925b2cfe8606b10f72d57be178cd28fee6f59a539931a5de892ca0ebe1ba810d

Sharing

Copy URL

Twitter E-mail

General

Target

925b2cfe8606b10f72d57be178cd28fee6f59a539931a5de892ca0ebe1ba810d
Size

1.9MB
MD5

34adfe518a45262be590c8eace9aaa78
SHA1

28800b48e3028bd6f18befd6b88c52537d73a20d
SHA256

925b2cfe8606b10f72d57be178cd28fee6f59a539931a5de892ca0ebe1ba810d
SHA512

b0fdf7c430f78b26add5ced11528cb24399e4ce012c9779a2b971589d524859609597a9b0685a45f072422ec425a1881f6f9dab52cb62e0bffe4c211c9b2a2ec
SSDEEP

24576:5M50rJ/RN30JBmZKK0eFBb080Xia7uD7cSQk:5sMWJBmZKKfb08027

Score

N/A

Malware Config

Signatures

Files

925b2cfe8606b10f72d57be178cd28fee6f59a539931a5de892ca0ebe1ba810d
.exe windows x86

6076f40665d71acd93b06b563412f03d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertFindExtension
CertGetCertificateContextProperty
CertCreateCertificateContext
CertGetNameStringA
CertDuplicateCertificateContext
CryptDecodeObject
CertSetCertificateContextProperty
CertGetEnhancedKeyUsage
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertFindCertificateInStore
CertOpenSystemStoreA

cfgmgr32

CM_Locate_DevNodeA
CM_Get_DevNode_Status
CM_Get_Device_IDA

iphlpapi

GetInterfaceInfo
GetAdaptersInfo
GetIfEntry
IpReleaseAddress
IpRenewAddress
NotifyAddrChange

powrprof

GetCurrentPowerPolicies

shlwapi

SHDeleteKeyA

bcm1xsup

@B1xsStatusFormat@12
@B1xsStatusRelatedContext@4
@B1xsGetLogError@20
@B1xsCredentialsNumber@4
@B1xsIterateAdapters@4
@B1xsContextType@4
@B1xsIterateAdaptersNext@4
@B1xsStatusNumber@4
@B1xsAdapterGetMacAddress@8
@B1xsGlobalConfigCertStores@20
@B1xsAdapterAuthenticateStop@4
@B1xsContextRelease@4
@B1xsContextFASTGetPACData@12
@B1xsContextOpenNacInterface@4
@B1xsContextCloseNacInterface@4
@B1xsGlobalConfigLoginCallback@8
@B1xsGlobalOpenContext@4
@B1xsContextConfigPeapCredentials@44
@B1xsAdapterQuery@8
@B1xsContextConfigMd5Credentials@12
@B1xsContextConfigTTLSCredentials@40
@B1xsContextConfigTLSCredentials@36
@B1xsRestartAdapterAuthenticate@4
@B1xsContextConfigFASTCredentials@60
@B1xsContextEapFastAIDCallBack@12
@B1xsAdapterAuthenticate@8
@B1xsAdapterGetGtcPromptText@8
@B1xsAdapterGetName@20

mfc80

ord911
ord4035
ord2475
ord755
ord564
ord2368
ord2372
ord3195
ord2991
ord620
ord6067
ord6065
ord2654
ord2719
ord3401
ord3761
ord5613
ord3850
ord1527
ord2469
ord265
ord266
ord5563
ord1580
ord3255
ord1181
ord5320
ord2346
ord6286
ord5331
ord6297
ord6205
ord747
ord559
ord3174
ord749
ord628
ord763
ord765
ord4044
ord548
ord2598
ord3466
ord395
ord4265
ord4277
ord1306
ord2173
ord5205
ord5148
ord3945
ord1557
ord4019
ord2424
ord2425
ord2992
ord5356
ord943
ord4904
ord2939
ord4135
ord4309
ord5012
ord5009
ord2615
ord1913
ord2246
ord635
ord5165
ord1160
ord4768
ord2253
ord4108
ord4299
ord3648
ord723
ord1003
ord531
ord3296
ord5445
ord2274
ord866
ord660
ord2286
ord974
ord423
ord3233
ord4063
ord5466
ord4353
ord1091
ord3683
ord4541
ord3592
ord757
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord907
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord1149
ord1150
ord300
ord566
ord5383
ord1138
ord5420
ord1200
ord1119
ord593
ord6252
ord5568
ord5569
ord5119
ord334
ord1054
ord1126
ord2248
ord3596
ord5905
ord3609
ord3602
ord6754
ord590
ord1128
ord2141
ord331
ord3169
ord1144
ord3635
ord3428
ord1230
ord1190
ord2815
ord3952
ord2376
ord2942
ord2250
ord314
ord2252
ord3534
ord476
ord2857
ord5380
ord6249
ord6265
ord2911
ord6264
ord701
ord4314
ord2833
ord807
ord795
ord796
ord494
ord496
ord5459
ord5437
ord908
ord865
ord2328
ord869
ord3022
ord4109
ord380
ord3201
ord2702
ord2703
ord5493
ord629
ord6288
ord1439
ord5323
ord2903
ord5089
ord384
ord744
ord1452
ord5097
ord556
ord584
ord1434
ord5688
ord317
ord783
ord2371
ord2367
ord5430
ord1916
ord4066
ord2938
ord2899
ord2657
ord426
ord663
ord1031
ord2306
ord2259
ord3514
ord5341
ord1211
ord301
ord1159
ord3051
ord298
ord2292
ord1250
ord432
ord3095
ord2746
ord2753
ord2750
ord2122
ord5627
ord5879
ord2907
ord5326
ord6292
ord4057
ord6212
ord916
ord2310
ord1444
ord2472
ord4102
ord3768
ord667
ord2349
ord3501
ord1151
ord6138
ord5717
ord6007
ord2468
ord5403
ord2271
ord305
ord1482
ord6002
ord328
ord588
ord1005
ord3684
ord1161
ord6090
ord1024
ord1486
ord2272
ord5529
ord3997
ord6703
ord299
ord1489
ord1917
ord386
ord2280
ord2288
ord2751
ord2275
ord631
ord2322
ord378
ord297
ord781
ord6725
ord5915
ord1620
ord1617
ord3946
ord1402
ord4244
ord5152
ord1908
ord5073
ord6275
ord4185
ord5214
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3337
ord572
ord558
ord2131
ord5438
ord760
ord746
ord1903
ord1084
ord304
ord545
ord784
ord762
ord1193
ord733
ord578
ord310
ord1191
ord1187
ord1185
ord764
ord912
ord1920
ord1207

msvcr80

_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
wcslen
memmove
isalpha
toupper
isdigit
_mbscmp
_mbsupr
wcsncpy
__p__commode
??8type_info@@QBE_NABV0@@Z
mbstowcs
_strdup
qsort
fgetws
isxdigit
strtoul
_mbstok
_mbsstr
atoi
strstr
strrchr
_access
sprintf
__iob_func
fprintf
strncpy
vsprintf_s
isspace
srand
rand
wcschr
clock
vsprintf
memmove_s
??0exception@std@@QAE@ABV01@@Z
_setmbcp
_stricmp
_wcsicmp
__p__fmode
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_itoa
malloc
free
wcscpy_s
calloc
_recalloc
_resetstkoflw
__CxxFrameHandler3
_purecall
memset
_mktime64
strftime
_localtime64_s
_invalid_parameter_noinfo
memcpy
_snprintf
strcpy_s
_time64
printf
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_CxxThrowException
_controlfp_s

kernel32

FileTimeToSystemTime
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
GetEnvironmentVariableA
lstrlenA
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
CreateToolhelp32Snapshot
Sleep
GetProcAddress
CreateEventA
GetCurrentThreadId
GetCurrentProcess
WinExec
OpenEventA
ResetEvent
GetOverlappedResult
WaitForMultipleObjects
FreeLibrary
LoadLibraryA
CreateMutexA
SizeofResource
LockResource
LoadResource
FindResourceA
lstrcmpA
SetUnhandledExceptionFilter
GetLocaleInfoA
GetUserDefaultLangID
CreateFileA
DeviceIoControl
SetLastError
OutputDebugStringA
ExpandEnvironmentStringsA
lstrcpyA
LocalAlloc
LocalFree
FileTimeToLocalFileTime
GetFileAttributesA
CreateProcessA
WriteConsoleInputA
GetStdHandle
FlushConsoleInputBuffer
OpenMutexA
FormatMessageA
GetExitCodeProcess
GetSystemDirectoryA
GetDateFormatA
SystemTimeToTzSpecificLocalTime
QueueUserWorkItem
FindResourceExA
EnumResourceNamesA
SetThreadLocale
GetThreadLocale
GlobalFree
GlobalAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
ReadFile
GetFileSize
GetTickCount
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEvent
WaitForSingleObject
GetModuleHandleA
ResumeThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
OpenProcess
HeapFree
HeapAlloc
GetProcessHeap
GetFileAttributesExA
GetModuleFileNameA
CopyFileA
GetComputerNameA
GetWindowsDirectoryA
Process32Next
GetACP
SetFileAttributesA
CloseHandle
LoadLibraryW
Process32First

user32

DispatchMessageA
GetDesktopWindow
MessageBoxA
GetClassInfoA
PostQuitMessage
GetWindowThreadProcessId
EnumThreadWindows
GetPropA
SetWindowLongA
RemovePropA
UpdateWindow
SetProcessWindowStation
GetWindowLongA
CloseDesktop
RegisterWindowMessageA
KillTimer
GetSubMenu
GetClassNameA
SetMenuItemInfoA
SetDlgItemTextA
GetParent
InvalidateRect
GetWindowRect
ReleaseDC
CharLowerA
CharLowerW
CharUpperA
GetDC
CloseWindowStation
GetClientRect
CharUpperW
RegisterDeviceNotificationA
UnregisterDeviceNotification
EnableWindow
IsWindow
PostMessageA
GetWindow
SendMessageA
IsMenu
GetMenuState
GetMenuItemCount
DeleteMenu
LoadStringA
BroadcastSystemMessageA
PeekMessageA
SetTimer
TranslateMessage

gdi32

GetTextExtentPoint32A

advapi32

CryptDestroyKey
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
LookupAccountSidA
RegEnumKeyExA
CreateServiceA
CloseServiceHandle
StartServiceA
CryptGetProvParam
CryptSetProvParam
RegCreateKeyExA
RegQueryInfoKeyA
RegNotifyChangeKeyValue
RegEnumValueA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
OpenServiceA
OpenSCManagerA
CryptGenKey
CryptGetUserKey
CryptAcquireContextA
CryptDestroyHash
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptReleaseContext
CryptHashData
AllocateAndInitializeSid
LookupAccountSidW
FreeSid
CryptGetKeyParam
GetUserNameA
CryptCreateHash

ole32

StringFromCLSID
ProgIDFromCLSID
CoCreateInstance
CoTaskMemFree
CoCreateGuid

oleaut32

VariantInit
RegisterActiveObject
RevokeActiveObject
VariantClear
VariantCopy
SysFreeString
VariantChangeType

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

wsock32

closesocket
gethostbyaddr
setsockopt
socket
WSAStartup
recvfrom
gethostbyname
ioctlsocket
inet_addr
select
WSAGetLastError
sendto

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

HttpQueryInfoA
InternetOpenA
InternetConnectA
InternetCloseHandle
InternetErrorDlg
HttpSendRequestA
HttpSendRequestExA
InternetReadFile
InternetWriteFile
HttpEndRequestA
InternetQueryOptionA
InternetOpenUrlA
HttpOpenRequestA

ws2_32

WSAAddressToStringA

winscard

SCardStatusA
g_rgSCardT1Pci
g_rgSCardT0Pci
SCardTransmit
SCardEstablishContext
SCardListCardsA
SCardCancel
SCardReleaseContext
SCardListReadersA
SCardGetStatusChangeA
SCardGetCardTypeProviderNameA
SCardDisconnect
SCardConnectA
SCardFreeMemory

Sections

.text
Size: 368KB - Virtual size: 364KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6076f40665d71acd93b06b563412f03d

Headers

File Characteristics

Imports

crypt32

cfgmgr32

iphlpapi

powrprof

shlwapi

bcm1xsup

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp80

wsock32

version

wininet

ws2_32

winscard

Sections

.text Size: 368KB - Virtual size: 364KB

.rdata Size: 124KB - Virtual size: 120KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 368KB - Virtual size: 364KB

.rdata
Size: 124KB - Virtual size: 120KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 1.4MB - Virtual size: 1.4MB