7faef9d25b91d73f860e077f45158a37a457806562a1e023275c8dd1adb6b0c1

Sharing

Copy URL Twitter E-mail

General

Target

7faef9d25b91d73f860e077f45158a37a457806562a1e023275c8dd1adb6b0c1
Size

44KB
MD5

26d859c7cdd5fb888d16c63d13c1f2c4
SHA1

ed967a4be35ce10b26f63e83dd625b5d9a8ada3f
SHA256

7faef9d25b91d73f860e077f45158a37a457806562a1e023275c8dd1adb6b0c1
SHA512

825a01686a725f310a052d5afbafb11ba6312e8229f660f3806a785c27bb17f8c40191da6a0611789da9469fd7c7c24f3f5ea9a8981c213b1c064a31df072175
SSDEEP

768:plKqdc7NThZux8yJvc1o7JDJuXvQ2JgAo1IkeRjqgWLPr1UUxzxObvZNl:nKjBinJ01ecXvQ2LkqjqLr1xxFYRNl

Score

N/A

Malware Config

Signatures

Files

7faef9d25b91d73f860e077f45158a37a457806562a1e023275c8dd1adb6b0c1
.exe windows x86

cea7269eba8a4970851d9a387951f377

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_CIfmod
_adj_fdivr_m32i
_mbsncpy
?write@ostream@@QAEAAV1@PBDH@Z
system
__toascii
??0strstreambuf@@QAE@H@Z
??_7istream@@6B@
??0ostream@@IAE@XZ
?ws@@YAAAVistream@@AAV1@@Z
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
atan
_expand
sin
_mbsnbcpy
??_Gstdiobuf@@UAEPAXI@Z
log
_mbsnbcoll
_searchenv
??_Dstdiostream@@QAEXXZ
_toupper
?close@ifstream@@QAEXXZ
??_Gfilebuf@@UAEPAXI@Z
??_Gstreambuf@@UAEPAXI@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
_wgetdcwd
_lseeki64
_strdate
??_7ostream@@6B@
_isctype
_endthreadex

kernel32

VDMOperationStarted
HeapAlloc
SetConsoleCursorInfo
IsProcessorFeaturePresent
CreateWaitableTimerW
LoadLibraryA
RegisterConsoleOS2
DeleteTimerQueueEx
EnumDateFormatsW
GlobalFix
WTSGetActiveConsoleSessionId
CompareStringW
TransactNamedPipe
_lcreat
CreateMutexW
SetConsoleCursorMode
ReadConsoleW
GetPriorityClass
CreateRemoteThread
GetPrivateProfileIntA
LocalFree
LockFile
EnumSystemCodePagesW
GetFileType
lstrlen
GetCommConfig
WaitForSingleObject
VirtualAlloc
LZCopy
DeviceIoControl
MapUserPhysicalPagesScatter
ReadDirectoryChangesW
GetDriveTypeA
ReadConsoleOutputW
EnumSystemGeoID
ClearCommBreak
GetCommProperties
SetConsoleLocalEUDC
GetProfileSectionA
Process32NextW
GlobalAddAtomA
SetCalendarInfoW
LZOpenFileA

ntdll

RtlMapGenericMask
RtlUpcaseUnicodeStringToCountedOemString
NtLoadDriver
NtMakeTemporaryObject
_memccpy
NtConnectPort
ZwDebugContinue
ZwOpenIoCompletion
CsrCaptureMessageString
RtlOemStringToUnicodeSize
RtlAdjustPrivilege
NtQuerySection
NtIsSystemResumeAutomatic
RtlLargeIntegerDivide
RtlAllocateHeap
RtlSubAuthorityCountSid
NtQueryIntervalProfile
RtlDeleteTimerQueueEx
RtlIpv4AddressToStringA
RtlFreeOemString
NtCreateFile
NtSaveKeyEx
RtlNormalizeProcessParams
ZwSetUuidSeed
_wtol
NtDebugActiveProcess
RtlCompareUnicodeString
_snprintf
RtlFreeSid
NtQueryInformationToken
CsrSetPriorityClass
RtlAddAccessDeniedObjectAce
NtSetEaFile
ZwWaitForSingleObject
ZwOpenMutant
NtCurrentTeb
RtlFreeHeap
NtPrivilegeCheck
RtlTraceDatabaseValidate
NtTraceEvent
RtlGetOwnerSecurityDescriptor
_aulldvrm
NtOpenObjectAuditAlarm
NtAreMappedFilesTheSame
NtSetContextThread
RtlAllocateAndInitializeSid
LdrLockLoaderLock
wcschr
ZwDeleteAtom
RtlGetCurrentPeb
RtlDeactivateActivationContext
RtlSetBits
ZwGetWriteWatch
RtlGetGroupSecurityDescriptor
LdrQueryProcessModuleInformation
RtlGetFrame
LdrLoadAlternateResourceModule
ZwCreateWaitablePort
NtAcceptConnectPort
ZwAddBootEntry
RtlNewSecurityObjectEx
NtImpersonateThread
NtWaitForKeyedEvent
_alldvrm
ZwCreateDebugObject
ZwSaveKey
ZwCreateTimer
RtlApplyRXactNoFlush
NtReleaseSemaphore
ZwSetBootOptions
NtDuplicateObject
ZwReadRequestData
ZwCreateKey
NtCreateDebugObject
NtOpenProcessToken
_alloca_probe
ZwQueryDefaultUILanguage
RtlSetAttributesSecurityDescriptor
NtSecureConnectPort
CsrGetProcessId
RtlInitAnsiString
RtlDeactivateActivationContextUnsafeFast
ZwUnloadKey
RtlDoesFileExists_U
RtlNewInstanceSecurityObject

inetcomm

HrGetAttachIcon
HrGetDisplayNameWithSizeForFile
MimeOleCreateVirtualStream
DllGetClassObject
MimeOleSetPropW
MimeOleCreateSecurity
EssSignCertificateEncodeEx
EssContentHintDecodeEx
MimeOleGetCodePageInfo
EssSecurityLabelDecodeEx
MimeOleSetPropA
MimeOleStripHeaders
CreateSMTPTransport
MimeOleUnEscapeStringInPlace
MimeOleGetCharsetInfo
MimeOleGetAllocator
CreateRASTransport
EssMLHistoryEncodeEx
MimeOleGenerateFileName
MimeOleCreatePropertySet
CreateRangeList
MimeOleSMimeCapsFull
MimeOleGetContentTypeExt
MimeOleGenerateMID
MimeOleGetPropA
MimeOleCreateBody
MimeOleSMimeCapRelease
EssReceiptDecodeEx
HrDoAttachmentVerb
MimeOleGetExtContentType
MimeOleSMimeCapAddCert
HrGetLastOpenFileDirectory
MimeOleCreateByteStream
MimeOleGetFileExtension

advpack

TranslateInfStringEx
UserInstStubWrapper
DelNode
IsNTAdmin
LaunchINFSection
ExecuteCab
AddDelBackupEntry
DoInfInstall
ExtractFiles
LaunchINFSectionEx
RegisterOCX
RegSaveRestore
GetVersionFromFile
RegSaveRestoreOnINF
TranslateInfString
UserUnInstStubWrapper
FileSaveRestoreOnINF
NeedReboot
NeedRebootInit
GetVersionFromFileEx
RebootCheckOnInstall
AdvInstallFile
FileSaveRestore
DelNodeRunDLL32
CloseINFEngine
OpenINFEngine
RunSetupCommand
FileSaveMarkNotExist
RegInstall
SetPerUserSecValues
RegRestoreAll

advapi32

CreatePrivateObjectSecurityWithMultipleInheritance
LsaClose
ElfOldestRecord
CryptReleaseContext
SystemFunction022
SetAclInformation
StartTraceA
ElfDeregisterEventSource
GetInheritanceSourceA
ReadEventLogW
GetSecurityDescriptorControl
QueryServiceStatus
RegRestoreKeyW
ObjectPrivilegeAuditAlarmA
MD5Update
LogonUserA
LookupPrivilegeNameA
ChangeServiceConfig2A
SystemFunction033
AdjustTokenGroups
ElfOpenEventLogA
PrivilegedServiceAuditAlarmW
SystemFunction041
RegOpenUserClassesRoot
QueryRecoveryAgentsOnEncryptedFile
RegEnumValueA
ConvertAccessToSecurityDescriptorA
GetSecurityDescriptorGroup
LsaLookupPrivilegeValue
GetTraceEnableFlags
SystemFunction029
LsaFreeMemory
LookupSecurityDescriptorPartsA
AccessCheckByTypeResultList
LsaICLookupSidsWithCreds
EncryptionDisable
ConvertStringSidToSidW
ConvertStringSidToSidA
RegisterServiceCtrlHandlerExA

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cea7269eba8a4970851d9a387951f377

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

kernel32

ntdll

inetcomm

advpack

advapi32

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1024B - Virtual size: 53KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1024B - Virtual size: 53KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B