807e5f60ed30d563f1d6a0a8a67b2b115f055bdb17979eb3673e8026712b469d

Sharing

Copy URL Twitter E-mail

General

Target

807e5f60ed30d563f1d6a0a8a67b2b115f055bdb17979eb3673e8026712b469d
Size

96KB
MD5

fca6e0507cb3b7ca431e93a81db18969
SHA1

8f15f7c50f855f85218757d16553612b4bfba5c3
SHA256

807e5f60ed30d563f1d6a0a8a67b2b115f055bdb17979eb3673e8026712b469d
SHA512

7c5814b8b594c1d8cb783e610644f4f4a70c2b44134ddcfd1559a60c50ae4f150167cbf37acd8e7321289d3406c82980fbfeebe3bf67f5d01ed3026b6480a06a
SSDEEP

1536:hBzNh/BSl5PgSd3zRQB0cZwTQYP9LNDa65i1fFDvoFOxiU2E:HnBINtRQBOfZDa6ERFjo1tE

Score

N/A

Malware Config

Signatures

Files

807e5f60ed30d563f1d6a0a8a67b2b115f055bdb17979eb3673e8026712b469d
.exe windows x86

5c6fde6a151ac2b62ffe9b2fbe22e68a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetpGetFileSecurity
NetRemoteComputerSupports
NetDfsGetClientInfo
NetApiBufferFree
Netbios
I_NetAccountSync
NetGroupSetUsers
I_BrowserResetNetlogonState
DsRoleDcAsReplica
NetGetDCName
DsDeregisterDnsHostRecordsA
DsRoleDnsNameToFlatName
NetApiBufferAllocate
NetShareDelSticky
NetSessionGetInfo
DsRoleCancel
NetLocalGroupEnum
NetUnregisterDomainNameChangeNotification
NetpwNameValidate
NlBindingAddServerToCache
NetpCleanFtinfoContext
I_NetLogonSamLogonEx
NetpCopyFtinfoContext
NetUseAdd
I_NetServerSetServiceBits
NetWkstaUserEnum
NetServerComputerNameAdd
NetApiBufferReallocate
NetWkstaTransportDel
I_NetlogonComputeServerDigest
NetpDbgPrint
NetSetPrimaryComputerName
NetWkstaUserSetInfo
DsGetDcNextA
NetReplExportDirGetInfo
I_NetLogonUasLogoff
NetLocalGroupDel
NetGetJoinInformation
NetLocalGroupGetMembers
I_NetServerAuthenticate3
I_NetServerAuthenticate
NetMessageNameEnum
NetUserGetInfo
NetErrorLogRead
I_NetGetDCList
DsRoleGetDatabaseFacts
RxNetAccessAdd
NetMessageNameDel
NetpGetConfigDword
DsRoleFreeMemory
DsGetForestTrustInformationW
NetLocalGroupAddMembers
NetScheduleJobGetInfo
NetGroupEnum
NetJoinDomain
NetUserModalsSet
I_BrowserDebugTrace
NetGroupGetInfo
I_NetDatabaseSync2
NetReplExportDirUnlock
RxNetUserPasswordSet
NetRegisterDomainNameChangeNotification
NetLocalGroupSetMembers
NetUseGetInfo
DsEnumerateDomainTrustsA
DsGetDcNameW
NetpwPathType
I_NetDatabaseRedo
NetLocalGroupDelMember
NetDfsManagerGetConfigInfo
NetShareDel
NetpGetConfigBool
DsGetDcNameWithAccountA
I_BrowserServerEnum
I_NetLogonSamLogon
NetRemoteTOD
I_NetDatabaseDeltas

msoert2

PszToUnicode
HrIStreamToBSTR
FIsEmptyW
HrCopyStreamToByte
GenerateUniqueFileName
IsValidFileIfFileUrlW
AppendTempFileList
HrIndexOfWeek
PszMonthFromIndex
ChConvertFromHex
CreateTempFile
PVGetMsgParam
PszDupW
FMissingCert
IUnknownList_CreateInstance
CenterDialog
PVDecodeObject
strtrimW
PszDupA
HrCreatePhonebookEntry
PszSkipWhiteA
HrGetBodyElement
MessageBoxInstW
IsUpper
CopyRegistry
OpenFileStreamShareW
HrFindInetTimeZone
HrRewindStream
ReplaceCharsW
CleanupFileNameInPlaceW
BrowseForFolder
HrStreamSeekCur
OpenFileStream
CreateTempFileStream
CreateLogFile
HrGetCertificateParam
FIsEmptyA
HrFillRasCombo
SzGetCertificateEmailAddress
StripCRLF
PszScanToWhiteA
UpdateRebarBandColors

shlwapi

PathIsPrefixA
PathMatchSpecA
PathIsRootW
StrStrIW
PathRemoveArgsW
SHRegisterValidateTemplate
PathCreateFromUrlA
SHRegOpenUSKeyA
PathParseIconLocationW
SHRegDeleteEmptyUSKeyW
UrlUnescapeW
SHOpenRegStream2W
StrSpnW
PathCompactPathExA
DelayLoadFailureHook
PathMakeSystemFolderA
PathRelativePathToW
StrRetToStrW
PathIsRelativeA
SHDeleteValueA
SHRegEnumUSKeyW
ChrCmpIW
StrCatW
SHDeleteOrphanKeyW
UrlEscapeW
PathRemoveFileSpecA
StrChrW
StrRChrIA
UrlIsOpaqueA
PathRemoveBlanksA
StrRChrIW
SHGetValueW
SHOpenRegStreamW
UrlIsNoHistoryA

vssapi

?OnBackupCompleteEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnVSSShutdown@CVssWriter@@UAG_NXZ
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?SetWriterFailure@CVssWriter@@IAGJJ@Z
?OnPostRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
??1CVssWriter@@UAE@XZ
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?Subscribe@CVssWriter@@QAGJK@Z
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnBackOffIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?CreateVssSnapshotSetDescription@@YGJU_GUID@@JPAPAVIVssSnapshotSetDescription@@@Z
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?Uninitialize@CVssJetWriter@@QAGXXZ
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareSnapshotEnd@CVssJetWriter@@UAG_N_N@Z
?GetCurrentLevel@CVssWriter@@IBG?AW4_VSS_APPLICATION_LEVEL@@XZ
?OnAbortEnd@CVssJetWriter@@UAGXXZ
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
IsVolumeSnapshotted
?OnFreezeEnd@CVssJetWriter@@UAG_N_N@Z
?IsBootableSystemStateBackedUp@CVssWriter@@IBG_NXZ
VssFreeSnapshotProperties
?OnThawBegin@CVssJetWriter@@UAG_NXZ
?GetCurrentSnapshotSetId@CVssWriter@@IBG?AU_GUID@@XZ
?OnVSSApplicationStartup@CVssWriter@@UAG_NXZ
?IsPathAffected@CVssWriter@@IBG_NPBG@Z
?OnThawEnd@CVssJetWriter@@UAG_N_N@Z
?AreComponentsSelected@CVssWriter@@IBG_NXZ
?OnPrepareBackupBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostSnapshot@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPreRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?InstallAlternateWriter@CVssWriter@@QAGJU_GUID@@0@Z
??0CVssWriter@@QAE@XZ
?GetCurrentVolumeCount@CVssWriter@@IBGIXZ
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
??0CVssJetWriter@@QAE@XZ
?Unsubscribe@CVssWriter@@QAGJXZ

kernel32

EnumResourceNamesW
BeginUpdateResourceA
TerminateJobObject
UnregisterConsoleIME
EnumLanguageGroupLocalesW
GetModuleHandleW
UTUnRegister
WriteConsoleA
EscapeCommFunction
GetFileAttributesExW
ShowConsoleCursor
OpenEventW
RequestDeviceWakeup
CreateJobObjectA
OpenSemaphoreA
LoadLibraryA
BuildCommDCBA
EnumDateFormatsA
EndUpdateResourceW
GetLastError
GetCurrentThreadId
GetHandleInformation
LocalAlloc
DeleteFileA
lstrcmpi
SetProcessPriorityBoost
SwitchToFiber
VirtualAlloc
GetStringTypeA

ntdll

RtlInterlockedPushListSList
NtResumeProcess
_ftol
_ui64tow
RtlLengthSid
NtOpenProcess
ZwCancelTimer
ZwQueryQuotaInformationFile
NtAllocateUuids
__iscsym
ZwFilterToken
RtlIsTextUnicode
RtlRandom
_chkstk
DbgPrintEx
CsrCaptureMessageMultiUnicodeStringsInPlace
_CIsin
ZwQueryValueKey
NtPrivilegedServiceAuditAlarm
RtlGetProcessHeaps
RtlDoesFileExists_U
RtlValidSecurityDescriptor
ZwCompressKey
ZwRemoveIoCompletion
RtlSetTimeZoneInformation
ZwQuerySecurityObject
NtAreMappedFilesTheSame
NtSetSystemInformation
NtReadVirtualMemory
ZwOpenProcess
strstr
_memccpy
NtQueryInstallUILanguage
ZwStopProfile
NtQueryBootEntryOrder
RtlComputeCrc32
NtCompressKey
RtlDeNormalizeProcessParams
ZwOpenProcessTokenEx
ZwGetWriteWatch

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5c6fde6a151ac2b62ffe9b2fbe22e68a

Headers

File Characteristics

Imports

netapi32

msoert2

shlwapi

vssapi

kernel32

ntdll

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 44KB - Virtual size: 194KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 44KB - Virtual size: 194KB

.rsrc
Size: 4KB - Virtual size: 4KB