5ff41913652b68b844fc4f26380bee355f04d285ae695dbba88afbe814a9e196

Sharing

Copy URL Twitter E-mail

General

Target

5ff41913652b68b844fc4f26380bee355f04d285ae695dbba88afbe814a9e196
Size

142KB
MD5

ac70c8bb14973e5bf50ac49c95818a59
SHA1

48cd30d0c45e7bf0879eada4c579e44c30fb36c6
SHA256

5ff41913652b68b844fc4f26380bee355f04d285ae695dbba88afbe814a9e196
SHA512

bf7d3b104a25f077e83659c8a62cbc22ee7088d7ae3fc52b92194091d706012d55d966329fb76cddd6819d4ade8e6b198756d1764ebfefe770c0fbb0f088fc71
SSDEEP

3072:n3PFwWZX3L433Sdz4bojnE/yndNvUx26OQHamwzOWFOY3RFu:3PiYESdz4botfQ26OQ9wPzu

Score

N/A

Malware Config

Signatures

Files

5ff41913652b68b844fc4f26380bee355f04d285ae695dbba88afbe814a9e196
.exe windows x86

3f32a93e3f701443d90a485b76497da2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyn
GetCPInfo
_hread
OpenJobObjectW
GetTimeZoneInformation
GetModuleHandleA
GetProcessAffinityMask
GetModuleHandleW
GetCalendarInfoA
IsDBCSLeadByteEx
VDMOperationStarted
GetLocaleInfoA
LoadLibraryW
GetMailslotInfo
FindFirstFileA
CloseConsoleHandle
CreateSemaphoreA
GlobalGetAtomNameA
GetProfileIntA
CloseHandle
GetCurrentThread
BackupSeek
QueueUserWorkItem
UpdateResourceW
DisconnectNamedPipe
Heap32ListNext
GetThreadPriorityBoost
MapUserPhysicalPages

usp10

ScriptGetGlyphABCWidth
UspAllocTemp
ScriptShape
ScriptStringCPtoX
ScriptGetFontProperties
ScriptStringOut
ScriptStringGetOrder
UspAllocCache
ScriptLayout
LpkPresent
UspFreeMem
ScriptJustify
ScriptCacheGetHeight
ScriptStringXtoCP
ScriptStringFree
ScriptStringValidate
ScriptString_pcOutChars

snmpapi

SnmpUtilUnicodeToUTF8
SnmpUtilOidToA
SnmpUtilOctetsFree
SnmpUtilPrintOid
SnmpUtilOidCmp
SnmpUtilVarBindListCpy
SnmpTfxQuery
SnmpUtilOidCpy
SnmpUtilOidFree
SnmpUtilVarBindFree
SnmpUtilAsnAnyFree
SnmpUtilPrintAsnAny
SnmpUtilOctetsNCmp
SnmpUtilOctetsCpy
SnmpUtilMemAlloc
SnmpUtilAnsiToUnicode
SnmpSvcGetEnterpriseOID
SnmpSvcInitUptime
SnmpUtilOidAppend
SnmpSvcAddrToSocket
SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToAnsi
SnmpSvcAddrIsIpx

shell32

SHGetFolderLocation
StrRChrW
ShellHookProc
DragQueryFileW
RealShellExecuteExA
StrRChrA
SHEnableServiceObject
StrRStrIA
PrintersGetCommand_RunDLL
StrChrIW
DllUnregisterServer
StrStrA
ShellExec_RunDLLW
StrRChrIA
RealShellExecuteExW
SHCreateShellItem

ifsutil

?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
??1VOL_LIODPDRV@@UAE@XZ
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@E@Z
??0SECRUN@@QAE@XZ
?Write@SECRUN@@UAEEXZ
?AddEdge@DIGRAPH@@QAEEKK@Z
??0TLINK@@QAE@XZ
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?CheckAndRemove@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z

mciseq

DriverProc

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f32a93e3f701443d90a485b76497da2

Headers

File Characteristics

Imports

kernel32

usp10

snmpapi

shell32

ifsutil

mciseq

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 280B

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 280B

.rsrc
Size: 9KB - Virtual size: 8KB