81b6897055f68671d44c1208083901ae77758f644d631061a0d80b8785ebc6ef

Sharing

Copy URL Twitter E-mail

General

Target

81b6897055f68671d44c1208083901ae77758f644d631061a0d80b8785ebc6ef
Size

845KB
MD5

914088e976028116d3ee604323d68fa8
SHA1

aa3a117f3c24870ad1bf8e6f02c205e6f1bd24ba
SHA256

81b6897055f68671d44c1208083901ae77758f644d631061a0d80b8785ebc6ef
SHA512

112683796187a850264a8a1bece0fa334fd7579bb4007ff1620f59828b476179e246e3620634f58db1ffc2e7345b3160f8ea7775baad5b97046d2a72e3c598b0
SSDEEP

12288:gwxjCaF+Rhui/bwF2I+AGd3h17yvfVdQhT1gfmiv8FnLHDVA2v1FcSDs8KODBkXG:gQQrBPIGd3z7sU3bp5Bz1sjwkX

Score

N/A

Malware Config

Signatures

Files

81b6897055f68671d44c1208083901ae77758f644d631061a0d80b8785ebc6ef
.exe windows x86

fb46e4f622c95f7638a5a4fdac5ce32b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommModemStatus
OutputDebugStringA
RegisterWaitForSingleObject
DosPathToSessionPathA
WTSGetActiveConsoleSessionId
VDMOperationStarted
HeapValidate
GetShortPathNameA
GetConsoleCommandHistoryA
LoadLibraryA
GetFileInformationByHandle
GetModuleHandleA
WaitForMultipleObjects
CreateProcessInternalW
NlsGetCacheUpdateCount
GetDiskFreeSpaceW
GetCurrentThreadId
GetConsoleScreenBufferInfo
WriteConsoleA
SetEnvironmentVariableW
BaseCheckAppcompatCache
QueryPerformanceCounter
DebugActiveProcessStop
QueueUserAPC
VirtualAlloc
MoveFileExW
EnumResourceNamesW

uniplat

UmPlatformInitialize
StopMonitoringHandle
FreeOverStruct
UnimodemQueueUserAPC
MonitorHandle
CancelUnimodemTimer
ResetCallCount
AllocateOverStructEx
CallBeginning
UnimodemNotifyTSP
CreateOverStructPool
DestroyOverStructPool
StopMonitorThread
UnimodemReadFileEx
StartMonitorThread
FreeUnimodemTimer
CreateUnimodemTimer
UnimodemDeviceIoControlEx
UnimodemWriteFileEx
CallEnding

advapi32

IsTextUnicode
CreateWellKnownSid
LsaSetTrustedDomainInformation
SetEntriesInAuditListW
SetUserFileEncryptionKey
RegDeleteValueA
SystemFunction028
OpenTraceA
WmiFileHandleToInstanceNameA
ReportEventA
LogonUserW
IsTokenUntrusted
GetTraceEnableFlags
SystemFunction036
MD4Init
SystemFunction020
EnumDependentServicesA
MakeAbsoluteSD
StartServiceW
EnumServicesStatusExA
CryptSignHashW
PrivilegedServiceAuditAlarmW
EncryptFileW
EnumServiceGroupW
CredUnmarshalCredentialW

rasapi32

RasGetAutodialParamA
RasSetAutodialParamA
RasIsSharedConnection
RasGetCountryInfoW
RasGetEapUserIdentityA
RasDialW
RasSetEntryPropertiesW
RasGetProjectionInfoA
RasDeleteEntryA
UnInitializeRAS
RasGetAutodialEnableA
RasGetCountryInfoA
RasSetOldPassword
RasEnumAutodialAddressesA
RasEnumAutodialAddressesW
RasInvokeEapUI
DDMGetPhonebookInfo
RasGetEntryPropertiesW
RasHangUpA
RasDeleteSubEntryW

iphlpapi

Icmp6ParseReplies
GetBestRoute
register_icmp
GetAdapterIndex
GetUdpTable
NTTimeToNTPTime
_PfDeleteLog@0
DeleteIPAddress
do_echo_rep
NotifyAddrChange
InternalGetIpNetTable
SetIpStatistics
InternalCreateIpForwardEntry
InternalSetIpStats
InternalSetIpForwardEntry
_PfRebindFilters@8
Icmp6CreateFile
NTPTimeToNTFileTime
GetIpStatisticsEx
GetAdaptersAddresses

wldap32

ldap_memfree
ldap_free_controls
ldap_search_ext_sW
ldap_err2string
LdapGetLastError
ldap_get_next_page
ldap_search_init_page
ldap_perror
ldap_get_values_lenA
ldap_count_valuesA
LdapMapErrorToWin32
ldap_compare
ldap_next_entry
ldap_modifyA
ldap_controls_freeW
ldap_addA
ldap_next_attribute
ldap_modify_extW

Sections

.text
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 355KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb46e4f622c95f7638a5a4fdac5ce32b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

uniplat

advapi32

rasapi32

iphlpapi

wldap32

Sections

.text Size: 482KB - Virtual size: 482KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 355KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 444B

.text
Size: 482KB - Virtual size: 482KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 355KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 444B