705cf2b0a3431df676bb870640fdc3efcad69f619f33cc85f3fb5367e17704d9

Sharing

Copy URL Twitter E-mail

General

Target

705cf2b0a3431df676bb870640fdc3efcad69f619f33cc85f3fb5367e17704d9
Size

828KB
MD5

6b0b9e90912f18289f61c0cd04c63247
SHA1

336e3173a310f3016c5a90d01d0266fa35754e0a
SHA256

705cf2b0a3431df676bb870640fdc3efcad69f619f33cc85f3fb5367e17704d9
SHA512

53afa783499a1f9ef4127f8d09fb54b737168a3965e7478ed333e61072980972be5c6f53581875304e97656b44fdd4b33de8a84bbe9193c9ba5cbb341b59609b
SSDEEP

24576:AfIPz6CxC392cKbtSYmplfh7pTycVSG1brPmHqX:A/ebEfplfhNmcVnT7

Score

N/A

Malware Config

Signatures

Files

705cf2b0a3431df676bb870640fdc3efcad69f619f33cc85f3fb5367e17704d9
.exe windows x86

acff41adebab60c4410e780b3decc4b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSocketHandle
SetUserGeoID
LoadResource
MoveFileExA
SetThreadUILanguage
FindActCtxSectionStringW
HeapUnlock
GetEnvironmentStringsA
GetProcessIoCounters
CreateHardLinkW
GetExpandedNameA
SetConsoleMode
LoadLibraryW
SignalObjectAndWait
EnumUILanguagesW
LZCopy
FreeLibraryAndExitThread
SetTapeParameters
FindNextVolumeA
WaitForMultipleObjects
GetLocaleInfoA
MapUserPhysicalPagesScatter
SetHandleInformation
LocalFree
SetFileApisToANSI
NlsGetCacheUpdateCount
GetConsoleOutputCP
TzSpecificLocalTimeToSystemTime
SetLastConsoleEventActive
GetProcessTimes
GetModuleFileNameW
TlsAlloc
ReadDirectoryChangesW
CancelTimerQueueTimer
GetCurrentThread
WriteProfileStringW
FillConsoleOutputCharacterA
WriteConsoleOutputAttribute
LZOpenFileA
CreateProcessInternalW
GetOverlappedResult
ReadConsoleOutputA
CreateEventW
DeleteCriticalSection
OpenMutexA
RtlUnwind

msvcrt

_exit
_outpw
__threadhandle
_wfullpath
__setlc_active
_wutime64
__wargv
__p___argv
_gcvt
_inpd
_ungetwch
_lock
exit
_splitpath
__unDNameEx
_safe_fprem1
__p__commode
__getmainargs
fsetpos
strftime
wctomb
_yn
strspn
__set_app_type
_wutime
_flsbuf
_mbsdec
_getmbcp

certcli

CAEnumNextCertType
CAOIDFreeLdapURL
CAFindByIssuerDN
CASetCertTypeExtension
CACountCAs
CASetCAFlags
CACertTypeUnregisterQuery
CACertTypeAccessCheck
CACloseCertType
CAGetCAExpiration
CAGetCertTypeExtensionsEx
CAGetCAProperty
CASetCertTypeKeySpec
CAOIDDelete

ifsutil

?Initialize@READ_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?QueryDisjointRange@NUMBER_SET@@QBEXKPAVBIG_INT@@0@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?CheckAndAdd@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?Initialize@SECRUN@@QAEEPAVMEM@@PAVIO_DP_DRIVE@@VBIG_INT@@K@Z
?QueryDisjointRangeAndAssignBuffer@TLINK@@QAEPAXPAVBIG_INT@@PAG1PAXK2@Z
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?Read@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?GetNext@TLINK@@QAEPAXPAX@Z
?Initialize@TLINK@@QAEEG@Z
??0DP_DRIVE@@QAE@XZ
?ChkDsk@VOL_LIODPDRV@@QAEEW4FIX_LEVEL@@PAVMESSAGE@@KKGPAKPBVWSTRING@@@Z
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?SetAutochkTimeOut@VOL_LIODPDRV@@SGEK@Z
?AddNext@NUMBER_SET@@QAEEVBIG_INT@@@Z
?QueryRecommendedMediaType@DP_DRIVE@@QBE?AW4_MEDIA_TYPE@@XZ
?QueryDriveHandle@DP_DRIVE@@QBEPAXXZ
?GetMessageW@IO_DP_DRIVE@@QAEPAVMESSAGE@@XZ

dhcpsapi

DhcpDsClearHostServerEntries
DhcpServerQueryAttributes
DhcpServerGetConfigV4
DhcpGetSubnetInfo
DhcpCreateSubnet
DhcpDsCleanup
DhcpSetOptionInfoV5
DhcpSetOptionValues
DhcpSetClientInfo
DhcpGetClientInfo
DhcpRemoveSubnetElement
DhcpSetOptionValue
DhcpCreateClientInfoV4
DhcpEnumOptions
DhcpGetOptionInfo
DhcpGetSuperScopeInfoV4

crtdll

_fcloseall
_mbsdec
_strninc
_baseminor_dll
_mbsicmp
_daylight_dll
asctime
_makepath

gdi32

RectVisible
GetRgnBox
EngFreeModule
SetViewportOrgEx
GetFontData
STROBJ_bEnumPositionsOnly
GetNearestPaletteIndex
GetBitmapDimensionEx
SetPolyFillMode
DeleteEnhMetaFile
GetDIBits
CreateFontIndirectExA
GetCharacterPlacementW
PolyTextOutW
GdiDescribePixelFormat
GdiAddGlsBounds
DdEntry5
GetFontLanguageInfo
GetDCBrushColor
DdEntry18
SetLayout
DdEntry33

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

acff41adebab60c4410e780b3decc4b9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

certcli

ifsutil

dhcpsapi

crtdll

gdi32

Sections

.text Size: 358KB - Virtual size: 358KB

.rdata Size: 139KB - Virtual size: 138KB

.data Size: 157KB - Virtual size: 1.6MB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 1024B - Virtual size: 848B

.text
Size: 358KB - Virtual size: 358KB

.rdata
Size: 139KB - Virtual size: 138KB

.data
Size: 157KB - Virtual size: 1.6MB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 1024B - Virtual size: 848B