753162fcf234233f2422d5c7d998b29bf68a9c9cf0f8e1b28e53340d719c62fc

Sharing

Copy URL Twitter E-mail

General

Target

753162fcf234233f2422d5c7d998b29bf68a9c9cf0f8e1b28e53340d719c62fc
Size

61KB
MD5

4272e98d64bc76050f0d4b44a2a4f547
SHA1

c03b27713d82bc572af193e42e064aef0e45f7d0
SHA256

753162fcf234233f2422d5c7d998b29bf68a9c9cf0f8e1b28e53340d719c62fc
SHA512

a28a6083767fa52419ae687451841d100af7bd3c87dc69cbc390df791199854969ea4d4549d14ffe02b3144ccd8c5ccfe77ba0f2e7c4b713d361342485d3222b
SSDEEP

1536:9aE1glyMLI7OqiNYxDKw1WoE88QMMe+ohPgi:BcI7ODNYxGw+88QMMe

Score

N/A

Malware Config

Signatures

Files

753162fcf234233f2422d5c7d998b29bf68a9c9cf0f8e1b28e53340d719c62fc
.exe windows x86

370e71de71a7cb5591776d7096befda3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

pdh

PdhBrowseCountersA
PdhBrowseCountersHA
PdhBrowseCountersHW
PdhBrowseCountersW
PdhCalculateCounterFromRawValue
PdhCloseLog
PdhCloseQuery
PdhCollectQueryData
PdhCollectQueryDataEx
PdhComputeCounterStatistics
PdhConnectMachineA
PdhConnectMachineW

authz

AuthziAllocateAuditParams
AuthziFreeAuditEventType
AuthziFreeAuditParams
AuthziFreeAuditQueue
AuthziInitializeAuditEvent
AuthziInitializeAuditEventType
AuthziInitializeAuditParams
AuthziInitializeAuditParamsFromArray
AuthziInitializeAuditParamsWithRM
AuthziInitializeAuditQueue
AuthziLogAuditEvent
AuthziModifyAuditEvent
AuthziModifyAuditEventType
AuthziModifyAuditQueue
AuthziSourceAudit
AuthzFreeAuditEvent

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvcrt

fread
fopen

rasman

RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
RasConnectionEnum
IsRasmanProcess
RasActivateRoute
RasActivateRouteEx
RasAddConnectionPort
RasAddNotification
RasAllocateRoute
RasBundleClearStatistics
RasBundleClearStatisticsEx
RasBundleGetPort
RasBundleGetStatistics
RasBundleGetStatisticsEx
RasCompressionGetInfo
RasCompressionSetInfo
RasConnectionEnum
RasConnectionGetStatistics
RasCreateConnection
RasDeAllocateRoute
RasDestroyConnection
RasDeviceConnect

kernel32

SetErrorMode
SetFilePointer
DecodePointer
CreateMutexA
GetOEMCP
ExitProcess
GetCommState
GetCommandLineA
GetWindowsDirectoryA

dnsapi

DnsQueryConfig
DnsQueryConfigAllocEx
DnsQueryConfigDword
DnsQueryExA
DnsQueryExUTF8
DnsQueryExW
DnsQueryConfig
DnsQueryConfigAllocEx
DnsQueryConfigDword
DnsQueryExA
DnsQueryExUTF8
DnsQueryExW
DnsQuery_A
DnsQuery_UTF8
DnsQuery_W
DnsRecordBuild_UTF8
DnsRecordBuild_W
DnsRecordCompare
DnsRecordCopyEx
DnsRecordListFree
DnsRecordSetCompare
DnsRecordSetCopyEx

nddeapi

NDdeGetErrorStringA

pstorec

PStoreCreateInstance

regapi

RegBuildNumberQuery
RegCdCreateA
RegCdCreateW
RegCdDeleteA
RegCdDeleteW
RegCdEnumerateA
RegCdEnumerateW
RegCdQueryA
RegCdQueryW
RegCloseServer
RegConsoleShadowQueryA
RegConsoleShadowQueryW
RegDefaultUserConfigQueryA
RegDefaultUserConfigQueryW

atl

AtlAxAttachControl
AtlComPtrAssign

mprapi

MprAdminInterfaceCreate

netapi32

DsGetDcCloseW
DsGetDcNameA
DsGetDcNameW
DsGetDcNameWithAccountA
DsGetDcNameWithAccountW
DsGetDcNextA
DsGetDcNextW
DsGetDcOpenA
DsGetDcOpenW
DsGetDcSiteCoverageA
DsGetDcSiteCoverageW
DsGetForestTrustInformationW
DsGetSiteNameA
DsGetSiteNameW

quartz

AmpFactorToDB

Sections

code
Size: 3KB - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RSRC
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.date
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

370e71de71a7cb5591776d7096befda3

Headers

File Characteristics

Imports

pdh

authz

avicap32

msvcrt

rasman

kernel32

dnsapi

nddeapi

pstorec

regapi

atl

mprapi

netapi32

quartz

Sections

code Size: 3KB - Virtual size: 16KB

.data Size: 19KB - Virtual size: 79KB

.RSRC Size: 34KB - Virtual size: 36KB

.reloc Size: 512B - Virtual size: 1KB

.date Size: 512B - Virtual size: 416B

code
Size: 3KB - Virtual size: 16KB

.data
Size: 19KB - Virtual size: 79KB

.RSRC
Size: 34KB - Virtual size: 36KB

.reloc
Size: 512B - Virtual size: 1KB

.date
Size: 512B - Virtual size: 416B