73c4ce3d7839b77cddefb41008c5b66e94d16dcdcba5bfd826d7f99019e4ba28

Sharing

Copy URL Twitter E-mail

General

Target

73c4ce3d7839b77cddefb41008c5b66e94d16dcdcba5bfd826d7f99019e4ba28
Size

827KB
MD5

c48406a9e8f91f3e2c71422a4358a923
SHA1

133e87873bbb83e9489b4ab3cfa1009c4e7bde9f
SHA256

73c4ce3d7839b77cddefb41008c5b66e94d16dcdcba5bfd826d7f99019e4ba28
SHA512

e711b4e0cad80454af7f35f9963650f8846bea83367a67533ec5be6cbbc035b21a21a356bff604c5cfffdfabb751fd17949d4baf87a0b67404f0cc582fe785b4
SSDEEP

12288:eKf5AgWnlG97+ZLsmePrgrFk8HJUjESD+YV0yzjvbMa4OKLci+uwQH:tauiQxzgetjnyYV0yzjvYnbcaFH

Score

N/A

Malware Config

Signatures

Files

73c4ce3d7839b77cddefb41008c5b66e94d16dcdcba5bfd826d7f99019e4ba28
.exe windows x86

0d196974a0c1c6aa6dcae6c65d8761a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??0fstream@@QAE@H@Z
??4strstream@@QAEAAV0@AAV0@@Z
??5istream@@QAEAAV0@PAVstreambuf@@@Z
?setmode@ofstream@@QAEHH@Z
??0ifstream@@QAE@XZ
??0iostream@@IAE@ABV0@@Z
?freeze@strstreambuf@@QAEXH@Z
??0ostream_withassign@@QAE@ABV0@@Z
?str@ostrstream@@QAEPADXZ
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
??4iostream@@IAEAAV0@AAV0@@Z
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?bitalloc@ios@@SAJXZ
?base@streambuf@@IBEPADXZ
??4istream@@IAEAAV0@PAVstreambuf@@@Z
?attach@ofstream@@QAEXH@Z
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
?sbumpc@streambuf@@QAEHXZ
??_Glogic_error@@UAEPAXI@Z
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
??4istream@@IAEAAV0@ABV0@@Z
??1strstreambuf@@UAE@XZ
?pbase@streambuf@@IBEPADXZ
??6ostream@@QAEAAV0@C@Z
??0fstream@@QAE@PBDHH@Z
??0ofstream@@QAE@PBDHH@Z
??_Eistrstream@@UAEPAXI@Z

cmutil

?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
?SetICSDataPath@CIniW@@QAEXPBG@Z
??4CmLogFile@@QAEAAV0@ABV0@@Z
CmLoadIconW
?WPPB@CIniW@@QAEXPBG0H@Z
CmRealloc
?SetPrimaryFile@CIniA@@QAEXPBD@Z
?GetFile@CIniW@@QBEPBGXZ
??0CmLogFile@@QAE@XZ
MakeBold
?WPPI@CIniW@@QAEXPBG0K@Z

ifsutil

?Remove@NUMBER_SET@@QAEEVBIG_INT@@@Z
?IsATformat@DP_DRIVE@@QBEEXZ
?QueryNumber@NUMBER_SET@@QBE?AVBIG_INT@@V2@@Z
?CloseDriveHandle@DP_DRIVE@@QAEXXZ
??0SECRUN@@QAE@XZ
?Write@SECRUN@@UAEEXZ
?GetFirst@TLINK@@QAEPAXXZ
?IsFrontEndPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?QueryNtfsSupportInfo@DP_DRIVE@@SGJPAXPAE@Z
?QueryNtfsVersion@IFS_SYSTEM@@SGEPAE0PAVLOG_IO_DP_DRIVE@@PAX@Z
?Initialize@CANNED_SECURITY@@QAEEXZ
?AddStart@NUMBER_SET@@QAEEVBIG_INT@@@Z
?GetNext@TLINK@@QAEPAXPAX@Z
??1DP_DRIVE@@UAE@XZ
?QueryMediaByte@DP_DRIVE@@QBEEXZ
??0READ_WRITE_CACHE@@QAE@XZ
??0NUMBER_SET@@QAE@XZ
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?RemoveAll@SPARSE_SET@@QAEEXZ
??0CANNED_SECURITY@@QAE@XZ
?Initialize@READ_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?Set@BIG_INT@@QAEXEPBE@Z
?AddDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?GetMessageW@SUPERAREA@@QAEPAVMESSAGE@@XZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@0@Z

crypt32

I_CertUpdateStore
CryptDecodeObject
CryptHashPublicKeyInfo
CertOIDToAlgId
RegEnumValueU
CertCreateCertificateChainEngine
CryptSIPRetrieveSubjectGuid
CertDuplicateCertificateChain
CryptLoadSip
CertCompareCertificate
CryptEncodeObjectEx
I_CryptAddRefLruEntry
CertGetNameStringW
CertFindCTLInStore
CertRemoveEnhancedKeyUsageIdentifier
CryptVerifyMessageHash
CertSerializeCertificateStoreElement
CryptMsgGetParam
CertEnumCTLsInStore
CryptHashCertificate
CertUnregisterSystemStore
I_CertProtectFunction
CryptMsgClose
I_CertSrvProtectFunction
CertSetCTLContextProperty
CryptDecryptAndVerifyMessageSignature
I_CryptSetTls
CryptGetOIDFunctionValue
CryptUnregisterOIDInfo
CryptCreateAsyncHandle

kernel32

HeapDestroy
SetConsoleCursorInfo
SetThreadPriorityBoost
WaitNamedPipeW
GetTempFileNameA
GetCommModemStatus
CreateJobSet
GetModuleHandleW
SignalObjectAndWait
GetProfileIntW
LoadLibraryW
GetCurrencyFormatA
GetLocaleInfoW
GetCurrentThread
GetNamedPipeInfo
SetConsolePalette

w32topl

ToplEdgeDestroy
ToplVertexFree
ToplEdgeCreate
ToplVertexNumberOfInEdges
ToplIterGetObject
ToplIsToplException
ToplHeapCreate
ToplEdgeGetToVertex
ToplEdgeInit
ToplSTHeapInit
ToplMakeGraphState
ToplHeapInsert
ToplListRemoveElem
ToplScheduleMerge
ToplEdgeFree

wsnmp32

SnmpGetRetransmitMode
SnmpCleanup
SnmpGetLastError
_SnmpConveyAgentAddress@4
SnmpOidCopy
SnmpEncodeMsg
SnmpContextToStr
SnmpCreatePdu
SnmpFreeEntity
SnmpRegister
SnmpStartup
SnmpSetVb
SnmpOidCompare
SnmpSetRetransmitMode
SnmpEntityToStr
SnmpSetPort

netapi32

I_NetLogonSamLogonEx
NetServiceControl
NetGroupDelUser
DsRoleGetDatabaseFacts
RxNetAccessGetUserPerms
NetServiceGetInfo
DsGetDcNameWithAccountA
I_BrowserDebugTrace
NetGroupSetUsers
NetRenameMachineInDomain
NetServerSetInfo

Sections

.text
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d196974a0c1c6aa6dcae6c65d8761a9

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

cmutil

ifsutil

crypt32

kernel32

w32topl

wsnmp32

netapi32

Sections

.text Size: 358KB - Virtual size: 358KB

.rdata Size: 124KB - Virtual size: 123KB

.data Size: 189KB - Virtual size: 1.6MB

.rsrc Size: 153KB - Virtual size: 153KB

.reloc Size: 1024B - Virtual size: 904B

.text
Size: 358KB - Virtual size: 358KB

.rdata
Size: 124KB - Virtual size: 123KB

.data
Size: 189KB - Virtual size: 1.6MB

.rsrc
Size: 153KB - Virtual size: 153KB

.reloc
Size: 1024B - Virtual size: 904B