807bf825c01fcbcb6d02108e1fcfe48320e6afd346f5e138e8326144f68e1f0c

Sharing

Copy URL Twitter E-mail

General

Target

807bf825c01fcbcb6d02108e1fcfe48320e6afd346f5e138e8326144f68e1f0c
Size

831KB
MD5

9d20725cecc43ef1f89d4f6dca4e60d3
SHA1

996410d2e0b3bdfa1e2370be558a8808f79e7290
SHA256

807bf825c01fcbcb6d02108e1fcfe48320e6afd346f5e138e8326144f68e1f0c
SHA512

73f7505e8dee3fc07cfc7b908192cfdd91eff408f4abe2af1b5f673f5945d615fa1daf35ae27ffd1fe09d5daf5c0584914e440552fe729f918173028f1514511
SSDEEP

12288:I+iN/bs6WPc0Ct35T8ptZSaEKaU15LSu/qPayoZp7PsVOaqbRZv0p/3PEXySE:Irb2c0Ct35TYZzh5yPayof7UYvw3PZb

Score

N/A

Malware Config

Signatures

Files

807bf825c01fcbcb6d02108e1fcfe48320e6afd346f5e138e8326144f68e1f0c
.exe windows x86

c17cbd0f1639dce0e70cc34e2d80ca65

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msdart

?_WriteLockSpin@CReaderWriterLock3@@AAEXXZ
?ConvertSharedToExclusive@CReaderWriterLock3@@QAEXXZ
?_ReadOrWriteLock@CLKRLinearHashTable@@ABE_NXZ
?MaxSize@CLKRLinearHashTable@@QBEKXZ
?_H1@CLKRLinearHashTable@@CGKKK@Z
?GetDefaultSpinAdjustmentFactor@CSmallSpinLock@@SGNXZ
?_BucketAddress@CLKRLinearHashTable@@ABEKK@Z
?ConvertExclusiveToShared@CReaderWriterLock2@@QAEXXZ

cfgmgr32

CM_Enumerate_Enumerators_ExA
CM_Register_Device_InterfaceW
CM_Disable_DevNode_Ex
CM_Open_DevNode_Key
CM_Next_Range
CM_Get_Device_ID_List_ExA
CM_Get_Device_Interface_Alias_ExW
CM_Set_HW_Prof_FlagsA
CM_Get_Version_Ex
CM_Create_Range_List
CM_Modify_Res_Des
CM_Get_Device_ID_Size
CM_Set_HW_Prof
CM_Get_Device_Interface_Alias_ExA
CM_Disconnect_Machine
CM_Get_Device_ID_ExW
CM_Register_Device_Driver
CM_Query_And_Remove_SubTree_ExW

atmlib

ATMGetFontInfo
ATMFontStatusA
ATMGetFontPathsA
ATMFontStatusW
ATMGetPostScriptName
ATMGetOutline
ATMBBoxBaseXYShowText
ATMGetFontInfoA
ATMGetOutlineA
ATMFinish
ATMGetNtmFields
ATMMakePSS
ATMEnumMMFonts
ATMRemoveSubstFontW
ATMEndFontChange
ATMGetPostScriptNameW
ATMFontAvailable
ATMClient
ATMEnumMMFontsW
ATMMakePFMA
ATMMakePFMW
ATMRemoveSubstFontA
ATMGetGlyphListA
ATMGetMenuNameW
ATMMakePSSW
ATMFontStatus
ATMEnumMMFontsA
ATMGetBuildStrW
ATMGetFontPaths

sqlunirl

_lstrcpy_@8
_CharUpper@4
_OpenFileMapping_@12
_MessageBox@16
_ShellExecute_@24
_WritePrivateProfileSection_@12
_LoadLibraryEx_@12
_GetDlgItemText@16
_GetCharWidth32_@16
_GetOutlineTextMetrics_@12
_RegisterClipboardFormat_@4
_SetVolumeLabel_@8
_DefFrameProc_@20
_GetMenuString_@20
_CreateMailslot_@16
_GetFileAttributes_@4
_CreateFont@56
_CreateDialogIndirectParam@20

kernel32

GetVolumeNameForVolumeMountPointA
GlobalFindAtomA
WaitNamedPipeW
FindResourceW
ReplaceFile
VerifyVersionInfoA
CancelWaitableTimer
SetLastError
QueryActCtxW
SetFileApisToOEM
SetConsoleKeyShortcuts
BuildCommDCBW
WritePrivateProfileStructA
CreateWaitableTimerW
RegisterWowExec
GetUserDefaultLCID
IsBadReadPtr
DosPathToSessionPathA
RegisterWaitForInputIdle
GetBinaryTypeA
GetProfileSectionW
SetPriorityClass
GetUserDefaultUILanguage
IsDBCSLeadByteEx
LocalReAlloc
OpenFileMappingA
WaitForMultipleObjectsEx
SetEnvironmentVariableW
WriteConsoleOutputCharacterA
UpdateResourceW
GetTickCount
LoadLibraryW
GetTimeFormatA
RegisterWowBaseHandlers
SetVolumeMountPointA
HeapSize
CreateEventW
WaitForSingleObjectEx
lstrlenW
SetStdHandle

glu32

gluBeginTrim
gluQuadricDrawStyle
gluQuadricCallback
gluErrorUnicodeStringEXT
gluBuild2DMipmaps
gluBeginCurve
gluEndTrim
gluQuadricOrientation
gluQuadricNormals
gluGetNurbsProperty
gluNewNurbsRenderer
gluTessCallback
gluTessBeginPolygon
gluPickMatrix
gluNurbsCurve
gluBuild1DMipmaps
gluEndPolygon
gluDisk
gluCylinder

untfs

??1NTFS_BITMAP_FILE@@UAE@XZ
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
??1NTFS_ATTRIBUTE_RECORD@@UAE@XZ
?IsAttributePresent@NTFS_FILE_RECORD_SEGMENT@@QAEEKPBVWSTRING@@E@Z
??0NTFS_BITMAP_FILE@@QAE@XZ
??1NTFS_LOG_FILE@@UAE@XZ
?QueryFileSizes@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVBIG_INT@@0PAE@Z
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
Recover
??0NTFS_ATTRIBUTE@@QAE@XZ
?QueryFlags@NTFS_MFT_INFO@@SGEPAXG@Z
?Initialize@NTFS_ATTRIBUTE_RECORD@@QAEEPAVIO_DP_DRIVE@@PAX@Z

Sections

.text
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c17cbd0f1639dce0e70cc34e2d80ca65

Headers

DLL Characteristics

File Characteristics

Imports

msdart

cfgmgr32

atmlib

sqlunirl

kernel32

glu32

untfs

Sections

.text Size: 367KB - Virtual size: 366KB

.rdata Size: 134KB - Virtual size: 134KB

.data Size: 181KB - Virtual size: 1.5MB

.rsrc Size: 147KB - Virtual size: 146KB

.reloc Size: 1024B - Virtual size: 876B

.text
Size: 367KB - Virtual size: 366KB

.rdata
Size: 134KB - Virtual size: 134KB

.data
Size: 181KB - Virtual size: 1.5MB

.rsrc
Size: 147KB - Virtual size: 146KB

.reloc
Size: 1024B - Virtual size: 876B