ecf95e86288cf3d1fe0e8364f2a958be394a25e6160f0d0c72655a725bd06687

Sharing

Copy URL Twitter E-mail

General

Target

ecf95e86288cf3d1fe0e8364f2a958be394a25e6160f0d0c72655a725bd06687
Size

606KB
MD5

6ce54b6b87b7a43a6a59a116e70c7ee6
SHA1

86ada1361dc9d7e7f397176420a890b0bffbe9ca
SHA256

ecf95e86288cf3d1fe0e8364f2a958be394a25e6160f0d0c72655a725bd06687
SHA512

925717062b020310e32f7c3c028f6e790f55cf3799f32592dabec54bb913959e251fd313986819b1a65371f119cf25c446498e0572819aabfb424b46c916423b
SSDEEP

12288:wRSKAETUuH4shbOHckWaZONoIfBkYbQEIVPBPTzHF3743X4071KcreMQHj:wFAETTbO4aZOKIfvbvIVpnx7i7Ikm

Score

N/A

Malware Config

Signatures

Files

ecf95e86288cf3d1fe0e8364f2a958be394a25e6160f0d0c72655a725bd06687
.exe windows x86

f081aec522ebfa319fde42264e6a7d81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3

oleaut32

GetErrorInfo
VarCyFromDisp
VarBoolFromDate

oleacc

AccessibleObjectFromEvent
CreateStdAccessibleObject

msimg32

AlphaBlend

rasapi32

RasDeleteEntryW
RasGetEntryDialParamsW
RasEditPhonebookEntryA
RasCreatePhonebookEntryW
RasDialW
RasGetCountryInfoW
RasValidateEntryNameA
RasEnumDevicesA

advapi32

GetServiceKeyNameW
LookupPrivilegeNameW
LookupPrivilegeDisplayNameA
CloseEventLog
RegRestoreKeyW
RegSetValueExW
ReportEventW
ChangeServiceConfigW
RegCreateKeyExA
NotifyChangeEventLog
SetSecurityDescriptorOwner
QueryServiceStatus
GetFileSecurityW
RegNotifyChangeKeyValue
GetNumberOfEventLogRecords
OpenBackupEventLogA
RegisterEventSourceA
RegConnectRegistryW
LsaRemoveAccountRights
ReportEventA
DuplicateToken
RegQueryValueW
GetOldestEventLogRecord
GetKernelObjectSecurity
LookupAccountNameA
EncryptFileW
LsaCreateTrustedDomainEx
DecryptFileA
RegCloseKey
ObjectDeleteAuditAlarmA
LsaOpenPolicy
LsaSetTrustedDomainInfoByName
RegFlushKey
LsaClose
LsaLookupSids
RegQueryValueA
InitializeSecurityDescriptor
RegEnumKeyA
BuildTrusteeWithNameW
StartServiceCtrlDispatcherA
RegOpenKeyW
OpenServiceW
OpenProcessToken
LsaLookupNames
EnumServicesStatusA
AccessCheckAndAuditAlarmA
RegSetKeySecurity
LookupPrivilegeDisplayNameW
LsaStorePrivateData
StartServiceA
LockServiceDatabase
AccessCheck
QueryServiceConfigA
AbortSystemShutdownW
BackupEventLogW
RegEnumKeyExA
OpenEventLogA
ClearEventLogW
ChangeServiceConfig2A
GetSidLengthRequired
GetSidSubAuthority
InitiateSystemShutdownW

wininet

FtpOpenFileA
InternetCombineUrlA
InternetGoOnline
InternetCreateUrlW
FtpFindFirstFileW
InternetCheckConnectionA
InternetHangUp
InternetAutodialHangup
InternetConnectW
HttpEndRequestA
HttpOpenRequestW
InternetCreateUrlA
InternetCanonicalizeUrlA
InternetCloseHandle
CommitUrlCacheEntryW
HttpQueryInfoA
FtpCreateDirectoryW
InternetWriteFile
SetUrlCacheEntryInfoA
InternetSetDialState
HttpAddRequestHeadersA
CommitUrlCacheEntryA
FtpRenameFileA
InternetQueryOptionA
GetUrlCacheEntryInfoW
FtpGetFileW
FindNextUrlCacheEntryExW
FtpCreateDirectoryA
InternetCrackUrlA
GopherOpenFileA
RetrieveUrlCacheEntryFileA
InternetCombineUrlW
GopherCreateLocatorW
InternetTimeFromSystemTime
InternetOpenUrlA
FtpPutFileA
InternetOpenW
InternetCrackUrlW
HttpEndRequestW
InternetQueryOptionW

ole32

ReadClassStm
OleUninitialize

imagehlp

SymGetLineNext
ImageAddCertificate
GetImageUnusedHeaderBytes
ImageGetDigestStream
SymMatchFileName
SymLoadModule
SymGetSearchPath
SetImageConfigInformation
SymGetSymNext
FindDebugInfoFile
GetImageConfigInformation
SymGetOptions
SearchTreeForFile
SymFunctionTableAccess
SymGetSymFromAddr
ImageDirectoryEntryToData
SymGetLineFromAddr
EnumerateLoadedModules
BindImage
ImageLoad
SymGetModuleBase
SymGetLineFromName
MakeSureDirectoryPathExists
SymSetSearchPath
SymRegisterCallback
SymGetSymFromName
GetTimestampForLoadedLibrary
ImagehlpApiVersion

setupapi

SetupGetSourceFileLocationW
SetupSetSourceListA
SetupDiOpenDeviceInterfaceRegKey
SetupDiCancelDriverInfoSearch
SetupInstallFilesFromInfSectionA
SetupFreeSourceListW
SetupOpenFileQueue
SetupDiGetClassDevsW
SetupDiRemoveDevice
SetupGetStringFieldA
SetupDiEnumDriverInfoW
SetupDiInstallClassA
SetupGetTargetPathW
SetupDiInstallClassExW
SetupDiCreateDeviceInterfaceW
SetupDiGetDriverInfoDetailA
SetupDiSetDriverInstallParamsW
SetupDiEnumDeviceInterfaces
SetupGetFileCompressionInfoW
SetupAddToDiskSpaceListW
SetupQueryInfVersionInformationA
SetupCommitFileQueueA
SetupDiBuildClassInfoListExA
SetupAddToDiskSpaceListA
SetupAddInstallSectionToDiskSpaceListW
SetupScanFileQueueA
SetupQueueCopySectionW
SetupDiCreateDeviceInterfaceRegKeyW
SetupSetDirectoryIdExA
SetupDiGetDriverInstallParamsA
SetupRemoveFromDiskSpaceListW
SetupDiGetDeviceInterfaceDetailW
SetupQueueCopySectionA
SetupDefaultQueueCallbackA
SetupDiCreateDeviceInterfaceRegKeyA
SetupScanFileQueueW
SetupDiGetDeviceInstanceIdW
SetupDiGetDriverInstallParamsW
SetupDiGetClassImageList
SetupGetLineCountA
SetupDiCreateDevRegKeyW
SetupDiGetDeviceInfoListClass
SetupSetSourceListW
SetupQueueDeleteSectionW
SetupQueueDefaultCopyW
SetupGetStringFieldW
SetupDiSetSelectedDevice
SetupCloseFileQueue
SetupOpenAppendInfFileW
SetupPromptReboot
SetupDiOpenDeviceInfoW

kernel32

CompareStringW
GetStringTypeExW
GetFileSize
GetDevicePowerState

shlwapi

PathFindNextComponentA
PathRemoveBackslashW
PathRemoveBlanksA
PathStripPathA
SHRegGetUSValueA
PathParseIconLocationA
PathMatchSpecA
PathMakeSystemFolderA
PathCompactPathExW
PathCommonPrefixA
SHDeleteEmptyKeyW
StrCSpnW
PathIsDirectoryW
StrToIntExA
PathIsContentTypeW
PathIsURLW
PathIsUNCServerW
PathAppendW
PathMakePrettyW
StrIsIntlEqualW
StrDupW
SHQueryValueExW
PathIsURLA
ChrCmpIW
PathCompactPathA
PathCommonPrefixW
StrSpnW
PathCanonicalizeA
PathSearchAndQualifyA
PathIsUNCServerA
PathMakeSystemFolderW
StrToIntExW
PathRemoveExtensionA
SHEnumKeyExA
SHRegDeleteUSValueA
SHQueryInfoKeyA
PathRemoveBackslashA
StrCmpW
PathIsFileSpecW
SHCreateShellPalette
StrCatW
SHRegCloseUSKey
PathIsSameRootA
SHOpenRegStreamW
PathIsUNCA
PathStripToRootW
PathAppendA
PathSkipRootA
SHGetValueW
PathRelativePathToW
PathCompactPathExA
PathIsContentTypeA
PathGetDriveNumberA
StrCpyW
SHOpenRegStreamA
SHDeleteEmptyKeyA
SHSetValueA
SHRegDeleteEmptyUSKeyW
StrToIntW
PathUnmakeSystemFolderA
SHRegQueryInfoUSKeyA
PathCompactPathW
PathRemoveExtensionW

msi

ord31
ord27
ord20
ord75
ord165
ord22
ord26
ord57
ord7
ord74
ord47

pdh

PdhGetLogFileSize
PdhReadRawLogRecord
PdhGetDataSourceTimeRangeA
PdhConnectMachineW
PdhEnumObjectsW
PdhEnumMachinesA
PdhValidatePathA
PdhGetDefaultPerfObjectW
PdhGetDefaultPerfCounterW
PdhGetCounterTimeBase
PdhGetRawCounterValue
PdhSelectDataSourceA

rpcrt4

RpcRevertToSelf
NdrEncapsulatedUnionFree
NdrFullPointerXlatInit
NdrConformantVaryingStructMarshall
NdrUserMarshalUnmarshall
RpcSsAllocate
NdrVaryingArrayMarshall
RpcSsGetThreadHandle
RpcBindingSetAuthInfoA
NdrNonEncapsulatedUnionMemorySize
NdrComplexStructFree
NdrComplexArrayFree
MesInqProcEncodingId
NdrVaryingArrayMemorySize
RpcServerUseProtseqExW
I_RpcGetCurrentCallHandle
NdrSimpleTypeMarshall
RpcSmSetClientAllocFree
RpcMgmtWaitServerListen
NdrConformantArrayUnmarshall
short_from_ndr_temp
MesDecodeIncrementalHandleCreate
RpcMgmtEnableIdleCleanup
UuidFromStringW
RpcSmEnableAllocate
NDRSContextUnmarshall
RpcBindingReset
NdrConformantVaryingArrayFree
NdrUserMarshalBufferSize
NdrConformantVaryingArrayBufferSize
RpcCancelThread
NdrServerUnmarshall
NdrUserMarshalMarshall
NdrVaryingArrayFree
RpcEpRegisterNoReplaceA
I_RpcFree
NdrUserMarshalMemorySize
NdrRpcSmSetClientToOsf
NdrClearOutParameters
RpcStringBindingParseW
I_UuidCreate
NdrConformantVaryingStructFree
RpcRaiseException
RpcRevertToSelfEx
RpcSsSwapClientAllocFree
NdrConformantVaryingStructUnmarshall
I_RpcMapWin32Status
RpcBindingInqAuthInfoW
NdrRpcSsDefaultFree
NdrFixedArrayMarshall
RpcNsBindingInqEntryNameA

urlmon

IsLoggingEnabledA
CoGetClassObjectFromURL
MkParseDisplayNameEx
ObtainUserAgentString
FindMediaType
IsValidURL
CoInternetParseUrl
URLDownloadToFileW
GetClassURL
CoInternetCreateZoneManager
CoInternetCombineUrl
HlinkGoBack
URLDownloadToFileA
WriteHitLogging
URLOpenPullStreamW
IsAsyncMoniker

mpr

WNetDisconnectDialog1A
WNetEnumResourceW

user32

DdeCreateStringHandleA

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f081aec522ebfa319fde42264e6a7d81

Headers

File Characteristics

Imports

msvcrt

oleaut32

oleacc

msimg32

rasapi32

advapi32

wininet

ole32

imagehlp

setupapi

kernel32

shlwapi

msi

pdh

rpcrt4

urlmon

mpr

user32

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 512B - Virtual size: 2.2MB

.tls Size: 512B - Virtual size: 88B

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 512B - Virtual size: 2.2MB

.tls
Size: 512B - Virtual size: 88B

.rsrc
Size: 7KB - Virtual size: 6KB