83be95615f84d7e3270b67b3325de3861d75960533b63e7a4a98275a8606fbf9

Sharing

Copy URL

Twitter E-mail

General

Target

83be95615f84d7e3270b67b3325de3861d75960533b63e7a4a98275a8606fbf9
Size

830KB
MD5

b57e5807dcbd7565bdefee662e0e91e5
SHA1

7e0a757164d146aab3ffa12d1e3877e443f22564
SHA256

83be95615f84d7e3270b67b3325de3861d75960533b63e7a4a98275a8606fbf9
SHA512

aa648fb67df0bae43f9bea44241c5eaa52093492b5d557b64570514b4e2bd89416189b64b96d9aaeb17eaaf6e061f4f7f4f18aff9f175a01df0020a361cde371
SSDEEP

24576:WDrlhkZFzvMa6Xfz8KkP/ywq+obbHp46qTx:W7AVvivk3Pq+obbHpg

Score

N/A

Malware Config

Signatures

Files

83be95615f84d7e3270b67b3325de3861d75960533b63e7a4a98275a8606fbf9
.exe windows x86

115e52e243f03447373fe2550e3bc882

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_mbspbrk
strpbrk
__p__pgmptr
_adj_fdiv_m32i
_y0
_localtime64
__p__pwctype
iswgraph
_mbsdec
strstr
exit
?raw_name@type_info@@QBEPBDXZ
__p__commode
cos
_wfindfirst
_except_handler3
__crtLCMapStringW
__getmainargs
exp
_execlp
_strtime
_adj_fdivr_m64
fseek
__RTCastToVoid
atan
_wchdir
tmpnam
_stricmp
_beginthreadex
_wcstoui64
_mbsdup
__set_app_type

kernel32

LoadLibraryW
LZOpenFileA
GetModuleHandleW
QueryPerformanceCounter
PulseEvent
SetThreadPriorityBoost
HeapFree
GetLocaleInfoW
GetConsoleAliasExesLengthA
GlobalGetAtomNameA
GetCurrentThread
GetWriteWatch
SetLocaleInfoW
SetTapePosition

adsldpc

ADsCreateDSObject
InitObjectInfo
SchemaGetSyntaxOfAttribute
ADsAbandonSearch
ADsDeleteDSObject
ADsEncodeBinaryData
ADSISetSearchPreference
LdapGetSyntaxOfAttributeOnServer
ADsGetLastError
LdapcSetStickyServer
BuildLDAPPathFromADsPath2
LdapCloseObject
LdapGetValuesLen
LdapGetNextPageS
SchemaGetStringsFromStringTable
BuildLDAPPathFromADsPath
MapLDAPTypeToADSType
?GetNextToken@CLexer@@QAEJPAGPAK@Z
LdapOpenObject2
ADSIFreeColumn
LdapOpenObject
LdapTypeToAdsTypeCopyConstruct
SchemaOpen
LdapFirstAttribute

cfgmgr32

CM_Get_Device_ID_Size_Ex
CM_Delete_DevNode_Key_Ex
CM_Enumerate_Enumerators_ExA
CM_Get_Device_ID_Size
CM_Query_Arbitrator_Free_Size_Ex
CM_Get_Device_Interface_List_Size_ExA
CM_Unregister_Device_Interface_ExA
CM_Delete_DevNode_Key
CM_Get_Device_Interface_ListA
CM_Get_Child_Ex
CM_Get_Device_ID_ExA
CM_Move_DevNode
CM_Get_Device_Interface_AliasA
CM_Disable_DevNode_Ex
CM_Get_Device_ID_List_SizeA
CM_Get_DevNode_Registry_PropertyA
CM_Get_Next_Res_Des
CM_Get_Device_Interface_Alias_ExA
CM_Invert_Range_List

shell32

SHGetMalloc

powrprof

SetActivePwrScheme
ReadGlobalPwrPolicy
DeletePwrScheme
GetCurrentPowerPolicies
ReadPwrScheme
GetPwrCapabilities
WriteGlobalPwrPolicy
EnumPwrSchemes
CallNtPowerInformation
MergeLegacyPwrScheme
IsAdminOverrideActive
IsPwrHibernateAllowed
ReadProcessorPwrScheme
CanUserWritePwrScheme
WritePwrScheme
LoadCurrentPwrScheme
GetPwrDiskSpindownRange
GetActivePwrScheme
WriteProcessorPwrScheme
IsPwrSuspendAllowed

untfs

?Initialize@NTFS_UPCASE_TABLE@@QAEEPAVNTFS_ATTRIBUTE@@@Z
?QueryAttributeListAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAE@Z
??0NTFS_FRS_STRUCTURE@@QAE@XZ
??1NTFS_MFT_INFO@@UAE@XZ
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
??0NTFS_SA@@QAE@XZ
?Read@NTFS_SA@@UAEEXZ
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
?MakeNonresident@NTFS_ATTRIBUTE@@UAEEPAVNTFS_BITMAP@@@Z
??1NTFS_MFT_FILE@@UAE@XZ
??0NTFS_INDEX_TREE@@QAE@XZ
??1NTFS_UPCASE_TABLE@@UAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
?QueryFileSizes@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVBIG_INT@@0PAE@Z
?Read@NTFS_MFT_FILE@@UAEEXZ

ole32

CLIPFORMAT_UserMarshal
CoRevertToSelf
HPALETTE_UserMarshal
CreatePointerMoniker
HWND_UserSize
CLIPFORMAT_UserSize
CoTaskMemRealloc
OleGetIconOfClass
WriteStringStream
CLSIDFromString
DllRegisterServer
UtGetDvtd16Info
OleGetAutoConvert

user32

EndDialog
MessageBoxW

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

115e52e243f03447373fe2550e3bc882

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

adsldpc

cfgmgr32

shell32

powrprof

untfs

ole32

user32

Sections

.text Size: 366KB - Virtual size: 365KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 173KB - Virtual size: 1.6MB

.rsrc Size: 173KB - Virtual size: 173KB

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 366KB - Virtual size: 365KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 173KB - Virtual size: 1.6MB

.rsrc
Size: 173KB - Virtual size: 173KB

.reloc
Size: 1024B - Virtual size: 852B