95c2c9e972975831525cc130b2ad4c1d744602e77b552bea34b8bb062f647be9

Sharing

Copy URL Twitter E-mail

General

Target

95c2c9e972975831525cc130b2ad4c1d744602e77b552bea34b8bb062f647be9
Size

832KB
MD5

349eb06527e9e0b7531e3c64cf0f663b
SHA1

1a67fdc6e9b08758c630f825abd742708f2f24e4
SHA256

95c2c9e972975831525cc130b2ad4c1d744602e77b552bea34b8bb062f647be9
SHA512

10bec539eb7dd9da4818f2df416ea0e701c378fcd82858fd8e0336ab8b504212957fbfbe60b806d15f94407ca6f552c75fb3edd6e9e8578158b43aa2ffdfe32a
SSDEEP

24576:jlQ4GleX0UUcqT66IRrWLPwYFj2dWUpvrp7NfiW5blxJD:jatleE5TGRrWLP/Fjw9JrhNfblxJ

Score

N/A

Malware Config

Signatures

Files

95c2c9e972975831525cc130b2ad4c1d744602e77b552bea34b8bb062f647be9
.exe windows x86

c25930846ba2a1e9703424035b66ce0b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetTimeZoneInformation
RegisterConsoleIME
Module32FirstW
CreateSocketHandle
AddLocalAlternateComputerNameA
GetPrivateProfileStructA
CreateEventA
FindAtomA
SetComputerNameA
GetCurrentThread
GetAtomNameW
SystemTimeToFileTime
UTUnRegister
WriteConsoleInputVDMA
GetSystemWindowsDirectoryW
ClearCommBreak
FindResourceExA
TerminateJobObject
WriteConsoleOutputW
GlobalReAlloc
ScrollConsoleScreenBufferA
GetConsoleTitleW
SetUnhandledExceptionFilter
LoadLibraryW
GetModuleHandleW
GetLocaleInfoA
DnsHostnameToComputerNameW
SetConsoleLocalEUDC
CreateMutexW

winscard

SCardGetStatusChangeW
SCardRemoveReaderFromGroupA
SCardIntroduceCardTypeW
ClassInstall32
SCardEstablishContext
SCardAddReaderToGroupA
SCardLocateCardsA
SCardReleaseAllEvents
SCardReleaseStartedEvent
SCardForgetReaderA
SCardAccessStartedEvent
g_rgSCardT0Pci
SCardIntroduceReaderGroupA
SCardControl
SCardIsValidContext
SCardConnectA
SCardListReadersW
SCardGetAttrib

ufat

?IsValidLastWriteTime@FAT_DIRENT@@QBEEXZ
?QueryFreeSectors@REAL_FAT_SA@@QBEKXZ
??1REAL_FAT_SA@@UAE@XZ
?Initialize@EA_SET@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z
?QueryLongName@FATDIR@@QAEEJPAVWSTRING@@@Z
Chkdsk
?Initialize@FILEDIR@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@K@Z
?Initialize@FAT_DIRENT@@QAEEPAX@Z
??1EA_SET@@UAE@XZ
??0EA_SET@@QAE@XZ
??0FILEDIR@@QAE@XZ
??1FILEDIR@@UAE@XZ
??0CLUSTER_CHAIN@@QAE@XZ
??0ROOTDIR@@QAE@XZ
??0EA_HEADER@@QAE@XZ
?QueryCensusAndRelocate@FAT_SA@@QAEEPAU_CENSUS_REPORT@@PAVINTSTACK@@PAE@Z
?QueryLastWriteTime@FAT_DIRENT@@QBEEPAT_LARGE_INTEGER@@@Z
?FreeChain@FAT@@QAEXK@Z
?GetEa@EA_SET@@QAEPAU_EA@@KPAJPAE@Z
?Initialize@FAT_DIRENT@@QAEEPAXE@Z
?QueryName@FAT_DIRENT@@QBEEPAVWSTRING@@@Z
??1FAT_DIRENT@@UAE@XZ
ChkdskEx
?Write@CLUSTER_CHAIN@@UAEEXZ
?IsValidLastAccessTime@FAT_DIRENT@@QBEEXZ
?Initialize@CLUSTER_CHAIN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@PAVFAT_SA@@PBVFAT@@KK@Z

ntdll

RtlpNtQueryValueKey
bsearch
NtQueryEaFile
RtlAppendPathElement
RtlWriteRegistryValue
NtResumeThread
ZwDeleteBootEntry
RtlTimeToSecondsSince1980
ZwDeviceIoControlFile
RtlSetAllBits
ZwSetVolumeInformationFile
RtlUpcaseUnicodeToOemN
qsort
RtlDeleteCriticalSection
NtQueryFullAttributesFile
__isascii
RtlIpv6AddressToStringA
NtSetLowWaitHighEventPair
RtlSetCurrentEnvironment
RtlMoveMemory
ZwDisplayString

msvcrt

_mbsncoll
exit
cosh
__set_app_type
_fileinfo
wcschr
_adj_fprem
_wexecvpe
__getmainargs
__p__commode
ungetc
_outpd
_cputs
__crtCompareStringA

ir41_qcx

FreeInstanceData
CompressFramesInfo
CompressEnd
AllocInstanceData
DllMain
Compress
SetScalability
CompressBegin

Sections

.text
Size: 392KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c25930846ba2a1e9703424035b66ce0b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winscard

ufat

ntdll

msvcrt

ir41_qcx

Sections

.text Size: 392KB - Virtual size: 392KB

.rdata Size: 130KB - Virtual size: 129KB

.data Size: 173KB - Virtual size: 1.6MB

.rsrc Size: 134KB - Virtual size: 133KB

.reloc Size: 1024B - Virtual size: 864B

.text
Size: 392KB - Virtual size: 392KB

.rdata
Size: 130KB - Virtual size: 129KB

.data
Size: 173KB - Virtual size: 1.6MB

.rsrc
Size: 134KB - Virtual size: 133KB

.reloc
Size: 1024B - Virtual size: 864B