804be4e289c752580117895ff1b10e617be499f242efc88dd9b95837fb1fdc4c

Sharing

Copy URL Twitter E-mail

General

Target

804be4e289c752580117895ff1b10e617be499f242efc88dd9b95837fb1fdc4c
Size

49KB
MD5

77e18c918699034b38dd523dbbbffba4
SHA1

962090846c8b959ba63cef4631acb4f24ae27e8a
SHA256

804be4e289c752580117895ff1b10e617be499f242efc88dd9b95837fb1fdc4c
SHA512

2a2a0176c316e0880489dbc3f97ba4b1066e4ec26681eade4afedd24fa12b6dce1af6323f32c2ffd33b6bb2544e1323ce666a13f0509aa4bc2ec7f4a8a5fcffc
SSDEEP

768:bJb5yQ9K6urmYnn6Cu6+NTyiK0k1M2/wfv0iru0QfjFJgVq4ytfrlyfN1p:pBurL26uGGUofv0ioRoPERyfN1p

Score

N/A

Malware Config

Signatures

Files

804be4e289c752580117895ff1b10e617be499f242efc88dd9b95837fb1fdc4c
.exe windows x86

d27c5e76bd5d4af0c8ff26102c8b54b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

WTHelperGetProvCertFromChain
WTHelperGetKnownUsages
CatalogCompactHashDatabase
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcStatementTypeEncode
WintrustCertificateTrust
WVTAsn1SpcLinkEncode
WinVerifyTrust
TrustOpenStores
SoftpubLoadMessage
WintrustRemoveActionID
WVTAsn1SpcLinkDecode
CryptCATAdminCalcHashFromFileHandle
CryptSIPRemoveSignedDataMsg
WVTAsn1SpcMinimalCriteriaInfoEncode
WVTAsn1CatMemberInfoDecode
WVTAsn1SpcSpAgencyInfoDecode
DriverCleanupPolicy
CryptCATPutCatAttrInfo
CryptCATEnumerateAttr
WVTAsn1SpcIndirectDataContentDecode
OpenPersonalTrustDBDialogEx
SoftpubDllUnregisterServer
WVTAsn1SpcFinancialCriteriaInfoEncode
SoftpubAuthenticode

crtdll

strcspn
_strcmpi
_timezone_dll
fgetpos
_finite
wcstol
_seterrormode
_getdllprocaddr
_fgetwchar
fread
_CIatan2
_mbccpy
_strlwr
_fgetchar
_open
_strnextc
_sopen
_c_exit
mbtowc
wctomb
_baseversion_dll
_CIfmod
_beep
_clearfp
floor
ftell
_strinc
_sleep
_getpid
_yn
strrchr
raise
_tzname
abs
_mbscmp
_mbsncat
_CIsin
_mbstok
_logb
fseek

msvcrt40

?sh_write@filebuf@@2HB
fopen
_daylight
??0streambuf@@QAE@ABV0@@Z
?bad@ios@@QBEHXZ
?text@filebuf@@2HB
?setrwbuf@stdiobuf@@QAEHHH@Z
raise
__toascii
_nextafter
??5istream@@QAEAAV0@AAC@Z
_vsnwprintf
??_7iostream@@6B@
__threadid
??1strstreambuf@@UAE@XZ
?get@istream@@QAEAAV1@AAD@Z
??_7streambuf@@6B@
?ends@@YAAAVostream@@AAV1@@Z
??1istream@@UAE@XZ
swscanf
_umask
?dbp@streambuf@@QAEXXZ
??4strstream@@QAEAAV0@AAV0@@Z
__p__iob
?attach@ifstream@@QAEXH@Z
_inp
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
?is_open@filebuf@@QBEHXZ
?setmode@filebuf@@QAEHH@Z
??5istream@@QAEAAV0@PAD@Z
fread
memchr
??0iostream@@IAE@XZ
_mbsspn
__argv
_adj_fdiv_m16i
iswlower
_mbsninc
?tellg@istream@@QAEJXZ
_wspawnl
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
_adj_fdivr_m16i
_wfdopen

wldap32

ldap_compare_ext
ldap_compare_extW
ldap_extended_operation
ldap_next_entry
ldap_search_sW
cldap_openW
ber_bvecfree
ldap_perror
ldap_parse_page_controlW
ldap_modify_extW
ldap_sasl_bind_sW
ldap_create_vlv_controlA
ldap_rename_ext_sA
LdapUTF8ToUnicode
ldap_get_values_len
ldap_next_attributeW
ldap_dn2ufnA
ldap_rename_extA
ldap_get_next_page_s
ldap_get_dnA
ldap_connect
ldap_add_ext_sW
ldap_memfree
ldap_bind_s
ldap_bind_sA

rtutils

TraceGetConsoleW
TraceVprintfExW
RouterLogEventDataW
TraceDeregisterA
RouterLogEventStringA
TraceDeregisterExW
TracePrintfExA
TraceDeregisterExA
MprSetupProtocolEnum
MprSetupProtocolFree
RouterLogEventExA
TraceDumpExA
TracePrintfExW
LogEventW
RouterLogRegisterA
TracePrintfA
LogErrorW
RouterLogRegisterW
TracePrintfW
RouterGetErrorStringW
TraceDeregisterW
LogErrorA
RouterLogDeregisterA
RouterLogEventStringW
TraceGetConsoleA
TracePutsExW
TraceRegisterExW
TraceRegisterExA
RouterLogDeregisterW
RouterGetErrorStringA
TracePutsExA
RouterLogEventValistExA
RouterLogEventDataA
TraceDumpExW
RouterLogEventExW

kernel32

SetCommTimeouts
lstrlenW
ExpungeConsoleCommandHistoryA
WriteProfileSectionW
LoadLibraryA
SetStdHandle
GetCalendarInfoA
MoveFileWithProgressA
CreateProcessInternalA
Heap32Next
WTSGetActiveConsoleSessionId
DeleteVolumeMountPointW
VirtualFreeEx
SetUnhandledExceptionFilter
CloseConsoleHandle
SetSystemTime
GetNamedPipeInfo
InvalidateConsoleDIBits
GetConsoleCursorMode
InterlockedExchangeAdd
GetStartupInfoA
GetShortPathNameW
lstrcmp
SetConsoleWindowInfo
ReadConsoleW
GetFileTime
GetCommTimeouts
CreateDirectoryW
SetThreadIdealProcessor
VirtualAlloc
InitializeCriticalSection
CreateDirectoryExA
IsValidCodePage
EnumLanguageGroupLocalesW
GetCPInfoExW
QueryDosDeviceW
GetGeoInfoA
Module32First
GlobalFindAtomA
ChangeTimerQueueTimer

ifsutil

?DumpHashTable@SPARSE_SET@@QAEXXZ
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
?CheckAndAdd@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
??0SUPERAREA@@IAE@XZ
??0VOL_LIODPDRV@@IAE@XZ
??0CANNED_SECURITY@@QAE@XZ
??1NUMBER_SET@@UAE@XZ
??0READ_CACHE@@QAE@XZ
?QueryDriveHandle@DP_DRIVE@@QBEPAXXZ
?Format@VOL_LIODPDRV@@QAE?AW4FORMAT_ERROR_CODE@@PBVWSTRING@@PAVMESSAGE@@KKK@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?ChkDsk@VOL_LIODPDRV@@QAEEW4FIX_LEVEL@@PAVMESSAGE@@KKGPAKPBVWSTRING@@@Z
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?NtDriveNameToDosDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?IsATformat@DP_DRIVE@@QBEEXZ
??1DP_DRIVE@@UAE@XZ
??0READ_WRITE_CACHE@@QAE@XZ
?Read@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??1SUPERAREA@@UAE@XZ
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
?Sort@TLINK@@QAEXXZ
?PushEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0@Z
?DiskCopyMainLoop@@YGHPBVWSTRING@@000EPAVMESSAGE@@1@Z
?Set@BIG_INT@@QAEXEPBE@Z
?QueryDisjointRange@NUMBER_SET@@QBEXKPAVBIG_INT@@0@Z
?Initialize@SPARSE_SET@@QAEEXZ
?Recover@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@0@Z
?ComputeVolId@SUPERAREA@@SGKK@Z
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?Pop@INTSTACK@@QAEXK@Z
??0NUMBER_SET@@QAE@XZ
?DoesIntersectSet@NUMBER_SET@@QBEEVBIG_INT@@0@Z
?GetMessageW@IO_DP_DRIVE@@QAEPAVMESSAGE@@XZ

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d27c5e76bd5d4af0c8ff26102c8b54b9

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

crtdll

msvcrt40

wldap32

rtutils

kernel32

ifsutil

Sections

.text Size: 33KB - Virtual size: 33KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 17KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 33KB - Virtual size: 33KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 17KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B