ce297d741d9db3b4f212075292b948f1cd94236ffd1bdf4b8d41982fe62227d8

Sharing

Copy URL Twitter E-mail

General

Target

ce297d741d9db3b4f212075292b948f1cd94236ffd1bdf4b8d41982fe62227d8
Size

50KB
MD5

ff26a4b76ce891845dca47a9fe16ac61
SHA1

960f9fc41f7c79a9decd4adbecceb13da2580eb9
SHA256

ce297d741d9db3b4f212075292b948f1cd94236ffd1bdf4b8d41982fe62227d8
SHA512

baef97d6da4ee4ad88de0fb1f3d84ebd235ec1992cc726a683ad95fb360ce983caa4873689b645588446eeb1c2df6057da500843519b6dd1dfb14af6e01407f3
SSDEEP

768:vj4/8rEl979Et8suczfSw1gm3UC4VMucGuFI1Z+AlWByJOa8qgWMEtJYedvHd8:vc/rovzaw1gHVM1KZ+AdVBgWMEIedV8

Score

N/A

Malware Config

Signatures

Files

ce297d741d9db3b4f212075292b948f1cd94236ffd1bdf4b8d41982fe62227d8
.exe windows x86

87e6298b3b20129cfa546a58798a8bbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
CmdBatNotification
Heap32ListNext
Process32Next
FreeConsole
GetProfileStringW
CompareStringW
SetComputerNameExA
TransmitCommChar
FindFirstFileExW
GetConsoleFontInfo
GetConsoleAliasW
EnumResourceLanguagesW
InterlockedPushEntrySList
SetVolumeMountPointW
GetModuleHandleW
FindActCtxSectionStringW
LZDone
RequestDeviceWakeup
UpdateResourceA
UTUnRegister
ResumeThread
VirtualAlloc
GetNumaProcessorNode
GetVDMCurrentDirectories
SetComPlusPackageInstallStatus
InterlockedIncrement
GetDriveTypeA
FindAtomA
WritePrivateProfileStructA
IsSystemResumeAutomatic
SetFileShortNameW
GetStringTypeW
GetProfileStringA
Module32Next
WaitForMultipleObjectsEx
GlobalAlloc
GetProcAddress
BackupWrite
GetStartupInfoA
GetProcessHeaps
SetConsoleIcon
MoveFileExW
LoadLibraryA
ReadProcessMemory
FindAtomW
VerLanguageNameW
SetCommBreak
GetConsoleAliasesLengthW
BackupSeek
SetThreadPriority
AddLocalAlternateComputerNameA
WritePrivateProfileStringW
LocalAlloc
AllocateUserPhysicalPages
GetVolumePathNameW
BaseCleanupAppcompatCacheSupport
lstrcmpiW
ConvertDefaultLocale
GetStringTypeExW
WriteConsoleOutputAttribute
RtlCaptureStackBackTrace
FindActCtxSectionStringA
AddVectoredExceptionHandler
SetStdHandle
GetConsoleAliasExesLengthW
GetConsoleScreenBufferInfo
GetCalendarInfoW
WritePrivateProfileSectionW

dssenh

CPGetHashParam
CPExportKey
CPDuplicateHash
CPDecrypt
CPDeriveKey
CPSetKeyParam
CPDuplicateKey
CPGetKeyParam
CPSetHashParam
CPImportKey
CPCreateHash
CPGetProvParam
CPVerifySignature
CPReleaseContext
CPDestroyKey
CPAcquireContext
CPSetProvParam
CPDestroyHash
CPGetUserKey
CPEncrypt
CPGenRandom
CPHashSessionKey
CPGenKey
CPHashData
CPSignHash

untfs

?CompareFileName@NTFS_MFT_INFO@@SGEPAXKPAU_FILE_NAME@@PAG@Z
??1NTFS_MFT_FILE@@UAE@XZ
?Write@NTFS_BITMAP@@QAEEPAVNTFS_ATTRIBUTE@@PAV1@@Z
?Read@NTFS_SA@@QAEEPAVMESSAGE@@@Z
??1NTFS_LOG_FILE@@UAE@XZ
?QueryExtentList@NTFS_ATTRIBUTE_RECORD@@QBEEPAVNTFS_EXTENT_LIST@@@Z
?QueryAttributeByOrdinal@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKK@Z
??1NTFS_BOOT_FILE@@UAE@XZ
?Initialize@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@0@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ
??0NTFS_ATTRIBUTE_LIST@@QAE@XZ
?QueryClusterFactor@NTFS_SA@@QBEEXZ
??1NTFS_SA@@UAE@XZ
ChkdskEx
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
?Resize@NTFS_ATTRIBUTE@@UAEEVBIG_INT@@PAVNTFS_BITMAP@@@Z
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
?IsAttributePresent@NTFS_FILE_RECORD_SEGMENT@@QAEEKPBVWSTRING@@E@Z
?QueryVolumeFlagsAndLabel@NTFS_SA@@QAEGPAE00PAVWSTRING@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
?ResetIterator@NTFS_INDEX_TREE@@QAEXXZ
?IsDosName@NTFS_SA@@SGEPBU_FILE_NAME@@@Z
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
?AddFileNameAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAU_FILE_NAME@@@Z
?IsFree@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
?AllocateFileRecordSegment@NTFS_MASTER_FILE_TABLE@@QAEEPAVBIG_INT@@E@Z
??0NTFS_LOG_FILE@@QAE@XZ
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
??0NTFS_ATTRIBUTE@@QAE@XZ
??0NTFS_ATTRIBUTE_RECORD@@QAE@XZ
??0NTFS_REFLECTED_MASTER_FILE_TABLE@@QAE@XZ

msvcirt

??0istrstream@@QAE@PAD@Z
??1ostream@@UAE@XZ
??_7stdiobuf@@6B@
?str@strstream@@QAEPADXZ
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
??1stdiostream@@UAE@XZ
?pbackfail@streambuf@@UAEHH@Z
?putback@istream@@QAEAAV1@D@Z
??0strstreambuf@@QAE@XZ
??_7streambuf@@6B@
??_7filebuf@@6B@
?tie@ios@@QAEPAVostream@@PAV2@@Z
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
?clog@@3Vostream_withassign@@A
?x_curindex@ios@@0HA
??1istrstream@@UAE@XZ
??_Gexception@@UAEPAXI@Z
?flags@ios@@QBEJXZ
?overflow@filebuf@@UAEHH@Z
?setmode@filebuf@@QAEHH@Z
??0filebuf@@QAE@HPADH@Z
?setf@ios@@QAEJJ@Z
??_Eexception@@UAEPAXI@Z
?read@istream@@QAEAAV1@PACH@Z
??0iostream@@IAE@ABV0@@Z
??0istream_withassign@@QAE@XZ
?open@fstream@@QAEXPBDHH@Z
?fill@ios@@QAEDD@Z
??0filebuf@@QAE@ABV0@@Z

ntdll

RtlGetSaclSecurityDescriptor
NtWriteFileGather
RtlCreateBootStatusDataFile
RtlTimeToTimeFields
RtlSubAuthorityCountSid
RtlIsTextUnicode
RtlConvertUlongToLargeInteger
RtlFillMemoryUlong
RtlGetActiveActivationContext
ZwUnloadKeyEx
vDbgPrintEx
NtTerminateProcess
NtRegisterThreadTerminatePort
ZwCreateIoCompletion
RtlComputePrivatizedDllName_U
RtlSetIoCompletionCallback
NtSetSystemPowerState
NtFlushVirtualMemory
_CIpow
RtlDosSearchPath_Ustr
iswalpha
iswdigit
ZwSignalAndWaitForSingleObject
RtlAllocateAndInitializeSid
RtlpEnsureBufferSize
NtCallbackReturn
ZwUnlockFile
NtQuerySemaphore
NtLockProductActivationKeys
ZwMapViewOfSection

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87e6298b3b20129cfa546a58798a8bbc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

dssenh

untfs

msvcirt

ntdll

Sections

.text Size: 37KB - Virtual size: 36KB

.rdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 37KB - Virtual size: 36KB

.rdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 1KB