFileRaw
CreateServiceW
RegCreateKeyExW
InitializeSecurityDescriptor
LsaOpenAccount
GetNamedSecurityInfoA
StartServiceCtrlDispatcherA
AddAce
OpenServiceW
MapGenericMask
RegOpenKeyExW

kernel32

Module32First
SetCurrentDirectoryW
InterlockedExchangeAdd
VirtualAlloc
InterlockedCompareExchange
ReleaseMutex
AssignProcessToJobObject
CopyFileExW
LocalFree
lstrcmpW
GetConsoleOutputCP
ExpandEnvironmentStringsA
InterlockedDecrement
lstrcpyA
GetThreadTimes
InitAtomTable
RegisterWaitForSingleObject
SearchPathW
FindFirstVolumeW
GlobalAddAtomW
SetVDMCurrentDirectories
InterlockedExchange
CreateMutexA
FormatMessageA
CancelWaitableTimer

Sections

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 28KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 205KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 87KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 290KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 102KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90fe3e57b1c12ec2e9e71473a5ef1cd0

Headers

DLL Characteristics

File Characteristics

Imports

ulib

cfgmgr32

mpr

shell32

odbc32

advapi32

kernel32

Sections

.idata Size: 7KB - Virtual size: 6KB

.idata Size: 1KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.text Size: 28KB - Virtual size: 330KB

.edata Size: 205KB - Virtual size: 309KB

BSS Size: 87KB - Virtual size: 197KB

.idata Size: 290KB - Virtual size: 315KB

.idata Size: 102KB - Virtual size: 164KB

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 1024B - Virtual size: 516B

.idata
Size: 7KB - Virtual size: 6KB

.idata
Size: 1KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 330KB

.edata
Size: 205KB - Virtual size: 309KB

BSS
Size: 87KB - Virtual size: 197KB

.idata
Size: 290KB - Virtual size: 315KB

.idata
Size: 102KB - Virtual size: 164KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 1024B - Virtual size: 516B