75684586b33edae5fa2cc4e1417b08863d0786265afd990826a9643205ddab11

Sharing

Copy URL Twitter E-mail

General

Target

75684586b33edae5fa2cc4e1417b08863d0786265afd990826a9643205ddab11
Size

829KB
MD5

d800e279558a07ce49594ea0f1d2fa8d
SHA1

02167c45ab7af261c517930295cb4e522e88b841
SHA256

75684586b33edae5fa2cc4e1417b08863d0786265afd990826a9643205ddab11
SHA512

9bac2a62f2f04b060ef86b36e3f8135bad0fe9c6e7b59b7d369b0723c44a2b5d80974e65308eb0456e7d4297553541de998a630e74784ed2439339f0bee54696
SSDEEP

24576:puWTvqcErFgST6mqxc5tsmE5HCyQUI/C:p/LbErFgwWW5KmGHCyQU

Score

N/A

Malware Config

Signatures

Files

75684586b33edae5fa2cc4e1417b08863d0786265afd990826a9643205ddab11
.exe windows x86

88c5c1544d00e276b31a173ab43aca7c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlCreateActivationContext
NtReleaseSemaphore
ZwRenameKey
ZwCallbackReturn
NtUnloadKeyEx
RtlLocalTimeToSystemTime
ZwOpenKeyedEvent
RtlpNtQueryValueKey
RtlGetProcessHeaps
RtlIsGenericTableEmpty
NtFindAtom
RtlDeleteTimerQueue
RtlCopySecurityDescriptor
ZwSetDebugFilterState
ZwSetIoCompletion
_atoi64
NtQuerySecurityObject
RtlUpcaseUnicodeToOemN
ZwResetEvent
sin
ZwQueryDefaultLocale
strcspn
ZwAccessCheckByTypeResultListAndAuditAlarm
ZwSetVolumeInformationFile
RtlTimeToSecondsSince1970
PfxFindPrefix
ZwQueryDirectoryFile
RtlQueryProcessHeapInformation
_allrem
NlsMbCodePageTag
DbgUiStopDebugging
NtQueryQuotaInformationFile
ZwAllocateUuids
ZwQueryInstallUILanguage
RtlSetUserFlagsHeap
NtOpenSemaphore
NtQueryPortInformationProcess
_memicmp
_aulldiv
ZwFlushWriteBuffer
RtlProtectHeap
_fltused
ZwCreatePagingFile

gdi32

AngleArc
PlayMetaFile
DdEntry30
GetObjectType
EngCreateDeviceSurface
GdiPlayPageEMF
GetTextExtentExPointA
AddFontResourceA
GdiPlayEMF
GetCharWidthFloatW
PaintRgn
SetLayoutWidth
GetRegionData
NamedEscape
GetStretchBltMode
PATHOBJ_bEnumClipLines
SetICMProfileW
DdEntry22
SetPolyFillMode
PolyTextOutW
GdiGradientFill
AbortDoc
SetBitmapAttributes
ResetDCW
GetSystemPaletteUse
CreateSolidBrush
SetEnhMetaFileBits
SetArcDirection

kernel32

EscapeCommFunction
MulDiv
GetFileAttributesA
SetFileApisToANSI
GetProcessWorkingSetSize
TransmitCommChar
GetProcAddress
ExitVDM
GetLogicalDriveStringsW
SetCommMask
LocalReAlloc
DuplicateConsoleHandle
WriteConsoleW
CreateToolhelp32Snapshot
GlobalAddAtomA
RaiseException
LoadLibraryW
SetConsoleCtrlHandler
GlobalFindAtomW
Process32FirstW
lstrlenW
FreeLibraryAndExitThread
VirtualQueryEx
SetLastError
OpenMutexW
InterlockedPopEntrySList
GetConsoleCommandHistoryLengthW
_lclose
SetThreadExecutionState

cmutil

CmAtolA
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
CmBuildFullPathFromRelativeW
CmStrCatAllocA
CmStrCatAllocW
?SetRegPath@CIniA@@QAEXPBD@Z
?GetRegPath@CIniW@@QBEPBGXZ
CmLoadImageW
CmStrtokA
CmLoadStringW
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
GetOSVersion
CmMoveMemory
CmConvertRelativePathW
?GetPrimaryFile@CIniW@@QBEPBGXZ
?CIniA_GetEntryFromReg@CIniA@@IBEPAEPAUHKEY__@@PBD1KK@Z
?GetPrimaryRegPath@CIniW@@QBEPBGXZ
?GetPrimaryFile@CIniA@@QBEPBDXZ
CmLoadSmallIconW
??4CRandom@@QAEAAV0@ABV0@@Z
?Write@CmLogFile@@AAEJPAG@Z
?SetWriteICSData@CIniA@@QAEXH@Z
?WPPB@CIniW@@QAEXPBG0H@Z
CmRealloc
??4CIniA@@QAEAAV0@ABV0@@Z

mmcbase

?Throw@SC@mmcerror@@QAEXXZ
?InternalAddRef@CMMCStrongReferences@@AAEKXZ
?FatalError@SC@mmcerror@@QBEXXZ
?ScFromMMC@@YG?AVSC@mmcerror@@J@Z
??4CEventBuffer@@QAEAAV0@ABV0@@Z
?Release@CMMCStrongReferences@@SGKXZ
?s_pDispatcher@CConsoleEventDispatcherProvider@@0PAVCConsoleEventDispatcher@@A
?SetMainThreadID@SC@mmcerror@@SGXK@Z
??BSC@mmcerror@@QBE_NXZ
?FromMMC@SC@mmcerror@@QAEAAV12@J@Z
?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z
?FromWin32@SC@mmcerror@@QAEAAV12@J@Z

crtdll

_scalb
_msize
asctime
sprintf
qsort
_ismbbalpha
wcsxfrm
sinh
_osmajor_dll

Sections

.text
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88c5c1544d00e276b31a173ab43aca7c

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

gdi32

kernel32

cmutil

mmcbase

crtdll

Sections

.text Size: 403KB - Virtual size: 402KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 165KB - Virtual size: 1.6MB

.rsrc Size: 151KB - Virtual size: 150KB

.reloc Size: 1024B - Virtual size: 860B

.text
Size: 403KB - Virtual size: 402KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 165KB - Virtual size: 1.6MB

.rsrc
Size: 151KB - Virtual size: 150KB

.reloc
Size: 1024B - Virtual size: 860B