b6997a2d2259c4ee20aceb7327f4d954735c385bf7ced3d56bceeab4cc39c163

Sharing

Copy URL Twitter E-mail

General

Target

b6997a2d2259c4ee20aceb7327f4d954735c385bf7ced3d56bceeab4cc39c163
Size

864KB
MD5

3702e4c3be1d5149b7bbd1beb1f5d36d
SHA1

8bc5d2be4134dd66b0acee4fa6deeff80cef0c4d
SHA256

b6997a2d2259c4ee20aceb7327f4d954735c385bf7ced3d56bceeab4cc39c163
SHA512

53cfaa3bf0f5709a6e271e4c65edd0e2f954811ffcf141059ecf3dd6b62a3f643eef9f2ce14ac7fb9a2feb9e3f4e7d80de93c4c3fc2457c190b47ee8505a9e72
SSDEEP

24576:08YHrfwrNvzt2ytx0IK/zGscao2IPAo97k:084ANvR2WKaf9PB9

Score

N/A

Malware Config

Signatures

Files

b6997a2d2259c4ee20aceb7327f4d954735c385bf7ced3d56bceeab4cc39c163
.exe windows x86

6a621a8da1ac8ab79e9ae0ae70f2e4fd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasesLengthW
RtlMoveMemory
LZClose
Thread32Next
ReadConsoleInputW
GetModuleHandleW
QueryPerformanceCounter
GetThreadSelectorEntry
SetConsoleMaximumWindowSize
SetStdHandle
WaitForMultipleObjectsEx
MapViewOfFile
GetConsoleTitleA
VirtualUnlock
CreateTapePartition
TlsFree
CreateTimerQueueTimer
FindFirstVolumeW
GetStartupInfoW
GlobalSize
VirtualAlloc
RemoveDirectoryW
GetComputerNameExA
ReleaseMutex
Module32Next
DefineDosDeviceW
RtlCaptureContext
GetFullPathNameW
FlushFileBuffers
_lcreat
GetProcessAffinityMask
DosDateTimeToFileTime
CloseConsoleHandle
IsDBCSLeadByteEx
WriteConsoleW
EnumResourceTypesW
SetConsoleCursor
GlobalFindAtomW
CallNamedPipeW
FreeConsole
LoadLibraryA
SetSystemTimeAdjustment
SetProcessPriorityBoost
GetVolumePathNamesForVolumeNameW
ReleaseActCtx
AllocateUserPhysicalPages
GetComputerNameExW

shlwapi

PathIsUNCServerW
PathBuildRootA
wnsprintfA
SHGetThreadRef
StrCmpNA
StrChrIA
DllGetVersion
SHDeleteKeyA
SHRegQueryInfoUSKeyA
PathMakePrettyA
PathUndecorateW
StrToInt64ExA
SHCopyKeyW
PathSearchAndQualifyW
PathFindOnPathA
StrRChrIA
AssocQueryKeyW
StrNCatA
SHCopyKeyA
PathRemoveBlanksA
SHRegDeleteEmptyUSKeyW
SHRegWriteUSValueA
PathFindOnPathW
PathRenameExtensionA
UrlIsNoHistoryW
PathRemoveArgsW
PathParseIconLocationW
PathUnExpandEnvStringsA
PathAddBackslashA
PathFileExistsA
SHRegSetUSValueA
StrRetToBSTR
StrStrIW
PathRelativePathToA
StrCatBuffW

crtdll

_chgsign
_expand
_y1
_mbcjistojms
_ismbcl0
_wtol
_fmode_dll
wcsspn
_wcsdup
_ismbblead
_spawnv
_stricmp
memchr
_ismbbprint
_locking
tmpfile
_snprintf
_mbsncat
_futime
_mbsspnp
iswlower
_mbsnextc
_commode_dll
_strnset
_ecvt
_filbuf
_purecall
wcscoll
wcstod
pow
_ultow
_ismbbalpha
_utime
setvbuf
??3@YAXPAX@Z
_control87
_mbscmp
asin
_j1
_fpreset
_CIatan2
_itow
_lrotr

msorcl32

SQLColAttributes
SQLGetStmtOption
SQLPrepare
SQLRowCount
LoadByOrdinal
ConfigDSN
SQLExecDirect
SQLMoreResults
SQLExecute
SQLBindCol
SQLFetch
SQLAllocConnect
SQLCancel
SQLDriverConnect
SQLSpecialColumns
SQLSetCursorName
SQLDescribeParam
SQLGetInfo
SQLForeignKeys
SQLExtendedFetch
SQLBindParameter
SQLTables
SQLAllocStmt
SQLStatistics
SQLDisconnect
SQLFreeConnect

ssdpapi

DeregisterNotification
GetFirstService
DHSetICSInterfaces
FindServicesCallback
SsdpStartup
GetNextService
RegisterNotification
SsdpCleanup
CleanupCache
RegisterService
FindServicesClose
FindServices
DHSetICSOff
FindServicesCancel
DeregisterService
FreeSsdpMessage

ntdll

NtQueryInformationToken
isxdigit
RtlStringFromGUID
RtlSetThreadIsCritical
strlen
ZwCancelIoFile
_i64tow
RtlRaiseStatus
RtlActivateActivationContextEx
ZwCreatePagingFile
RtlDecompressFragment
RtlCompareMemory
RtlDeleteNoSplay
NtResetWriteWatch
NtYieldExecution
ZwTraceEvent
LdrVerifyImageMatchesChecksum
RtlDestroyHeap
_memccpy
RtlDestroyAtomTable
NtFindAtom
NtCreateIoCompletion
wcscspn
NtIsSystemResumeAutomatic
RtlReleaseActivationContext
RtlSetHeapInformation
ZwOpenThread
ZwCompleteConnectPort
RtlConvertUlongToLargeInteger
RtlActivateActivationContext
ZwLockRegistryKey

cscdll

CSCPinFileW
CSCFindFirstFileForSidW
CSCUnpinFileW
CSCFindClose
CSCIsServerOfflineW
CSCEnumForStatsW
CSCSetMaxSpace
CSCTransitionServerOnlineW
CSCFindNextFileW
CSCDeleteW
CSCIsCSCEnabled
CSCDoEnableDisable
CSCFindFirstFileW
CSCQueryFileStatusW
CSCEnumForStatsExW

Sections

.text
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 413KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a621a8da1ac8ab79e9ae0ae70f2e4fd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

crtdll

msorcl32

ssdpapi

ntdll

cscdll

Sections

.text Size: 130KB - Virtual size: 130KB

.rdata Size: 318KB - Virtual size: 318KB

.data Size: 413KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 130KB - Virtual size: 130KB

.rdata
Size: 318KB - Virtual size: 318KB

.data
Size: 413KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B