1bede29b87dff088b8f597078f07e32ab85d7ed036c78fcf1f5361c07f1e0d98

Sharing

Copy URL Twitter E-mail

General

Target

1bede29b87dff088b8f597078f07e32ab85d7ed036c78fcf1f5361c07f1e0d98
Size

278KB
MD5

04250979470389411b1eec733fde9164
SHA1

c69d81dcbeaf4acb8554cab806e7a244371ddc51
SHA256

1bede29b87dff088b8f597078f07e32ab85d7ed036c78fcf1f5361c07f1e0d98
SHA512

1096155bebddd057844d4d33711cdb4d89e2756a12c4c8f5291fe10e580d96aafc4616fa0e0b3bfc1a2c5d7d10f6dd3f059c3134971b277e967500329215c2e0
SSDEEP

6144:cl59S1b84UubtZfQ1r5OcPmefZi0G+HS:m7rYLQhPmefs05

Score

N/A

Malware Config

Signatures

Files

1bede29b87dff088b8f597078f07e32ab85d7ed036c78fcf1f5361c07f1e0d98
.exe windows x86

d1b242702f12f3f9ee83ecd9f46e2164

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupAddToSourceListW
SetupQueueCopyIndirectW
SetupDiGetINFClassW
SetupDestroyDiskSpaceList
SetupGetIntField
SetupDiCreateDevRegKeyW
SetupDiClassGuidsFromNameA
SetupQuerySpaceRequiredOnDriveW
SetupFindFirstLineA
SetupInstallFilesFromInfSectionW
SetupOpenAppendInfFileW
SetupDiBuildClassInfoListExW
SetupQueryDrivesInDiskSpaceListA
SetupAddSectionToDiskSpaceListA
SetupSetDirectoryIdExA
SetupLogFileW
SetupIterateCabinetA
SetupDiCancelDriverInfoSearch
SetupDiGetSelectedDriverA
SetupQueueDeleteSectionA
SetupDiCreateDeviceInfoList
SetupDuplicateDiskSpaceListA
SetupCopyErrorW
SetupGetBackupInformationA
SetupGetBinaryField
SetupDiCreateDeviceInfoW
SetupDiGetDeviceInfoListDetailA
SetupDiGetDeviceInstanceIdW
SetupQueueCopyA
SetupDiGetHwProfileFriendlyNameExA

wininet

InternetTimeToSystemTimeW
DeleteUrlCacheEntryW
InternetSetPerSiteCookieDecisionA
GetUrlCacheEntryInfoExW
SetUrlCacheEntryGroup
InternetOpenA
InternetQueryDataAvailable
RetrieveUrlCacheEntryFileA
InternetGoOnlineA
InternetTimeFromSystemTimeA
InternetGetConnectedStateEx
InternetCombineUrlA
CommitUrlCacheEntryW
InternetConnectA
GetUrlCacheEntryInfoExA
GopherCreateLocatorW
SetUrlCacheEntryGroupA
CreateUrlCacheEntryA
InternetGetCookieW
InternetAttemptConnect
InternetGetCookieExW
FtpDeleteFileA
InternetSetDialState
FtpDeleteFileW
ReadUrlCacheEntryStream
GopherFindFirstFileW
FindNextUrlCacheGroup
InternetConfirmZoneCrossingW
InternetOpenUrlW

kernel32

lstrlenA
VirtualFree
VirtualAlloc
CreateThread
OutputDebugStringA
TlsFree
GetModuleFileNameA
FreeConsole

mprapi

MprAdminMIBEntryDelete
MprAdminInterfaceDeviceGetInfo
MprConfigGetFriendlyName
MprConfigInterfaceCreate
MprAdminInterfaceTransportAdd
MprAdminPortEnum
MprAdminIsDomainRasServer
MprConfigServerGetInfo
MprConfigTransportSetInfo
MprAdminPortDisconnect
MprAdminInterfaceSetCredentialsEx
MprAdminInterfaceDeviceSetInfo
MprConfigInterfaceDelete
MprAdminInterfaceGetCredentialsEx
MprInfoDuplicate
MprConfigServerConnect
MprAdminTransportGetInfo
MprAdminInterfaceSetCredentials
MprAdminDeviceEnum
MprAdminMIBBufferFree
MprAdminInterfaceSetInfo
MprInfoDelete
MprInfoBlockSet
MprAdminTransportSetInfo

rtm

RtmUpdateAndUnlockRoute
RtmGetEnumNextHops
RtmReleaseRouteInfo
RtmDeregisterEntity
RtmDeleteEnumHandle
RtmRegisterEntity
RtmLockRoute
RtmGetEnumRoutes
RtmGetDestInfo
RtmGetLessSpecificDestination
RtmCreateDestEnum
RtmIsBestRoute
RtmGetEnumDests
RtmGetNextHopPointer
RtmRegisterForChangeNotification
RtmGetExactMatchRoute
RtmReleaseChangedDests
RtmGetEntityMethods
RtmDeleteNextHop
RtmReferenceHandles
RtmGetListEnumRoutes
RtmInvokeMethod
RtmReleaseNextHopInfo
RtmCreateRouteList
RtmCreateNextHopEnum
RtmReleaseRoutes
RtmReleaseDests
RtmGetRoutePointer
RtmLockDestination
RtmGetEntityInfo

pdh

PdhGetDllVersion
PdhGetRawCounterArrayA
PdhCollectQueryDataEx
PdhOpenQueryW
PdhMakeCounterPathW
PdhComputeCounterStatistics
PdhGetCounterInfoA
PdhCollectQueryData
PdhGetCounterInfoW
PdhGetFormattedCounterValue
PdhReadRawLogRecord
PdhGetDefaultPerfCounterW
PdhUpdateLogFileCatalog
PdhEnumObjectsA
PdhOpenQueryA
PdhAddCounterW
PdhLookupPerfNameByIndexW
PdhUpdateLogA
PdhSetCounterScaleFactor
PdhExpandWildCardPathW
PdhBrowseCountersW
PdhGetDataSourceTimeRangeA
PdhFormatFromRawValue
PdhParseCounterPathW
PdhLookupPerfIndexByNameW
PdhValidatePathW
PdhEnumObjectsW

Exports

Exports

DragUserExtentBe
InitiateUnicodeAttributePtr
TileOutlineDate

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SbRHNf
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1b242702f12f3f9ee83ecd9f46e2164

Headers

File Characteristics

Imports

setupapi

wininet

kernel32

mprapi

rtm

pdh

Exports

Exports

Sections

.text Size: 251KB - Virtual size: 250KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 7KB - Virtual size: 7KB

.SbRHNf Size: 12KB - Virtual size: 11KB

.CRT Size: 1024B - Virtual size: 1024B

.text
Size: 251KB - Virtual size: 250KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 7KB - Virtual size: 7KB

.SbRHNf
Size: 12KB - Virtual size: 11KB

.CRT
Size: 1024B - Virtual size: 1024B