84af972b60a1e18581d8abf06097de8b6f90b0d6a0fcc387259f62beaf561f37

Sharing

Copy URL Twitter E-mail

General

Target

84af972b60a1e18581d8abf06097de8b6f90b0d6a0fcc387259f62beaf561f37
Size

49KB
MD5

5468f7e5ff2d1c133bdbbfdfbcd1b45c
SHA1

af49a4abf9bdab3e3f249f9a3f341d93f1172a90
SHA256

84af972b60a1e18581d8abf06097de8b6f90b0d6a0fcc387259f62beaf561f37
SHA512

b2f45c1a819b79bfe8b57a9d4f8b4a4ad5073278cb0d147deb44dfeab82cd2be60a1ae2dae52d03db43d7c14a41a093a16907ee0373662d9c757eb9103ae0e49
SSDEEP

768:BT/TAynATB8bI2r2mydrCH6okkeGfI5DpOIIwr/kYi5449SDUZmelWHTvNA:5EyAebI2oZCajGQ5DUwr7g44KT1A

Score

N/A

Malware Config

Signatures

Files

84af972b60a1e18581d8abf06097de8b6f90b0d6a0fcc387259f62beaf561f37
.exe windows x86

9242dccd8fcf11a6c831982d75b42ead

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

polstore

IPSecCreatePolicyData
IPSecFreeFilterSpecs
IPSecSetNegPolData
IPSecUnassignPolicy
IPSecEnumFilterData
IPSecFreePolStr
IPSecCopyFilterSpec
IPSecCopyNegPolData
IPSecDeletePolicyData
IPSecFreeMulPolicyData
IPSecSetPolicyData
IPSecCopyNFAData
IPSecEnumNegPolData
IPSecGetFilterData
IPSecSetISAKMPData
IPSecFreeMulNFAData
IPSecCopyPolicyData
IPSecClosePolicyStore
IPSecCopyISAKMPData
IPSecIsDomainPolicyAssigned
IPSecEnumISAKMPData
IPSecCreateNegPolData
IPSecFreeMulISAKMPData
IPSecFreeNegPolData
IPSecCreateFilterData
IPSecAllocPolStr
IPSecFreePolicyData
IPSecOpenPolicyStore

kernel32

DeleteCriticalSection
Beep
MapViewOfFile
SwitchToFiber
EnumLanguageGroupLocalesA
Module32FirstW
SetConsoleHardwareState
GetCurrentDirectoryA
LCMapStringA
GetStartupInfoW
GetFileAttributesExW
BaseCheckAppcompatCache
BaseFlushAppcompatCache
GetTempPathW
SwitchToThread
FillConsoleOutputAttribute
OpenFileMappingW
IsValidLanguageGroup
FreeEnvironmentStringsW
LoadLibraryA
SetConsoleOS2OemFormat
GetVolumeNameForVolumeMountPointA
VerifyVersionInfoW
MapViewOfFileEx
GetLocalTime
DebugActiveProcess
GetAtomNameA
GlobalCompact
NlsGetCacheUpdateCount
QueryMemoryResourceNotification
EnumCalendarInfoA
CancelWaitableTimer
GetFirmwareEnvironmentVariableW
GetConsoleWindow
GetPrivateProfileStringA
LocalHandle
ResetEvent
VirtualLock
GetStringTypeExW
GlobalFindAtomW
ReleaseActCtx
HeapWalk
WaitNamedPipeW
ReplaceFile
AddLocalAlternateComputerNameW
SignalObjectAndWait
GlobalFree
EnumResourceTypesW
IsValidLocale
GetCommConfig
RegisterWaitForSingleObject
Process32NextW
GetConsoleCursorMode
SetThreadLocale
EndUpdateResourceW
GetCommState
GetConsoleOutputCP
GetDateFormatA
FindFirstFileA
GetComputerNameExW
RegisterConsoleVDM
FindFirstVolumeW
GetConsoleCommandHistoryA
EnumResourceNamesW
GetFirmwareEnvironmentVariableA
IsSystemResumeAutomatic
GetPrivateProfileSectionNamesA
WriteProfileStringW
VirtualAlloc
FindNextFileW
GetCommandLineA
GetModuleHandleW
LocalCompact
CreateRemoteThread
EraseTape
CreateDirectoryW
FreeResource
QueryPerformanceCounter
DisconnectNamedPipe
GetPrivateProfileIntA
SetThreadExecutionState
WaitForDebugEvent
MoveFileExW
SetConsoleInputExeNameW
SetEnvironmentVariableA
IsBadStringPtrW
GetCommModemStatus

dhcpsapi

DhcpGetOptionInfo
DhcpGetClassInfo
DhcpDsClearHostServerEntries
DhcpServerGetConfig
DhcpRemoveOptionValue
DhcpGetVersion
DhcpCreateClientInfoV4
DhcpModifyClass
DhcpSetClientInfo
DhcpSetThreadOptions
DhcpCreateClass
DhcpRemoveSubnetElementV4
DhcpEnumOptionValues
DhcpGetThreadOptions
DhcpSetOptionInfo
DhcpEnumSubnetClientsV5
DhcpDsInit
DhcpServerGetConfigV4
DhcpGetClientInfo
DhcpServerQueryDnsRegCredentials
DhcpGetOptionValue
DhcpAddSubnetElementV4
DhcpAddMScopeElement
DhcpEnumOptionValuesV5
DhcpRemoveOption
DhcpRemoveMScopeElement

msdart

??4CReaderWriterLock2@@QAEAAV0@ABV0@@Z
?GetDefaultSpinCount@CFakeLock@@SGGXZ
??0CReaderWriterLock@@QAE@XZ
??4CSpinLock@@QAEAAV0@ABV0@@Z
?WriteLock@CFakeLock@@QAEXXZ
?GetDefaultSpinAdjustmentFactor@CFakeLock@@SGNXZ
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?GetSpinCount@CReaderWriterLock2@@QBEGXZ
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?DeleteIf@CLKRLinearHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
?IsUnlocked@CLockedSingleList@@QBE_NXZ
?WriteUnlock@CReaderWriterLock2@@QAEXXZ
?IsWriteUnlocked@CReaderWriterLock3@@QBE_NXZ
?SetBucketLockSpinCount@CLKRHashTable@@QAEXG@Z
?_Unlock@CSpinLock@@AAEXXZ
MpHeapValidate
?IsWriteLocked@CFakeLock@@QBE_NXZ
?IsReadUnlocked@CSpinLock@@QBE_NXZ
?GetSpinCount@CSmallSpinLock@@QBEGXZ
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?TryWriteLock@CSpinLock@@QAE_NXZ
?IsWin98@CMdVersionInfo@@SAHXZ
?_H0@CLKRLinearHashTable@@CGKKK@Z
?Last@CDoubleList@@QBEQAVCListEntry@@XZ
?_CurrentThreadId@CReaderWriterLock3@@CGJXZ
?InsertTail@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?_ReadOrWriteLock@CLKRLinearHashTable@@ABE_NXZ
?ReadUnlock@CReaderWriterLock2@@QAEXXZ
??4CSmallSpinLock@@QAEAAV0@ABV0@@Z
?SetSpinCount@CSmallSpinLock@@QAE_NG@Z
?IsWriteUnlocked@CReaderWriterLock@@QBE_NXZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?IsReadUnlocked@CLKRHashTable@@QBE_NXZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?ReadUnlock@CSmallSpinLock@@QAEXXZ
??0CReaderWriterLock3@@QAE@XZ
??4CDoubleList@@QAEAAV0@ABV0@@Z

user32

EditWndProc
DdeAccessData
SetSysColorsTemp
FillRect
MonitorFromPoint
GetWindowModuleFileNameA
SetClassWord
GetClipCursor
OemToCharBuffA
GetLayeredWindowAttributes
FindWindowW
SetCaretPos
GetProcessDefaultLayout
DrawCaption
PostMessageA
SetWindowContextHelpId
GetClassLongW
DestroyCursor
CreateDesktopA
GetShellWindow
EndMenu
SetSysColors
DdeAbandonTransaction
DrawMenuBarTemp
DdeUnaccessData
RemoveMenu
SendMessageCallbackW
SendNotifyMessageA
UnhookWindowsHookEx
RemovePropA
SetDoubleClickTime
MBToWCSEx
DdeCreateStringHandleA
MonitorFromWindow
LoadBitmapW

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9242dccd8fcf11a6c831982d75b42ead

Headers

DLL Characteristics

File Characteristics

Imports

polstore

kernel32

dhcpsapi

msdart

user32

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B