90f4df74626521331875938a6dd7d5fc8dbbcaf0ee7535f3ca04e939eef95564

Sharing

Copy URL Twitter E-mail

General

Target

90f4df74626521331875938a6dd7d5fc8dbbcaf0ee7535f3ca04e939eef95564
Size

846KB
MD5

89a7321f7e79659084a5cb130addc4f7
SHA1

c0b8756bd038667cd46311e377aaf15853625831
SHA256

90f4df74626521331875938a6dd7d5fc8dbbcaf0ee7535f3ca04e939eef95564
SHA512

d64da1b169dc50881c7f34878104c16d2db773e1d96adc74102ad26386f33c4c9666d4ba14ecae079377be964c477d3fea45e97d0318af3551e9cddb16fac077
SSDEEP

12288:+Mcm/nH58Ei26+3rAyAHxbsCIfZjN97zu7qDj4z/5Ta6SSDIB+nSld8CN:+UZ8RViIHOBjNVu7qP4zB2MIGSld8

Score

N/A

Malware Config

Signatures

Files

90f4df74626521331875938a6dd7d5fc8dbbcaf0ee7535f3ca04e939eef95564
.exe windows x86

9477ebdc5caf644bc19b0baef91185af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprAdminInterfaceQueryUpdateResult
MprConfigTransportGetInfo
MprConfigInterfaceTransportEnum
MprAdminRegisterConnectionNotification
MprAdminUserReadProfFlags
MprAdminInterfaceGetHandle
MprAdminTransportGetInfo
MprAdminInterfaceEnum
MprConfigServerDisconnect
MprInfoBlockQuerySize
MprConfigInterfaceTransportGetHandle
MprAdminConnectionGetInfo
MprAdminTransportCreate
CompressPhoneNumber
MprAdminUserGetInfo
MprGetUsrParams
MprInfoRemoveAll
MprAdminGetErrorString
MprAdminMIBEntryGet
MprAdminUserClose
MprInfoDelete
MprAdminUserRead
MprAdminBufferFree

kernel32

GetSystemDirectoryW
GetSystemWindowsDirectoryA
GetShortPathNameW
InitializeCriticalSection
ReleaseMutex
WriteConsoleA
LZCopy
GetUserDefaultUILanguage
GetCommState
HeapCreate
CreateFileMappingA
CommConfigDialogA
GetModuleHandleW
VirtualAlloc
GetNumaNodeProcessorMask
CreateRemoteThread
GetTapeParameters
LoadLibraryA
GetComPlusPackageInstallStatus
GetFileAttributesExA
EscapeCommFunction
BaseFlushAppcompatCache
GlobalSize
VirtualUnlock
lstrcpyn
GetConsoleScreenBufferInfo
SetVolumeLabelA
DeleteTimerQueue
GetThreadLocale

mfcsubs

??BCSyncObject@@QBEPAXXZ
?SetAtGrow@CStringArray@@QAEXHPBG@Z
??_7CCriticalSection@@6B@
??8@YG_NABVCString@@0@Z
?Copy@CStringArray@@QAEXABV1@@Z
?SpanIncluding@CString@@QBE?AV1@PBG@Z
?GetAt@CString@@QBEGH@Z
?Empty@CString@@QAEXXZ
??ACStringArray@@QBE?AVCString@@H@Z
??H@YG?AVCString@@ABV0@PBG@Z
?InsertAt@CStringArray@@QAEXHPBGH@Z
??_7CMapStringToPtr@@6B@
?Collate@CString@@QBEHPBG@Z
??YCString@@QAEABV0@G@Z
?AllocBeforeWrite@CString@@IAEXH@Z
??YCString@@QAEABV0@ABV0@@Z
??BCCriticalSection@@QAEPAU_RTL_CRITICAL_SECTION@@XZ

certcli

CAGetCACertificate
CAOIDFreeProperty
CAFreeCertTypeExtensions
CAOIDGetProperty
CAUpdateCertType
CAOIDSetProperty
CACertTypeSetSecurity
CAEnumCertTypes
CACountCAs
CASetCACertificate
CASetCertTypeExtension
CASetCertTypeFlagsEx
CACertTypeAccessCheck
CACloseCA
CAGetCertTypePropertyEx
CAGetCertTypeFlags
CAFindByName

diskcopy

DiskCopyRunDll
DiskCopyRunDllW

Sections

.text
Size: 755KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9477ebdc5caf644bc19b0baef91185af

Headers

DLL Characteristics

File Characteristics

Imports

mprapi

kernel32

mfcsubs

certcli

diskcopy

Sections

.text Size: 755KB - Virtual size: 754KB

.rdata Size: 83KB - Virtual size: 82KB

.data Size: 4KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1008B

.text
Size: 755KB - Virtual size: 754KB

.rdata
Size: 83KB - Virtual size: 82KB

.data
Size: 4KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1008B