5efc8cfa364e878603579af46b70e421c34bbdf031d85b4f9ba484d3a392d698

Sharing

Copy URL

Twitter E-mail

General

Target

5efc8cfa364e878603579af46b70e421c34bbdf031d85b4f9ba484d3a392d698
Size

137KB
MD5

52feed695e606b7108247f73379aaf50
SHA1

a18ab1030ab7152746d8e3cac85adb975c245db1
SHA256

5efc8cfa364e878603579af46b70e421c34bbdf031d85b4f9ba484d3a392d698
SHA512

2b01b69ddb4b9106f726023d7f86a7bb1533207f2c4775e0a0685e0ae75d96fca19d25d8ee77c58f5dd2a6d5e676fb466dea6da5f5f2d728567ea43abf6783d8
SSDEEP

3072:ZIdZw+5L3184LB6jplrcXcBZqXH85e30Lf:ZIDw+B18MIt1dBZH7f

Score

N/A

Malware Config

Signatures

Files

5efc8cfa364e878603579af46b70e421c34bbdf031d85b4f9ba484d3a392d698
.exe windows x86

995eb96937b56063704bd9f5332f48af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

vssapi

?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
??1CVssJetWriter@@UAE@XZ
IsVolumeSnapshotted
?Subscribe@CVssWriter@@QAGJK@Z
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?AreComponentsSelected@CVssWriter@@IBG_NXZ
??0CVssWriter@@QAE@XZ
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
??1CVssWriter@@UAE@XZ
?OnVSSShutdown@CVssWriter@@UAG_NXZ
??0CVssJetWriter@@QAE@XZ
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnThawBegin@CVssJetWriter@@UAG_NXZ
?OnBackupCompleteEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
VssFreeSnapshotProperties
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z

kernel32

FormatMessageA
RegisterWowBaseHandlers
_hwrite
GetEnvironmentVariableA
WritePrivateProfileStringW
GetConsoleAliasA
lstrcat
GetFileTime
HeapAlloc
RegisterConsoleIME
GetLocaleInfoW
ReleaseMutex
LeaveCriticalSection
GlobalUnWire
GetACP
CancelWaitableTimer
AddConsoleAliasA
GetCurrentThread
LocalLock
LocalFree
GetModuleHandleW
ReadConsoleInputExW
FindFirstVolumeW
LoadLibraryW
SetFileAttributesW
VerSetConditionMask
LocalFileTimeToFileTime

snmpapi

SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToUTF8
SnmpSvcAddrToSocket
SnmpUtilPrintOid
SnmpUtilVarBindCpy
SnmpUtilVarBindListCpy
SnmpUtilAsnAnyCpy
SnmpUtilOidCmp
SnmpTfxQuery
SnmpUtilVarBindFree
SnmpUtilMemFree
SnmpUtilOctetsCpy
SnmpSvcGetEnterpriseOID
SnmpUtilAsnAnyFree
SnmpSvcSetLogType
SnmpUtilMemReAlloc
SnmpUtilDbgPrint
SnmpUtilAnsiToUnicode
SnmpUtilOidFree
SnmpUtilVarBindListFree
SnmpSvcInitUptime
SnmpTfxClose
SnmpUtilOidNCmp

ws2_32

gethostbyaddr
getaddrinfo
htons
WSAInstallServiceClassA
WSAWaitForMultipleEvents
WSAAsyncGetProtoByNumber
__WSAFDIsSet
WSAGetServiceClassNameByClassIdA
WSAJoinLeaf
ntohl
WSAEnumNetworkEvents
WSAStringToAddressA
WSAAsyncGetServByPort
WSACancelBlockingCall
WSASetEvent
gethostname
WSAAddressToStringA
WSASend
WSAUnhookBlockingHook
WSCGetProviderPath
WSAAsyncGetProtoByName
WSAAsyncGetHostByName
WSASetServiceA
ntohs

winmm

midiStreamPosition
joySetCapture
waveOutGetNumDevs
mmioStringToFOURCCW
waveInGetID
midiStreamStop
mciSendStringA
WOW32ResolveMultiMediaHandle
timeGetTime
GetDriverModuleHandle
mciGetYieldProc
mmTaskYield
midiInGetErrorTextW
waveOutClose
midiInGetID
joyGetNumDevs
midiConnect
waveOutGetDevCapsW
mmioSetBuffer
waveInGetErrorTextW
midiOutLongMsg
joyGetPos
waveOutGetID
mciDriverNotify
mciGetErrorStringW
wod32Message
waveOutSetPlaybackRate
mxd32Message

user32

GetKeyboardLayoutNameW
DragObject
TabbedTextOutA
GetSubMenu
DdeNameService
DdeAccessData
WaitForInputIdle
CharToOemW
InSendMessage
SystemParametersInfoA
SendNotifyMessageW
GetDCEx
SetWindowContextHelpId
MapVirtualKeyW
GetWindowContextHelpId
SetPropA
GetGUIThreadInfo
AnimateWindow
IsDialogMessageW
LoadKeyboardLayoutEx

cryptext

CryptExtAddSPC
CryptExtAddP7RW
CryptExtOpenCRLW
CryptExtAddPFX
CryptExtOpenCATW
CryptExtOpenCERW
CryptExtOpenPKCS7W
CryptExtAddCTLW
CryptExtOpenP7R
DllUnregisterServer
CryptExtOpenSTR
CryptExtOpenSTRW
CryptExtOpenCRL
CryptExtAddCTL
CryptExtOpenCER
CryptExtOpenCAT
CryptExtAddCRL
CryptExtOpenCTLW
CryptExtOpenPKCS7
CryptExtOpenCTL
CryptExtAddCERW
CryptExtOpenP7RW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

995eb96937b56063704bd9f5332f48af

Headers

File Characteristics

Imports

vssapi

kernel32

snmpapi

ws2_32

winmm

user32

cryptext

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 27KB - Virtual size: 27KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 6KB - Virtual size: 5KB