d934adeb398cd3688a78aefcd265ab6115bf8bc644f6897e75e0191894d8227e

Sharing

Copy URL Twitter E-mail

General

Target

d934adeb398cd3688a78aefcd265ab6115bf8bc644f6897e75e0191894d8227e
Size

389KB
MD5

fa4ec4c2f2d4d8f6e2c68d07d66cba4f
SHA1

67c4c0792a1f53c8da7ea7718e649eab7dcc1852
SHA256

d934adeb398cd3688a78aefcd265ab6115bf8bc644f6897e75e0191894d8227e
SHA512

732ea87375193b1ecc9765852191375787714a5b0978f4298b5847c6e0fe5b77242d996153d663a77095c67cc729b9d6a343b0a53326e7673ae7299dc8eb9ff1
SSDEEP

6144:5RWhu4DBFSeMBw8KKozxIuQM04uR/+4Va7U5YJNi/YkZ2nKYjYaKjPyB6ihKWtsx:HWhHdFL6oKo0x9rL/YkZmKY0aKjAhq

Score

N/A

Malware Config

Signatures

Files

d934adeb398cd3688a78aefcd265ab6115bf8bc644f6897e75e0191894d8227e
.exe windows x86

afa422d2d161457209faab9611861739

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

StartFormPage
GdiFullscreenControl
GdiEntry9
CreateDiscardableBitmap
BRUSHOBJ_pvAllocRbrush
PATHOBJ_vEnumStart
EngReleaseSemaphore
DeleteDC
GetEnhMetaFilePixelFormat
CreateICW
PlayMetaFile
GetWorldTransform
MoveToEx
DdEntry4
GetTextExtentExPointWPri
DdEntry34
DdEntry29
CreatePenIndirect
EnumFontFamiliesExA
GdiEntry11
DdEntry38
Arc
RoundRect
EngDeletePalette
GetPolyFillMode
SetVirtualResolution
GdiPlayScript
DdEntry24
DdEntry55
BRUSHOBJ_ulGetBrushColor
PtInRegion
DdEntry15
EngFillPath
CloseEnhMetaFile
GetRelAbs
PolyPatBlt
GetDIBColorTable
GetETM
CreateBrushIndirect
SetBkColor
OffsetWindowOrgEx
GdiInitSpool
GetWindowExtEx

kernel32

SetDefaultCommConfigA
FindVolumeClose
IsProcessorFeaturePresent
RemoveDirectoryA
VirtualAlloc
GetConsoleTitleA
SetComputerNameW
GetTempFileNameW
ReadConsoleOutputAttribute
HeapCreate
GetNumaHighestNodeNumber
SetComputerNameA
ConvertDefaultLocale
CreateRemoteThread
GetNextVDMCommand
DosDateTimeToFileTime
EnumLanguageGroupLocalesA
GetTimeZoneInformation
GetCurrentThread
EnumDateFormatsW
GetStringTypeExA
IsDBCSLeadByteEx
GlobalAddAtomA
GetConsoleCursorInfo
OpenEventA
InterlockedFlushSList
GetVersionExW
SetFileApisToANSI
ConvertFiberToThread
OpenWaitableTimerA
FindFirstVolumeMountPointW
MoveFileExA
VirtualUnlock
WriteFile
Heap32ListNext
GetEnvironmentStringsA
FindAtomW
LoadLibraryA
GetEnvironmentVariableA
lstrlenA

ws2_32

WSAGetServiceClassInfoW
WSAAddressToStringA
WSAHtons
WSASocketW
WSASendTo
WSAGetLastError
WSAGetServiceClassNameByClassIdA
listen
WSAAsyncSelect
WSADuplicateSocketA
WSAEventSelect
WSACloseEvent
WSAAsyncGetHostByAddr
WSCEnumProtocols
WSASetEvent
WSAEnumNameSpaceProvidersW
recv
WEP
WSAStartup
WSACancelBlockingCall
getservbyname
WSAUnhookBlockingHook
WSARemoveServiceClass
WSAIsBlocking
WSApSetPostRoutine
WSANtohl
WSASetBlockingHook
WSAJoinLeaf
htonl
ntohl
sendto
WSAGetQOSByName
socket
WSCDeinstallProvider
WSAAsyncGetServByPort

advapi32

AddAccessDeniedAce
CreatePrivateObjectSecurityEx
CommandLineFromMsiDescriptor
SetTraceCallback
RegUnLoadKeyA
OpenServiceW
WmiDevInstToInstanceNameA
SetThreadToken
SystemFunction035
ElfRegisterEventSourceW
SaferiIsExecutableFileType
SystemFunction034
QueryServiceObjectSecurity
QueryRecoveryAgentsOnEncryptedFile
LsaGetSystemAccessAccount
ProcessTrace
EnumServicesStatusExW
TraceEvent
LsaSetDomainInformationPolicy
WmiFileHandleToInstanceNameA
ConvertStringSDToSDDomainW
ElfOldestRecord
CreatePrivateObjectSecurity
SetAclInformation
AddAuditAccessAceEx
WmiQueryGuidInformation
RegRestoreKeyA
ElfCloseEventLog
FlushTraceA
GetSecurityDescriptorLength
RegQueryInfoKeyW
SaferSetLevelInformation
CloseTrace
LockServiceDatabase
CredpEncodeCredential
BuildTrusteeWithSidW
RegUnLoadKeyW
RegOpenKeyW
FindFirstFreeAce
WmiQuerySingleInstanceMultipleW
CloseCodeAuthzLevel

olecli32

DibEnumFormat
LeCopy
PbCreateLinkFromClip
MfDraw
DefCreateLinkFromFile
BmCopy
MfEnumFormat
GenCopy
LeGetUpdateOptions
DefCreateLinkFromClip
LeQueryBounds
ErrQueryOpen
SrvrWndProc
PbGetData
OleRequestData
OleQueryOutOfDate
OleCreateFromFile
GetTaskVisibleWindow
DibCopy
GenEqual
DefCreateFromClip
GenRelease
LeEqual
OleRename
WEP
OleActivate
GenDraw
OleQueryOpen
ErrExecute
PbCreateFromClip
OleSetHostNames
OleExecute
LeSetHostNames
LeClose
MfCopy
BmClone

msvcrt40

__p__wpgmptr
??_Dostrstream@@QAEXXZ
?close@fstream@@QAEXXZ
??_Ebad_typeid@@UAEPAXI@Z
_pgmptr
_getmbcp
??1stdiostream@@UAE@XZ
_makepath
?epptr@streambuf@@IBEPADXZ
??4ostream@@IAEAAV0@ABV0@@Z
?close@filebuf@@QAEPAV1@XZ
_adjust_fdiv
??4fstream@@QAEAAV0@AAV0@@Z
log
?sputbackc@streambuf@@QAEHD@Z
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??0ofstream@@QAE@PBDHH@Z
iswctype
??0ifstream@@QAE@PBDHH@Z
strncat
pow
_fputchar
?oct@@YAAAVios@@AAV1@@Z
_searchenv
??_Giostream@@UAEPAXI@Z
??0ostream_withassign@@QAE@XZ
_seterrormode
??0ostream@@IAE@ABV0@@Z
?fLockcInit@ios@@0HA
_ultoa
free
?snextc@streambuf@@QAEHXZ
_filbuf
??4strstreambuf@@QAEAAV0@ABV0@@Z
?setbuf@streambuf@@UAEPAV1@PADH@Z
strlen
asin

netapi32

NlBindingAddServerToCache
I_BrowserResetNetlogonState
I_NetServerSetServiceBits
NetWkstaGetInfo
DsGetDcNameA
NetUserDel
NetDfsGetDcAddress
NetLocalGroupGetMembers
I_NetServerAuthenticate3
NetpwNameValidate
NetLogonGetTimeServiceParentDomain
I_NetDatabaseRedo
NetShareCheck
NetScheduleJobDel
NetReplImportDirGetInfo
NetFileGetInfo
NetShareAdd
NetUserSetGroups
NetGroupAdd
NetLocalGroupDelMember
NetServiceGetInfo
NetGroupSetInfo
NetDfsRemoveFtRootForced
DsValidateSubnetNameA
NetAuditWrite
NetMessageNameDel
I_NetLogonControl
NetLocalGroupAddMembers
NetUnregisterDomainNameChangeNotification
DsRoleGetPrimaryDomainInformation
NetReplExportDirGetInfo
NetShareEnumSticky
NetDfsAddStdRootForced
NetConfigGet
I_NetAccountSync
DsRoleAbortDownlevelServerUpgrade
NetLocalGroupEnum
NetServerDiskEnum
DsRoleDcAsReplica
NetpCloseConfigData
NetpGetFileSecurity
I_NetLogonUasLogoff

Sections

.text
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 194KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afa422d2d161457209faab9611861739

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

ws2_32

advapi32

olecli32

msvcrt40

netapi32

Sections

.text Size: 105KB - Virtual size: 108KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 512B - Virtual size: 600KB

.rsrc Size: 194KB - Virtual size: 196KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 105KB - Virtual size: 108KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 512B - Virtual size: 600KB

.rsrc
Size: 194KB - Virtual size: 196KB

.reloc
Size: 1024B - Virtual size: 4KB