6752e5b4223b9590914aa2ca90b9c6d078d2b74fc88a3fc9cf64ae10c7173d26

Sharing

Copy URL

Twitter E-mail

General

Target

6752e5b4223b9590914aa2ca90b9c6d078d2b74fc88a3fc9cf64ae10c7173d26
Size

364KB
MD5

688365c6288891e3a0eeec0439f1f409
SHA1

0b04a73e1068ca9295fd8be4313c9b966e49f9a4
SHA256

6752e5b4223b9590914aa2ca90b9c6d078d2b74fc88a3fc9cf64ae10c7173d26
SHA512

b510c266b6f2ebb5cc6fc9168cc81798205ccb5d4c59f9cf46b8fabe27d362d2dcb2e20091937ef9fa595b09b285111e7e1b47cb33154aa5a18cac1977f16160
SSDEEP

6144:uRPm4SdVsa22zQtU2Cjzpfx3oOIheAvYbmWbLqMCQTd8ptWR9QJ:ineGgwU2C5x3TIYmWbLqMCiUtWM

Score

N/A

Malware Config

Signatures

Files

6752e5b4223b9590914aa2ca90b9c6d078d2b74fc88a3fc9cf64ae10c7173d26
.exe windows x86

26b95ceca57dff3190db26f11936419a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

msdart

??1CLKRLinearHashTable@@QAE@XZ
?WriteLock@CReaderWriterLock@@QAEXXZ
?ReadOrWriteLock@CSpinLock@@QAE_NXZ
?DeleteKey@CLKRHashTable@@QAE?AW4LK_RETCODE@@K@Z
?ReadLock@CFakeLock@@QAEXXZ
?IsUsable@CLKRHashTable@@QBE_NXZ
UMSEnterCSWraper
?TryWriteLock@CReaderWriterLock3@@QAE_NXZ
SetMemHook
?IsLocked@CLockedSingleList@@QBE_NXZ
?IsWriteUnlocked@CReaderWriterLock@@QBE_NXZ
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?ConvertExclusiveToShared@CLKRHashTable@@QBEXXZ
?ReadUnlock@CSpinLock@@QAEXXZ
?SetSpinCount@CReaderWriterLock2@@QAE_NG@Z
??1CSingleList@@QAE@XZ
?_TryWriteLock2@CReaderWriterLock3@@AAE_NXZ
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
?IsWriteLocked@CSpinLock@@QBE_NXZ
?SetTableLockSpinCount@CLKRLinearHashTable@@QAEXG@Z
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_Unlock@CSpinLock@@AAEXXZ
?RemoveTail@CDoubleList@@QAEQAVCListEntry@@XZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
??0CSingleList@@QAE@XZ
MPCSInitialize
?TryWriteLock@CFakeLock@@QAE_NXZ
?Apply@CLKRHashTable@@QAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@@Z
?Clear@CLKRLinearHashTable@@QAEXXZ
?SetSpinCount@CFakeLock@@QAE_NG@Z
?sm_llGlobalList@CLKRHashTable@@0VCLockedDoubleList@@A

iphlpapi

GetUdpStatistics
_PfRemoveGlobalFilterFromInterface@8
GetNumberOfInterfaces
IcmpCloseHandle
IcmpSendEcho2
SendARP
GetIpAddrTable
GetTcpStatisticsEx
GetRTTAndHopCount
_PfRebindFilters@8
GetIfTable
_PfTestPacket@20
AllocateAndGetIpAddrTableFromStack
_PfGetInterfaceStatistics@16
SetTcpEntry
InternalGetIpForwardTable
NotifyAddrChange
NhGetInterfaceNameFromGuid
Icmp6SendEcho2
GetBestInterface
AddIPAddress
_PfRemoveFilterHandles@12
NTTimeToNTPTime
SetIpForwardEntry
CreateIpForwardEntry
DeleteIpForwardEntry
_PfRemoveFiltersFromInterface@20
_PfDeleteInterface@4
InternalSetIpNetEntry
GetAdapterIndex
GetIpStatistics
SetAdapterIpAddress
SetIfEntry
CreateIpNetEntry
GetAdaptersInfo
GetUniDirectionalAdapterInfo
GetIcmpStatistics

kernel32

FindFirstChangeNotificationW
MapUserPhysicalPagesScatter
GetVolumePathNamesForVolumeNameA
RegisterConsoleVDM
CancelWaitableTimer
GetConsoleAliasesLengthA
WritePrivateProfileSectionA
ConsoleMenuControl
LZOpenFileA
PulseEvent
OpenFileMappingA
WriteFileGather
GetLastError
BackupRead
SetUnhandledExceptionFilter
FindResourceW
GetConsoleAliasExesLengthA
TryEnterCriticalSection
ReadConsoleInputExA
GetConsoleAliasesW
GetCurrentThread
OpenConsoleW
GetEnvironmentStrings
GetModuleHandleExA
SetComputerNameExW
VirtualAlloc
SignalObjectAndWait
MoveFileExW
SetThreadUILanguage
GetEnvironmentStringsW
CreateDirectoryExW
GetProcessAffinityMask
LoadLibraryA
FindActCtxSectionStringA
IsDebuggerPresent
Heap32ListNext
HeapCreate
MapUserPhysicalPages
SetThreadExecutionState

ntdll

ZwUnloadDriver
ZwFlushVirtualMemory
RtlDoesFileExists_U
RtlGetSecurityDescriptorRMControl
RtlSetHeapInformation
NtSetInformationThread
_aullshr
RtlInterlockedFlushSList
RtlSetTimer
NtCreateIoCompletion
RtlCompactHeap
_alldvrm
RtlActivateActivationContext
ZwSetQuotaInformationFile
NtQuerySymbolicLinkObject
RtlCreateQueryDebugBuffer
NtReleaseMutant
RtlQueueApcWow64Thread
RtlGetOwnerSecurityDescriptor
RtlSetLastWin32Error
strstr
ZwSaveKeyEx
NtCreateMutant
ZwCreateKeyedEvent
ZwSetInformationProcess
iswspace
NtPulseEvent
NtQueryMutant
ZwCreateProcess
RtlIsActivationContextActive
RtlDeleteRegistryValue
RtlDllShutdownInProgress
ZwQuerySystemEnvironmentValue
NtWaitLowEventPair
RtlNumberGenericTableElements
RtlUpcaseUnicodeToMultiByteN
RtlAreAllAccessesGranted
NtSaveMergedKeys
NtFlushWriteBuffer
RtlIsTextUnicode
RtlGetNtGlobalFlags
RtlExtendedIntegerMultiply
ZwSetInformationToken
ZwSetThreadExecutionState
RtlCopySid
ZwQueryVirtualMemory
NtFsControlFile
ZwCancelIoFile
LdrLockLoaderLock
RtlIdentifierAuthoritySid
ceil
NtTraceEvent
ZwResetWriteWatch
RtlStartRXact
ZwPowerInformation
NtOpenKeyedEvent
LdrGetDllHandleEx
RtlGenerate8dot3Name
wcscat
_aullrem
RtlpNtMakeTemporaryKey
NtSetInformationDebugObject
NtQueryDirectoryFile
RtlImageRvaToVa
RtlRestoreLastWin32Error
RtlCheckForOrphanedCriticalSections
NtConnectPort
_alloca_probe
ZwWriteFileGather
KiUserApcDispatcher
RtlConvertLongToLargeInteger
NtWaitForDebugEvent
vsprintf
RtlDeleteNoSplay
ZwSuspendProcess
_ultoa
ZwCompareTokens
RtlAnsiCharToUnicodeChar
LdrAddRefDll
RtlValidateProcessHeaps

gdi32

FloodFill
GetTextCharacterExtra
GdiConvertRegion
SetWinMetaFileBits
SelectBrushLocal
RemoveFontResourceExW
GetICMProfileA
DdEntry37
GetBoundsRect
RoundRect
GdiConvertBrush
GetSystemPaletteUse
SetBkColor
GetDIBits
GdiPlayEMF
XFORMOBJ_bApplyXform
CreateMetaFileA
GetArcDirection
SetDeviceGammaRamp
GetGlyphIndicesW
FONTOBJ_pQueryGlyphAttrs
SetTextColor
SetPixel
DdEntry43
CreateBrushIndirect
EngDeleteSemaphore
GdiInitSpool
GetCharABCWidthsW
GdiPlayJournal
SetColorSpace
GetTextExtentExPointW
CreateICA
PolyTextOutA
DdEntry17
EnumMetaFile
EngWideCharToMultiByte
AnyLinkedFonts
GetClipRgn
EnumICMProfilesA
EngTextOut

Sections

.text
Size: 90KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 206KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26b95ceca57dff3190db26f11936419a

Headers

File Characteristics

Imports

msdart

iphlpapi

kernel32

ntdll

gdi32

Sections

.text Size: 90KB - Virtual size: 92KB

.rdata Size: 65KB - Virtual size: 68KB

.data Size: 512B - Virtual size: 536KB

.rsrc Size: 206KB - Virtual size: 208KB

.reloc Size: 1024B - Virtual size: 4KB

.text
Size: 90KB - Virtual size: 92KB

.rdata
Size: 65KB - Virtual size: 68KB

.data
Size: 512B - Virtual size: 536KB

.rsrc
Size: 206KB - Virtual size: 208KB

.reloc
Size: 1024B - Virtual size: 4KB