9faf6b23a984634dcbbbd289e5d504ba75f66b5d2595338b9e224490db00cdf6

Sharing

Copy URL Twitter E-mail

General

Target

9faf6b23a984634dcbbbd289e5d504ba75f66b5d2595338b9e224490db00cdf6
Size

846KB
MD5

dde4b5d01d82f7675631c876b1b28c26
SHA1

27e4cae48af4176e6a6434541272ced3a80a14d0
SHA256

9faf6b23a984634dcbbbd289e5d504ba75f66b5d2595338b9e224490db00cdf6
SHA512

21b60d694b7feb921041072933b7748fd0b2ea35e825ff48d976a74ab47b6e5468cf0cbee8afe3b6659c9442b43f28985b9f93c33d82db84043258a6b17ed278
SSDEEP

24576:y/C54GbtWYSv9Yc4NENNWwTNEGmd8o3qKIG6z9LtW:y/CuTYSv14NGJTNEGeet

Score

N/A

Malware Config

Signatures

Files

9faf6b23a984634dcbbbd289e5d504ba75f66b5d2595338b9e224490db00cdf6
.exe windows x86

a830e99a07aaa9b549fea759c292f790

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

shutdown
ntohl
htonl
bind
sendto
GetServiceA
WSAIsBlocking
WSACancelBlockingCall
gethostname
select
WSAAsyncGetProtoByNumber
TransmitFile
WSAAsyncGetHostByName
SetServiceW
WSApSetPostRoutine
closesocket
htons
WSACleanup
s_perror
SetServiceA
GetNameByTypeA
getsockopt

ntdll

RtlSetOwnerSecurityDescriptor
ZwQueryOpenSubKeys
NtSetTimerResolution
RtlUpcaseUnicodeStringToAnsiString
ZwQueryInformationJobObject
NtSetSystemPowerState
RtlAddAccessDeniedAce
ZwSetInformationThread
RtlProtectHeap
NtWaitForDebugEvent
RtlFillMemory
_alldiv
NtPlugPlayControl
NtOpenThreadTokenEx
NtDuplicateToken
NtAllocateLocallyUniqueId
ZwSetSystemTime
LdrInitShimEngineDynamic
ZwWaitForMultipleObjects
_memccpy
RtlGetCompressionWorkSpaceSize
RtlCreateEnvironment

wininet

HttpEndRequestW
DeleteUrlCacheContainerA
IsHostInProxyBypassList
GopherGetLocatorTypeA
InternetQueryOptionA
InternetAlgIdToStringW
InternetGoOnlineW
GetUrlCacheConfigInfoW
FtpCommandA
InternetSecurityProtocolToStringW
InternetGoOnlineA
InternetGetPerSiteCookieDecisionA
InternetGetCookieExW
PrivacySetZonePreferenceW
FindNextUrlCacheEntryA
InternetGetConnectedState
GopherCreateLocatorA
InternetQueryDataAvailable

ifsutil

??1SECRUN@@UAE@XZ
?Remove@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?WriteToFile@IFS_SYSTEM@@SGEPBVWSTRING@@PAXKE@Z
?Initialize@TLINK@@QAEEG@Z
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
?Write@SECRUN@@UAEEXZ
?Initialize@SPARSE_SET@@QAEEXZ
?Read@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?QueryCompressedInteger@BIG_INT@@QBEXPAE0@Z
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z
?IsArcSystemPartition@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?Recover@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?DoesIntersectSet@NUMBER_SET@@QBEEVBIG_INT@@0@Z
??1MOUNT_POINT_MAP@@UAE@XZ
?Sort@TLINK@@QAEXXZ
?QueryMemberCount@TLINK@@QBEGXZ
?GetData@TLINK@@QAEAAVBIG_INT@@G@Z

kernel32

EnumerateLocalComputerNamesA
GlobalFindAtomW
BuildCommDCBA
QueryPerformanceCounter
CompareFileTime
FindNextVolumeMountPointA
SetConsoleMaximumWindowSize
VirtualAlloc
InvalidateConsoleDIBits
GetVolumeNameForVolumeMountPointW
FindNextFileA
ShowConsoleCursor
GetLongPathNameW
GetTempPathW
FlushViewOfFile
LocalSize
IsDBCSLeadByteEx
LocalReAlloc
CompareStringW
GetLocaleInfoW
RegisterConsoleOS2
LoadLibraryA
OpenWaitableTimerW

Sections

.text
Size: 738KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a830e99a07aaa9b549fea759c292f790

Headers

DLL Characteristics

File Characteristics

Imports

wsock32

ntdll

wininet

ifsutil

kernel32

Sections

.text Size: 738KB - Virtual size: 738KB

.rdata Size: 99KB - Virtual size: 99KB

.data Size: 5KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 984B

.text
Size: 738KB - Virtual size: 738KB

.rdata
Size: 99KB - Virtual size: 99KB

.data
Size: 5KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 984B