a64e558f7c958591ee4698f387e96ea046251f14e4ecfe4ca68c43fc69bcaeab

Sharing

Copy URL

Twitter E-mail

General

Target

a64e558f7c958591ee4698f387e96ea046251f14e4ecfe4ca68c43fc69bcaeab
Size

138KB
MD5

760dea86621fb3924e75d5e58a726b90
SHA1

84c643e20355515564266a6c4cc7962e51248f81
SHA256

a64e558f7c958591ee4698f387e96ea046251f14e4ecfe4ca68c43fc69bcaeab
SHA512

907bc572aaa0e131624a7189830a7ea5db872180f417ffcfc41cb85174224ffa2133f506e79b39c5f2b98389a881a78e76be2a430fca4665c1955d94b7a2fd87
SSDEEP

3072:cFk7s6unsgrI9qYGwBWZDLclBk/reDa0QcOb+Cb4sU+A+Pv:cG46uHc96DPrR0ub+sXU+

Score

N/A

Malware Config

Signatures

Files

a64e558f7c958591ee4698f387e96ea046251f14e4ecfe4ca68c43fc69bcaeab
.exe windows x86

0d5c3740695baf49a00c88c1b4e1df51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

untfs

??0NTFS_EXTENT_LIST@@QAE@XZ
??1NTFS_BITMAP_FILE@@UAE@XZ
??0NTFS_SA@@QAE@XZ
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
?IsDosName@NTFS_SA@@SGEPBU_FILE_NAME@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MASTER_FILE_TABLE@@@Z
?ReadList@NTFS_ATTRIBUTE_LIST@@QAEEXZ
??0NTFS_LOG_FILE@@QAE@XZ
?QueryEntry@NTFS_INDEX_TREE@@QAEEKPAXKPAPAU_INDEX_ENTRY@@PAPAVNTFS_INDEX_BUFFER@@PAE@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ
??0NTFS_INDEX_TREE@@QAE@XZ
?SafeQueryAttribute@NTFS_FRS_STRUCTURE@@QAEEKPAVNTFS_ATTRIBUTE@@0@Z
??0NTFS_MFT_INFO@@QAE@XZ
??1NTFS_LOG_FILE@@UAE@XZ
?ReadSet@NTFS_FRS_STRUCTURE@@QAEEPAVTLINK@@@Z
?Read@NTFS_SA@@QAEEPAVMESSAGE@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
?CopyIterator@NTFS_INDEX_TREE@@QAEEPAV1@@Z
??1NTFS_BOOT_FILE@@UAE@XZ
??1NTFS_ATTRIBUTE_RECORD@@UAE@XZ
??0NTFS_FILE_RECORD_SEGMENT@@QAE@XZ
?Create@NTFS_FILE_RECORD_SEGMENT@@QAEEPBU_STANDARD_INFORMATION@@G@Z
?InsertIntoFile@NTFS_ATTRIBUTE@@UAEEPAVNTFS_FILE_RECORD_SEGMENT@@PAVNTFS_BITMAP@@@Z
?Write@NTFS_FILE_RECORD_SEGMENT@@UAEEXZ
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
Recover
?QueryExtent@NTFS_EXTENT_LIST@@QBEEKPAVBIG_INT@@00@Z
??1NTFS_REFLECTED_MASTER_FILE_TABLE@@UAE@XZ
?Initialize@NTFS_BOOT_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_REFLECTED_MASTER_FILE_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Read@NTFS_ATTRIBUTE@@QAEEPAXVBIG_INT@@KPAK@Z
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
FormatEx
??1NTFS_CLUSTER_RUN@@UAE@XZ
?AllocateFileRecordSegment@NTFS_MASTER_FILE_TABLE@@QAEEPAVBIG_INT@@E@Z
?GetNextAttributeRecord@NTFS_FRS_STRUCTURE@@QAEPAXPBXPAVMESSAGE@@PAE@Z
?Flush@NTFS_MFT_FILE@@QAEEXZ
?CompareFileName@NTFS_MFT_INFO@@SGEPAXKPAU_FILE_NAME@@PAG@Z
?QueryLcnFromVcn@NTFS_EXTENT_LIST@@QBEEVBIG_INT@@PAV2@1@Z
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z

kernel32

ExpungeConsoleCommandHistoryW
DosPathToSessionPathA
SetThreadPriority
VerifyVersionInfoA
GetLogicalDriveStringsW
RtlUnwind
GetDateFormatA
GlobalFindAtomW
GetFileAttributesExW
UnregisterWait
CallNamedPipeA
GetWindowsDirectoryA
BackupWrite
SetConsoleTitleW
GlobalGetAtomNameA
SetLocalPrimaryComputerNameA
ContinueDebugEvent
GetConsoleKeyboardLayoutNameW
GetOverlappedResult
LoadLibraryA
EnumSystemLocalesA
LocalAlloc
WTSGetActiveConsoleSessionId
Heap32Next
CreateDirectoryExW
HeapSize
GetStartupInfoW
ReplaceFileW
HeapFree
InterlockedPopEntrySList
SetSystemTime
GetProcessHeap
UpdateResourceW
GlobalAlloc
Module32Next
EnumSystemLanguageGroupsW
GlobalAddAtomW
CreateSemaphoreA
GetComPlusPackageInstallStatus
QueryDepthSList
QueueUserWorkItem
GetDiskFreeSpaceExW
SetConsoleWindowInfo
AddRefActCtx
LZCopy
CreateWaitableTimerA
EnumerateLocalComputerNamesA
DebugActiveProcessStop
GetLastError
GetNumaAvailableMemoryNode
UnregisterConsoleIME
BaseCleanupAppcompatCacheSupport
VirtualAlloc
_lcreat
GetHandleInformation
IsBadHugeWritePtr
DeleteFileA
SwitchToThread
GetTickCount
FindFirstChangeNotificationW
FileTimeToLocalFileTime
FindFirstVolumeMountPointW
ReadConsoleW
SetComputerNameA
lstrcmpiA

clusapi

GetClusterNetworkId
ClusterRegCloseKey
ClusterResourceTypeOpenEnum
ClusterResourceEnum
GetClusterNetworkKey
GetClusterResourceTypeKey
GetClusterNodeId
ClusterNetworkGetEnumCount
FailClusterResource
ClusterGroupOpenEnum
BackupClusterDatabase
ClusterResourceControl
ClusterRegSetValue
ClusterNodeEnum
CreateClusterGroup
ClusterResourceGetEnumCount
GetClusterResourceNetworkName
GetClusterFromGroup
RegisterClusterNotify
GetClusterNetInterfaceKey
SetClusterNetworkName
OpenClusterResource
GetClusterFromResource
DeleteClusterResource
RemoveClusterResourceDependency

cmpbk32

PhoneBookUnload
PhoneBookGetPhoneType
PhoneBookMatchFilter
PhoneBookGetRegionNameA
PhoneBookCopyFilter
PhoneBookEnumNumbers
PhoneBookGetPhoneDescA
PhoneBookEnumNumbersWithRegionsZero
PhoneBookGetPhoneDispA
PhoneBookGetPhoneNonCanonicalA
PhoneBookParseInfoA
PhoneBookEnumRegions
PhoneBookHasPhoneType
PhoneBookGetCountryNameW
PhoneBookMergeChanges
PhoneBookEnumCountries
PhoneBookGetCurrentCountryId
PhoneBookGetCountryId
PhoneBookGetCountryNameA
PhoneBookLoad
PhoneBookFreeFilter
PhoneBookGetPhoneDUNA
PhoneBookGetPhoneCanonicalA

odbctrac

TraceSQLGetEnvAttr
TraceSQLBindParameter
TraceSQLSetConnectOption
TraceSQLSetStmtAttr
TraceSQLGetData
TraceSQLSpecialColumnsW
TraceSQLGetConnectAttr
TraceSQLEndTran
TraceSQLNumResultCols
TraceSQLParamData
TraceSQLSetStmtAttrW
TraceSQLColumns
TraceSQLFetchScroll
TraceSQLColumnsW
TraceSQLSetScrollOptions
TraceSQLGetStmtOption
TraceSQLGetDescField
TraceSQLDisconnect
TraceSQLSetDescRec
TraceSQLConnect
TraceSQLGetCursorName
TraceSQLSetDescField
TraceSQLGetDescRec
TraceSQLGetDiagFieldW
TraceSQLDescribeCol
TraceSQLNumParams
TraceReturn
TraceSQLStatisticsW
TraceSQLGetStmtAttrW
TraceSQLGetDescRecW
TraceSQLBindCol
TraceSQLGetDiagRecW
TraceSQLSetEnvAttr
TraceSQLDataSourcesW
TraceSQLExtendedFetch
TraceSQLColAttributesW
TraceSQLDescribeParam
TraceSQLDriverConnect
TraceSQLBulkOperations
TraceSQLDriverConnectW
TraceSQLProcedures
TraceSQLGetFunctions
TraceSQLSpecialColumns

ws2_32

getnameinfo
__WSAFDIsSet
WSAIoctl
getsockopt
WSAResetEvent
WSAEnumProtocolsA
getservbyname
sendto
WSAJoinLeaf
WSAAddressToStringA
getsockname
closesocket
WSARecvFrom
WSACancelAsyncRequest
WSAAddressToStringW
WSARecv
WSAEnumNameSpaceProvidersA
WSAGetServiceClassNameByClassIdW
WSApSetPostRoutine
WSALookupServiceNextA
WSACleanup
freeaddrinfo
WSACreateEvent
WSALookupServiceBeginW
WSAAccept
WSAGetServiceClassInfoW
WSADuplicateSocketA
WSAAsyncGetHostByAddr
WSAAsyncGetProtoByNumber
WSACancelBlockingCall
shutdown
WSANSPIoctl
WSAProviderConfigChange
WSALookupServiceBeginA
gethostbyname
WSARecvDisconnect
WSASendTo
recv

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d5c3740695baf49a00c88c1b4e1df51

Headers

DLL Characteristics

File Characteristics

Imports

untfs

kernel32

clusapi

cmpbk32

odbctrac

ws2_32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 103KB - Virtual size: 261KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 204B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 103KB - Virtual size: 261KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 204B