8aa524d14fe2e3b4d5df6db3fe0f3a652a3dd7aa08af41b068ec9b865d7252d5

Sharing

Copy URL Twitter E-mail

General

Target

8aa524d14fe2e3b4d5df6db3fe0f3a652a3dd7aa08af41b068ec9b865d7252d5
Size

833KB
MD5

8a946662f1f61a6fee2b29f794c8b285
SHA1

2e9baab318eb93bf9b0ecf54ba30e44f57d83d23
SHA256

8aa524d14fe2e3b4d5df6db3fe0f3a652a3dd7aa08af41b068ec9b865d7252d5
SHA512

2f3e27f9cbb9096ae7c268f085775a4883d93e624507539007dfb435a7df6aa83ed69bf49315e192e194ef05658c8d48eee1bd23cfba0c8e602c7d72d8e89963
SSDEEP

24576:7hsQsHOVc1Kwfk0MKRlIv+EC0g7/gn0mp0e9b:YHOVcYkVnl6Zgrg0iP

Score

N/A

Malware Config

Signatures

Files

8aa524d14fe2e3b4d5df6db3fe0f3a652a3dd7aa08af41b068ec9b865d7252d5
.exe windows x86

7c2d330ac74b59fbbfcbfd0683751e33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapistub

GetAttribIMsgOnIStg@12
CloseIMsgSession@4
FBadSortOrderSet@4
OpenTnefStream@28
HrComposeMsgID@24
SetAttribIMsgOnIStg@16
OpenTnefStreamEx
ScRelocProps@20
HrEntryIDFromSz@12
HrGetOmiProvidersFlags
FreeProws@4
WrapProgress@20
FBadRglpszA@8
WrapStoreEntryID@24
FBadRestriction@4
HrSetOneProp@8
FtAdcFt@20
HrAddColumns@16
cmc_logon
InstallFilterHook@4
SzFindLastCh@8
MAPILogonEx@20
UNKOBJ_FreeRows@8
SzFindSz@8

advapi32

SetNamedSecurityInfoA
GetTraceLoggerHandle
GetSidIdentifierAuthority
SetFileSecurityW
EnumServicesStatusExA
LsaLookupPrivilegeName
CryptEnumProviderTypesA
SetPrivateObjectSecurityEx
RegUnLoadKeyW
NotifyChangeEventLog
CredIsMarshaledCredentialA
GetInformationCodeAuthzPolicyW
GetUserNameA
LookupPrivilegeDisplayNameA
PrivilegedServiceAuditAlarmW
CredpConvertTargetInfo
CredGetTargetInfoW
CryptSignHashA
LsaGetUserName
RegOpenKeyExA
EnumDependentServicesW
ImpersonateSelf
LsaSetDomainInformationPolicy
LsaCreateTrustedDomain
GetAccessPermissionsForObjectA
BuildExplicitAccessWithNameW
InitiateSystemShutdownW
GetSecurityDescriptorSacl
RegSaveKeyExW
ConvertSecurityDescriptorToAccessA
OpenBackupEventLogA
LookupAccountNameA
CredMarshalCredentialW
LsaNtStatusToWinError
LogonUserExA
ElfClearEventLogFileA
AddAce
SystemFunction001
LsaDelete
LsaGetSystemAccessAccount
ConvertStringSidToSidA
SetSecurityDescriptorRMControl
WmiFreeBuffer
SaferGetPolicyInformation
SaferRecordEventLogEntry
RegOpenKeyW
ElfOpenEventLogA
IdentifyCodeAuthzLevelW
CryptExportKey
TraceEventInstance
GetWindowsAccountDomainSid

kernel32

GetProcessVersion
GetVolumeNameForVolumeMountPointW
GetDiskFreeSpaceExW
GetExpandedNameA
GetStartupInfoA
GetThreadPriorityBoost
ReleaseSemaphore
FreeLibraryAndExitThread
SetMessageWaitingIndicator
LoadLibraryW
GetCurrentThread
GetLocaleInfoA
OpenWaitableTimerA
GetModuleHandleW
WaitForSingleObjectEx
SetConsoleDisplayMode
InterlockedPopEntrySList
SetFileAttributesA
GetPrivateProfileStructA
CreateDirectoryExW
Thread32Next
BaseInitAppcompatCacheSupport
DeleteVolumeMountPointW
GetConsoleAliasA
ReadConsoleOutputCharacterA
SetConsoleCursorInfo
CompareStringA
GlobalGetAtomNameW
ShowConsoleCursor

untfs

?QueryLcnFromVcn@NTFS_EXTENT_LIST@@QBEEVBIG_INT@@PAV2@1@Z
??0NTFS_CLUSTER_RUN@@QAE@XZ
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@KPAVNTFS_MASTER_FILE_TABLE@@@Z
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
?CompareFileName@NTFS_MFT_INFO@@SGEPAXKPAU_FILE_NAME@@PAG@Z
??1NTFS_REFLECTED_MASTER_FILE_TABLE@@UAE@XZ
?Write@NTFS_FILE_RECORD_SEGMENT@@UAEEXZ
?Initialize@NTFS_BITMAP@@QAEEVBIG_INT@@EPAVLOG_IO_DP_DRIVE@@K@Z
?QueryFlags@NTFS_MFT_INFO@@SGEPAXG@Z
??1NTFS_SA@@UAE@XZ

msvcirt

?sync@strstreambuf@@UAEHXZ
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?x_statebuf@ios@@0PAJA
??_8stdiostream@@7Bistream@@@
??_Diostream@@QAEXXZ
?clrlock@ios@@QAAXXZ
??0strstream@@QAE@XZ
?stossc@streambuf@@QAEXXZ
??_Eifstream@@UAEPAXI@Z
?gcount@istream@@QBEHXZ
??_Eistream_withassign@@UAEPAXI@Z
??_7istrstream@@6B@
??_Gstdiostream@@UAEPAXI@Z
??_7ios@@6B@
??_8strstream@@7Bostream@@@
?doallocate@streambuf@@MAEHXZ
?cin@@3Vistream_withassign@@A
?read@istream@@QAEAAV1@PAEH@Z
??4istream@@IAEAAV0@PAVstreambuf@@@Z

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c2d330ac74b59fbbfcbfd0683751e33

Headers

DLL Characteristics

File Characteristics

Imports

mapistub

advapi32

kernel32

untfs

msvcirt

Sections

.text Size: 369KB - Virtual size: 368KB

.rdata Size: 115KB - Virtual size: 115KB

.data Size: 157KB - Virtual size: 1.6MB

.rsrc Size: 189KB - Virtual size: 188KB

.reloc Size: 1024B - Virtual size: 872B

.text
Size: 369KB - Virtual size: 368KB

.rdata
Size: 115KB - Virtual size: 115KB

.data
Size: 157KB - Virtual size: 1.6MB

.rsrc
Size: 189KB - Virtual size: 188KB

.reloc
Size: 1024B - Virtual size: 872B