a35589abe0193f52cad3b888d3d297e5349f6f991ee12640c2263e4961ef40b2

Sharing

Copy URL Twitter E-mail

General

Target

a35589abe0193f52cad3b888d3d297e5349f6f991ee12640c2263e4961ef40b2
Size

196KB
MD5

b711d95691e3c844637b654b81bd4224
SHA1

5ef6292531118027ce28d629f7c4106c77aedc72
SHA256

a35589abe0193f52cad3b888d3d297e5349f6f991ee12640c2263e4961ef40b2
SHA512

b51c14522ef4669dcb159187e6557b94737e7338080735e98668b33223a91ad7ee4e4156f017f7bfafc9be942db50333c438ae232d109a630a24c68bc17793c4
SSDEEP

6144:zISRy9jDVEUu2cSZ6cXLiGQAuemrxYokP8mvr4FF:t89j+UulSZ6wuecx0jr4FF

Score

N/A

Malware Config

Signatures

Files

a35589abe0193f52cad3b888d3d297e5349f6f991ee12640c2263e4961ef40b2
.exe windows x86

e3ab923cebdd44a0676c2832c9fcd98d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dssenh

CPSignHash
DllRegisterServer
CPImportKey
CPSetKeyParam
CPDestroyKey
CPGenRandom
CPDuplicateHash
CPReleaseContext
CPEncrypt
CPHashData
CPHashSessionKey
CPDestroyHash
CPDeriveKey
DllUnregisterServer
CPDecrypt
CPGetKeyParam
CPCreateHash
CPExportKey
CPDuplicateKey

dbghelp

SymGetLineFromName
SymFunctionTableAccess
SymGetSymFromName
StackWalk
FindExecutableImage
SymEnumerateModules
SymGetSymNext64
SymFindFileInPath
ImageRvaToVa
MiniDumpWriteDump
SymEnumSym
GetTimestampForLoadedLibrary
SymEnumerateSymbolsW

activeds

AdsFreeAdsValues
PropVariantToAdsType2
FreeADsMem
ADsGetLastError
SecurityDescriptorToBinarySD
ADsEncodeBinaryData
ADsEnumerateNext
ADsGetObject
AdsTypeToPropVariant
ReallocADsStr
PropVariantToAdsType
BinarySDToSecurityDescriptor
DllCanUnloadNow
ConvertSecDescriptorToVariant
ADsOpenObject
ReallocADsMem
ADsFreeEnumerator
ADsBuildVarArrayStr
ADsBuildVarArrayInt
AllocADsStr
DllGetClassObject
ADsBuildEnumerator
ADsSetLastError
AdsTypeToPropVariant2
FreeADsStr
AllocADsMem
ConvertSecurityDescriptorToSecDes
ADsDecodeBinaryData

mfcsubs

?GetBufferSetLength@CString@@QAEPAGH@Z
?UnlockBuffer@CString@@QAEXXZ
??1CMapStringToPtr@@UAE@XZ
??0CString@@QAE@PBD@Z
?MakeUpper@CString@@QAEXXZ
??O@YG_NPBGABVCString@@@Z
??_7CMapStringToPtr@@6B@
?Right@CString@@QBE?AV1@H@Z
?FormatV@CString@@IAEXPBGPAD@Z
??4CString@@QAEABV0@G@Z
?Empty@CString@@QAEXXZ
??H@YG?AVCString@@DABV0@@Z
??4CPlex@@QAEAAU0@ABU0@@Z
?RemoveKey@CMapStringToPtr@@QAEHPBG@Z
?RemoveAt@CStringArray@@QAEXHH@Z
??0CMapStringToPtr@@QAE@H@Z
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
?Mid@CString@@QBE?AV1@H@Z
?MakeReverse@CString@@QAEXXZ
??_7CObject@@6B@
??0CCriticalSection@@QAE@XZ
?Format@CString@@QAAXPBGZZ
?AssignCopy@CString@@IAEXHPBG@Z
?AllocBeforeWrite@CString@@IAEXH@Z
?TrimLeft@CString@@QAEXXZ
?GetAt@CStringArray@@QBE?AVCString@@H@Z
?Lock@CCriticalSection@@UAEHK@Z

kernel32

OpenFileMappingA
GetLogicalDrives
GetConsoleOutputCP
SetProcessAffinityMask
GetOEMCP
RemoveDirectoryA
LZCloseFile
lstrcpyA
GetExpandedNameA
DefineDosDeviceA
GetModuleHandleA
LoadLibraryW

d3d8thk

OsThunkDdGetDxHandle
OsThunkDdAlphaBlt
OsThunkDdGetInternalMoCompInfo
OsThunkDdResetVisrgn
OsThunkD3dValidateTextureStageState
OsThunkDdCreateD3DBuffer
OsThunkDdBeginMoCompFrame
OsThunkDdGetMoCompGuids
OsThunkD3dContextDestroy
OsThunkDdGetBltStatus
OsThunkDdReenableDirectDrawObject
OsThunkD3dContextDestroyAll
OsThunkDdUpdateOverlay
OsThunkDdGetDC
OsThunkDdDeleteDirectDrawObject
OsThunkDdDestroySurface
OsThunkDdColorControl
OsThunkD3dDrawPrimitives2
OsThunkDdUnattachSurface
OsThunkDdCanCreateSurface
OsThunkDdGetDriverInfo
OsThunkDdGetFlipStatus
OsThunkDdQueryMoCompStatus
OsThunkDdRenderMoComp
OsThunkDdFlipToGDISurface
OsThunkDdReleaseDC
OsThunkDdLockD3D
OsThunkDdGetAvailDriverMemory

mmcbase

?Throw@SC@mmcerror@@QAEXJ@Z
??4CMMCStrongReferences@@QAEAAV0@ABV0@@Z
?FatalError@SC@mmcerror@@QBEXXZ
?InternalRelease@CMMCStrongReferences@@AAEKXZ
?SetMainThreadID@SC@mmcerror@@SGXK@Z
?Throw@SC@mmcerror@@QAEXXZ
?InternalAddRef@CMMCStrongReferences@@AAEKXZ
?FromMMC@SC@mmcerror@@QAEAAV12@J@Z
?Release@CMMCStrongReferences@@SGKXZ
??7SC@mmcerror@@QBEHXZ
?GetFacility@SC@mmcerror@@ABE?AW4facility_type@12@XZ
?TraceAndClear@SC@mmcerror@@QAEXXZ
?HrFromSc@@YGJABVSC@mmcerror@@@Z
?GetHWnd@SC@mmcerror@@SGPAUHWND__@@XZ
?GetHelpFile@SC@mmcerror@@SGPBGXZ
?FromLastError@SC@mmcerror@@QAEAAV12@XZ
?MMCErrorBox@@YGHPBGVSC@mmcerror@@I@Z
??4SC@mmcerror@@QAEAAV01@ABV01@@Z
?SetHWnd@SC@mmcerror@@SGXPAUHWND__@@@Z
?GetStringModule@@YGPAUHINSTANCE__@@XZ
??_FSC@mmcerror@@QAEXXZ
?ScFromMMC@@YG?AVSC@mmcerror@@J@Z

d3dim

D3DRealloc
Direct3DCreateTexture
D3DFree
SurfaceFlipNotify
PaletteAssociateNotify
Direct3DCreateDevice
Direct3DCreate
PaletteUpdateNotify
FlushD3DDevices2
D3DMalloc
Direct3DGetSWRastZPixFmts
FlushD3DDevices

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3ab923cebdd44a0676c2832c9fcd98d

Headers

File Characteristics

Imports

dssenh

dbghelp

activeds

mfcsubs

kernel32

d3d8thk

mmcbase

d3dim

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 5KB - Virtual size: 40KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 5KB - Virtual size: 40KB

.rsrc
Size: 4KB - Virtual size: 4KB