99d19f9e36b8fc43f95bb107da55f72dc70728dc202b20e060f1c13475bc9432

Sharing

Copy URL Twitter E-mail

General

Target

99d19f9e36b8fc43f95bb107da55f72dc70728dc202b20e060f1c13475bc9432
Size

238KB
MD5

21041dc7ae1ecfb3a31f5ef821571dc0
SHA1

c6a673078081011b17429ae18685689751b62843
SHA256

99d19f9e36b8fc43f95bb107da55f72dc70728dc202b20e060f1c13475bc9432
SHA512

922685cec5f1bb980ac4b1492a9972054d341f0632eeedaec54fc1dbbcfbadd8720c4dc28c7847f51c392f33baefef8576328ab20854ae154ea09648648171e1
SSDEEP

3072:pdUtINgZ+9SRTwPqjMBK68XVfg43378NU269qlKEadQ21C3mxh6MOSAke8wYfM3:pdUtS9SRTNf5d78NUJqza22LxkZDYfy

Score

N/A

Malware Config

Signatures

Files

99d19f9e36b8fc43f95bb107da55f72dc70728dc202b20e060f1c13475bc9432
.exe windows x86

e4a55984b05457fb453fe0a7750b05b4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rtm

RtmCloseEnumerationHandle
RtmGetEnumNextHops
RtmReadAddressFamilyConfig
MgmGetMfe
RtmGetExactMatchRoute
RtmLookupIPDestination
RtmBlockDeleteRoutes
RtmGetRoutePointer
RtmCreateRouteEnum
RtmCreateRouteListEnum
RtmGetOpaqueInformationPointer
RtmDeleteRouteList
RtmIsMarkedForChangeNotification
RtmGetFirstRoute
RtmGetEnumRoutes
RtmGetChangedDests
MgmGetNextMfe
MgmReleaseInterfaceOwnership
DestroyTable
RtmReleaseEntityInfo
RtmGetMostSpecificDestination
RtmReleaseNextHops
RtmGetRouteInfo
RtmDeleteRouteTable
RtmIsBestRoute
MgmDeleteGroupMembershipEntry
RtmDeleteEnumHandle
MgmGetNextMfeStats

kernel32

SetTimeZoneInformation
UpdateResourceW
CreateSocketHandle
SetConsoleOS2OemFormat
LoadLibraryW
SetLastError
OpenFileMappingW
GetTimeZoneInformation
CreatePipe
CloseProfileUserMapping
HeapWalk
CreateRemoteThread
GetTickCount
GetConsoleCharType

cmutil

?IsEnabled@CmLogFile@@QAEHXZ
?Stop@CmLogFile@@QAEJXZ
?GetRegPath@CIniA@@QBEPBDXZ
?Generate@CRandom@@QAEHXZ
??1CIniA@@QAE@XZ
??4CIniA@@QAEAAV0@ABV0@@Z
?GetPrimaryFile@CIniW@@QBEPBGXZ
WzToSzWithAlloc
CmLoadSmallIconW
CmBuildFullPathFromRelativeA
?SetRegPath@CIniW@@QAEXPBG@Z
?SetPrimaryRegPath@CIniW@@QAEXPBG@Z
GetOSVersion
?SetPrimaryFile@CIniA@@QAEXPBD@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
CmStrrchrW
?SetEntry@CIniW@@QAEXPBG@Z
?Write@CmLogFile@@AAEJPAG@Z
??1CIniW@@QAE@XZ
MakeBold
?GetRegPath@CIniW@@QBEPBGXZ
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
?LoadSection@CIniA@@QBEPADPBD@Z
CmLoadSmallIconA
?SetSection@CIniW@@QAEXPBG@Z

hhsetup

?Save@CCollection@@QAEKXZ
?GetLangId@CCollection@@QAEGPBG@Z
?ParseFile@CCollection@@AAEKPBD@Z
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
??0CFIFOString@@QAE@XZ
?GetVisableRootFolder@CCollection@@QAEPAVCFolder@@XZ
?FirstLocation@CCollection@@QAEPAVCLocation@@XZ
?SetId@CTitle@@QAEXPBD@Z
?CheckTitleRef@CCollection@@AAEKPBDG@Z
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?GetVolume@CLocation@@QAEPADXZ
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?SetLanguage@CTitle@@QAEXG@Z
??0CFolder@@QAE@XZ
?GetFindMergedCHMS@CCollection@@QAEHXZ
??1CCollection@@QAE@XZ
?Release@CCollection@@AAEKXZ
?Open@CCollection@@QAEKPBG@Z
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?SetTitle@CFolder@@QAEXPBD@Z
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?GetLangId@CCollection@@QAEGPBD@Z
?IncrementRefTitleCount@CCollection@@QAEXXZ
?AddChildFolder@CFolder@@QAEKPAV1@@Z
?GetLanguage@CTitle@@QAEGXZ
??1CFIFOString@@QAE@XZ
?SetParent@CFolder@@QAEXPAV1@@Z
?GetId@CLocation@@QBEPADXZ
??4CFolder@@QAEAAV0@ABV0@@Z
?SetFirstChildFolder@CFolder@@QAEXPAV1@@Z

msdtcprx

ShutDownCM
DTC_XaRollback
DTC_XaPrepare
?RemoveDtc@@YGJPAG00@Z
?GetDtcLogPath@@YGHKPAG@Z
DTC_XaClose
?Create@CNameService@@SGJPAPAV1@@Z
ContactToNameObject
?CreateInstance@CTmProxyCore@@SGJPAPAV1@PAUIUnknown@@@Z
DllGetDTCConnectionManager
DllGetDTCUtilObject
DllGetClassObject
DTC_XaOpen
DTC_XaComplete
?InstallDtcClient@@YGJPAGKK@Z
DTC_XaCommit
DTC_XaEnd
DllRegisterServer
DllGetTransactionManagerCore
DTC_XaForget
DTC_XaStart
DTC_XaRecover
DllUnregisterServer
DllGetDTCProxy

t2embed

_TTEmbedFontFromFileA@52
TTIsEmbeddingEnabled
_TTLoadEmbeddedFont@40
TTDeleteEmbeddedFont
_TTRunValidationTests@8
TTGetEmbeddedFontInfo
_TTGetEmbeddingType@8
_TTIsEmbeddingEnabled@8
TTEmbedFont
TTEnableEmbeddingForFacename
TTRunValidationTestsEx
_TTEnableEmbeddingForFacename@8
_TTDeleteEmbeddedFont@12
TTEmbedFontEx
_TTCharToUnicode@24
TTGetEmbeddingType
_TTIsEmbeddingEnabledForFacename@8
_TTGetEmbeddedFontInfo@28
TTRunValidationTests
TTLoadEmbeddedFont
TTCharToUnicode
TTEmbedFontFromFileA
_TTEmbedFont@44
TTIsEmbeddingEnabledForFacename

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4a55984b05457fb453fe0a7750b05b4

Headers

File Characteristics

Imports

rtm

kernel32

cmutil

hhsetup

msdtcprx

t2embed

Sections

.text Size: 41KB - Virtual size: 40KB

.rdata Size: 133KB - Virtual size: 133KB

.data Size: 59KB - Virtual size: 58KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 41KB - Virtual size: 40KB

.rdata
Size: 133KB - Virtual size: 133KB

.data
Size: 59KB - Virtual size: 58KB

.rsrc
Size: 3KB - Virtual size: 2KB