9306afcee1aff2cf3316ed9eff6a2df6014ed0b18da748ae6582c773fc3f16e6

Sharing

Copy URL

Twitter E-mail

General

Target

9306afcee1aff2cf3316ed9eff6a2df6014ed0b18da748ae6582c773fc3f16e6
Size

800KB
MD5

219b52b444403d89ca3095a12dd0323f
SHA1

1b5244791930c0c5067682c9cc0788b9673eb96d
SHA256

9306afcee1aff2cf3316ed9eff6a2df6014ed0b18da748ae6582c773fc3f16e6
SHA512

3461aafa090be28aef3d1a0c6c4e68b9d1e9589943b6b88508ce66ae0c1ffb889a8a05a6c35019331ae7c586cce8a7d9ab9d1ceb873221c03493e478ee80d844
SSDEEP

24576:a2m2x07lFq+IOsaK20yeUAt91pdu3T/d3Dypy2:XFx0R4+IOsaK20/tW3T/dmpy2

Score

N/A

Malware Config

Signatures

Files

9306afcee1aff2cf3316ed9eff6a2df6014ed0b18da748ae6582c773fc3f16e6
.exe windows x86

4435b8fcef871d02adbbbc475761f534

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mlang

ConvertINetUnicodeToMultiByte
ConvertINetString
Rfc1766ToLcidW
LcidToRfc1766A
GetGlobalFontLinkObject
ConvertINetReset
ConvertINetMultiByteToUnicode
LcidToRfc1766W
IsConvertINetStringAvailable
Rfc1766ToLcidA

kernel32

SetLastError
GetCurrentDirectoryA
SetProcessPriorityBoost
GetCalendarInfoA
GetNamedPipeInfo
OutputDebugStringA
LoadLibraryA
GlobalLock
EnumResourceLanguagesW
GetEnvironmentStringsW
IsDebuggerPresent
SetComputerNameA
InitializeCriticalSection
FatalAppExitA
VirtualAlloc
FoldStringA
SignalObjectAndWait
GetConsoleCommandHistoryLengthW
LoadLibraryExA
lstrcmpW
CancelWaitableTimer
EnumTimeFormatsA
IsValidLocale
GetFileAttributesExA
AddLocalAlternateComputerNameA
WriteConsoleOutputCharacterW

rastapi

RastapiSetCalledID
PortInit
PortGetIOHandle
PortSetIoCompletionPort
PortTestSignalState
PortSetFraming
PortEnum
RastapiGetCalledID
EnableDeviceForDialIn
DeviceDone
PortSetInfo
PortSend
GetConnectInfo
DeviceGetInfo
PortGetStatistics
PortGetPortState
GetZeroDeviceInfo
DeviceGetDevConfig
UnloadRastapiDll
PortCompressionSetInfo
DeviceGetDevConfigEx
PortGetInfo
PortReceive

ntdll

NtReplaceKey
ZwDuplicateObject
ZwLockRegistryKey
RtlLargeIntegerShiftRight
NtCreateFile
NtSystemDebugControl
RtlInitializeContext
LdrUnlockLoaderLock
strspn
NtSetLdtEntries
ZwNotifyChangeKey
RtlInitializeCriticalSection
RtlIsTextUnicode
wcslen
NtCreateProcessEx
RtlInitializeSid
ZwFilterToken
RtlUlonglongByteSwap
RtlValidSid

rasapi32

RasDeleteEntryA
RasRenameEntryA
RasGetErrorStringW
RasSetEntryPropertiesW
RasGetCustomAuthDataA
RasSetSharedAutoDial
RasEnumEntriesW
RasScriptGetIpAddress
RasSetCredentialsW
RasSetEapUserDataW
RasScriptInit
RasScriptReceive
RasCreatePhonebookEntryA
RasGetEapUserIdentityA
RasSetAutodialAddressW
RasEnumConnectionsA
DDMGetPhonebookInfo
RasQueryRedialOnLinkFailure

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 324KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4435b8fcef871d02adbbbc475761f534

Headers

DLL Characteristics

File Characteristics

Imports

mlang

kernel32

rastapi

ntdll

rasapi32

Sections

.text Size: 228KB - Virtual size: 227KB

.rdata Size: 244KB - Virtual size: 243KB

.data Size: 324KB - Virtual size: 1.5MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 228KB - Virtual size: 227KB

.rdata
Size: 244KB - Virtual size: 243KB

.data
Size: 324KB - Virtual size: 1.5MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB