873ff699d519ceff055be74916ee58a05ca60f13ab53e242482bc796c34150ae

Sharing

Copy URL

Twitter E-mail

General

Target

873ff699d519ceff055be74916ee58a05ca60f13ab53e242482bc796c34150ae
Size

46KB
MD5

f5dc3600c43ce0c7e49c848f5f03e13f
SHA1

557c7a272ef83fb84f1b15bad4649404120ae238
SHA256

873ff699d519ceff055be74916ee58a05ca60f13ab53e242482bc796c34150ae
SHA512

e3b25b4626edc16df4f2a0a9bc2923a5709f809e09461a0e0dba6bee9f3f551dd23028e4bf107f17071fe1fdc5e46b10716d438e6acb4d47d790b62eebaf514a
SSDEEP

768:dkqEr1liAfb0gWasvfwRSJylWJpILBYXzfh7gurzcKADm/e0BfD9:dbAj3WYR0wqXzfpdfclm/NBr9

Score

N/A

Malware Config

Signatures

Files

873ff699d519ceff055be74916ee58a05ca60f13ab53e242482bc796c34150ae
.exe windows x86

59f95e95d4b700a6d0d1a93a6cc5d20c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteVolumeMountPointW
FormatMessageW
SetTapeParameters
GetCurrentDirectoryA
SetConsoleLocalEUDC
MapUserPhysicalPagesScatter
GetComputerNameExA
SetCurrentDirectoryA
GetGeoInfoA
BeginUpdateResourceW
CreateEventW
FileTimeToSystemTime
lstrlenA
GetOEMCP
GetDiskFreeSpaceExW
RemoveLocalAlternateComputerNameA
GlobalUnlock
HeapCreate
GetConsoleAliasExesLengthA
GetProcessHeap
VirtualAlloc
GetWriteWatch
GetModuleHandleW
WaitForMultipleObjects
CreateFileMappingA
ReadConsoleOutputAttribute
LoadLibraryA
RtlCaptureContext
GetModuleHandleA
GetModuleHandleExW
GetDateFormatA
GetSystemDirectoryW
LockFile
ExitProcess
CreateActCtxW

ntdll

ZwCreateDirectoryObject
ZwLoadKey2
NtCreateIoCompletion
NtQueryInformationToken
RtlEnlargedUnsignedMultiply
LdrSetAppCompatDllRedirectionCallback
ZwLoadKey
mbstowcs
ZwAssignProcessToJobObject
RtlEnableEarlyCriticalSectionEventCreation
RtlDeleteNoSplay
RtlDeleteElementGenericTableAvl
RtlUnicodeToCustomCPN
LdrLockLoaderLock
RtlDetermineDosPathNameType_U
NtQueryObject
ZwPulseEvent
ZwQuerySymbolicLinkObject
NtSetEvent
NtQueryKey
towupper
ZwIsProcessInJob
RtlSetSecurityObject
_CIsin
NtOpenIoCompletion
NtQuerySystemEnvironmentValueEx
ZwFlushVirtualMemory
RtlTimeFieldsToTime
RtlValidSecurityDescriptor
RtlInterlockedPushEntrySList
RtlIsGenericTableEmptyAvl
__iscsym

oleaut32

SafeArrayCreate
VarUI8FromDate
VarDateFromUdateEx
SafeArrayGetDim
OACreateTypeLib2
SysReAllocStringLen
VarI4FromUI4
VarBstrFromDec
VarI2FromI4
VarBstrFromI1
CreateTypeLib2
QueryPathOfRegTypeLib
VarCyFromR4
SetOaNoCache
DispCallFunc
VarUI8FromUI1
VarUI4FromR8
VarUI2FromUI4
VarBstrFromUI2
VarUI8FromI2
SafeArrayGetUBound
GetAltMonthNames
VarR8FromDate
VarUI2FromDec
VarR4FromStr
VarI1FromUI2
VarUI1FromI2
VarUI2FromI8
VarUI1FromI4

cmutil

?Generate@CRandom@@QAEHXZ
CmRealloc
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
??_FCIniA@@QAEXXZ
CmLoadIconA
CmBuildFullPathFromRelativeA
?SetRegPath@CIniW@@QAEXPBG@Z
?WPPI@CIniA@@QAEXPBD0K@Z
SzToWzWithAlloc
?CIniW_WriteEntryToReg@CIniW@@IBEHPAUHKEY__@@PBG1PBEKK@Z
?GetFile@CIniW@@QBEPBGXZ
CmFmtMsgA
?Start@CmLogFile@@QAEJH@Z
CmLoadStringW
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
?SetEntry@CIniW@@QAEXPBG@Z
?SetSection@CIniA@@QAEXPBD@Z
?SetFile@CIniW@@QAEXPBG@Z
?SetEntry@CIniA@@QAEXPBD@Z
??1CIniW@@QAE@XZ
CmStrtokW
?SetWriteICSData@CIniW@@QAEXH@Z
?GPPI@CIniA@@QBEKPBD0K@Z
CmStripFileNameW
ReleaseBold
CmLoadSmallIconA
CmLoadImageW
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
IsFarEastNonOSR2Win95
?DeInit@CmLogFile@@QAEJXZ
GetOSMajorVersion
GetOSBuildNumber

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59f95e95d4b700a6d0d1a93a6cc5d20c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

oleaut32

cmutil

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB