747cf5da6a450afdd4f17f86b296bb1a250c2627934950dfc5091cc81f2da201

Sharing

Copy URL Twitter E-mail

General

Target

747cf5da6a450afdd4f17f86b296bb1a250c2627934950dfc5091cc81f2da201
Size

52KB
MD5

7778e319beff2f21ff5073aacc1262ae
SHA1

19b18d59fb684e23d9798497bf45c755e13af5c3
SHA256

747cf5da6a450afdd4f17f86b296bb1a250c2627934950dfc5091cc81f2da201
SHA512

f9b7b91f292ab3e0b3fde196dd1b853bff2b8d3d1c5f2914dc074e3fe5e0e768d5557315639dd7a156e3a8138070150fe397aaac421a0eea2f64af45260b0889
SSDEEP

1536:vIDUVEex1cIeOkCUYlmNKeqqdG0GJyezl:vKeHJeOkCUCSKDgGgU

Score

N/A

Malware Config

Signatures

Files

747cf5da6a450afdd4f17f86b296bb1a250c2627934950dfc5091cc81f2da201
.exe windows x86

1ec0f783ce31b7ad319df60e71ee0b12

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AreFileApisANSI
SetSystemPowerState
ReadProcessMemory
WriteConsoleOutputA
SetConsoleLocalEUDC
FreeLibrary
GetACP
SetProcessShutdownParameters
SetLastError
GetModuleHandleA
GetStringTypeExA
FileTimeToSystemTime
IsDBCSLeadByte
GetStartupInfoA
WriteConsoleOutputCharacterW
GetConsoleCommandHistoryLengthW
VirtualAlloc
SetConsolePalette
IsProcessorFeaturePresent
BaseCheckAppcompatCache
FindResourceW
FindResourceExA
GetDiskFreeSpaceW
GetNumberOfConsoleFonts
DebugBreakProcess
LoadLibraryA
SetConsoleIcon
ClearCommError
SetupComm
GetFileAttributesExA
RtlUnwind
SetThreadAffinityMask
GetFileType

shlwapi

PathIsRootW
PathCombineA
SHDeleteOrphanKeyW
StrCpyW
StrPBrkA
DllGetVersion
SHReleaseThreadRef
SHSetValueW
StrCmpLogicalW
SHRegDeleteEmptyUSKeyW
PathUnquoteSpacesA
StrToIntA
PathFindSuffixArrayW
UrlHashW
PathIsUNCServerA
SHOpenRegStream2A
PathFindOnPathW
PathGetArgsA
PathQuoteSpacesA
StrFormatByteSizeA
SHEnumKeyExA
StrToInt64ExW
PathMatchSpecA
PathSetDlgItemPathW
StrStrIA
PathRelativePathToA
StrRChrIA
PathIsUNCServerShareW

mapistub

BMAPISaveMail
HrValidateIPMSubtree@20
MAPIDetails
GetOutlookVersion
FtMulDwDw@8
HrGetOmiProvidersFlags@8
MAPIFindNext
MAPILogonEx@20
HrEntryIDFromSz@12
FBinFromHex@8
MapStorageSCode@4
HrValidateParameters@8
FixMAPI@0
cmc_logon
BMAPIAddress
HrDecomposeEID@28
MAPISendMail
CchOfEncoding@4
MNLS_MultiByteToWideChar@24
HrComposeMsgID@24
ScRelocNotifications@20
cmc_free
FGetComponentPath
MAPIOpenLocalFormContainer
CreateTable@36
HrSetOneProp@8
EnableIdleRoutine@8

ifsutil

?SetAutochkTimeOut@VOL_LIODPDRV@@SGEK@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
?GetBuffer@TLINK@@QAEPAXPAX@Z
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
??1TLINK@@UAE@XZ
??1INTSTACK@@UAE@XZ
?SendSonyMSRequestSenseCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
?SendSonyMSTestUnitReadyCmd@DP_DRIVE@@QAEEPAU_SENSE_DATA@@@Z
?GetData@TLINK@@QAEAAVBIG_INT@@G@Z
?Recover@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?QuerySectorSize@DP_DRIVE@@UBEKXZ
?EnableFileSystem@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z
?Initialize@NUMBER_SET@@QAEEXZ
??0DIGRAPH@@QAE@XZ
?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z
?QueryFreeDiskSpace@IFS_SYSTEM@@SGEPBVWSTRING@@PAVBIG_INT@@@Z
??0MOUNT_POINT_MAP@@QAE@XZ
?GetNext@TLINK@@QAEPAXPAX@Z
??0DP_DRIVE@@QAE@XZ
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
??0DIGRAPH_EDGE@@QAE@XZ
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?SendSonyMSInquiryCmd@DP_DRIVE@@QAEEPAUSONY_MS_INQUIRY_DATA@@@Z
??0CANNED_SECURITY@@QAE@XZ
?ReverseCopy@INTSTACK@@QAEEPAV1@@Z

pdh

PdhUpdateLogA
PdhGetLogFileTypeW
PdhGetRawCounterValue
PdhVbCreateCounterPathList
PdhParseInstanceNameW
PdhEnumMachinesHW
PdhEnumLogSetNamesA
PdhSetQueryTimeRange
PdhTranslateLocaleCounterW
PdhParseCounterPathW
PdhEnumMachinesA
PdhVbGetCounterPathElements
PdhCalculateCounterFromRawValue
PdhBrowseCountersW
PdhEnumObjectItemsHA
PdhLookupPerfNameByIndexW
PdhGetDataSourceTimeRangeW
PdhAdd009CounterA
PdhRelogW
PdhGetDefaultPerfCounterHA
PdhEnumObjectItemsHW
PdhBindInputDataSourceW
PdhExpandWildCardPathA
PdhEnumMachinesW
PdhBrowseCountersA
PdhBindInputDataSourceA
PdhSelectDataSourceA
PdhVbOpenLog
PdhExpandCounterPathA
PdhValidatePathW
PdhGetCounterTimeBase

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ec0f783ce31b7ad319df60e71ee0b12

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

mapistub

ifsutil

pdh

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 1KB