5d8566e514117af0136c1f13e8b6a5ee2ef717f6494146719e7ab085cf721f7e

Sharing

Copy URL

Twitter E-mail

General

Target

5d8566e514117af0136c1f13e8b6a5ee2ef717f6494146719e7ab085cf721f7e
Size

132KB
MD5

f01985cde903971c8575236fbd913cc5
SHA1

05bdbfb66a69048deea49beee70385d0529c5af7
SHA256

5d8566e514117af0136c1f13e8b6a5ee2ef717f6494146719e7ab085cf721f7e
SHA512

22b0de35d1d3a7aeccf4e8636b0f75b0ef4fabfe6f2be287c64658cf48f02a0bd2748b4b62438bbc3f66caefe425c5f433ab4a9499264779d1fa0f1e923477fc
SSDEEP

3072:ztJYNYiFpiDPwVVKn8CWuoO28FM9ePuIr6vZj/xvXrjD:xJaYiGDakzWuj9M9ePZ2R1nD

Score

N/A

Malware Config

Signatures

Files

5d8566e514117af0136c1f13e8b6a5ee2ef717f6494146719e7ab085cf721f7e
.exe windows x86

52a91e04cea2880255a8404e65423329

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFileTimeToFileTime
GetVolumePathNameW
GetModuleHandleA
GetLocaleInfoA
OpenEventW
CancelTimerQueueTimer
WritePrivateProfileStructW
GetCurrentThread
SetCommState
RemoveDirectoryA
LoadLibraryW
SetFileTime
GetLocalTime
VerifyVersionInfoW
SleepEx

ntmarta

AccProvHandleRevokeAccessRights
AccRewriteSetHandleRights
AccConvertAccessMaskToActrlAccess
AccProvCancelOperation
AccGetAccessForTrustee
AccProvHandleIsObjectAccessible
AccProvGetCapabilities
AccFreeIndexArray
AccConvertSDToAccess
AccProvHandleGrantAccessRights
AccProvRevokeAccessRights
AccRewriteGetHandleRights
AccRewriteSetNamedRights

ifsutil

??1INTSTACK@@UAE@XZ
?GetDrive@SECRUN@@QAEPAVIO_DP_DRIVE@@XZ
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
??0SECRUN@@QAE@XZ
?SetSystemId@LOG_IO_DP_DRIVE@@QAEEE@Z
?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
?DiskCopyMainLoop@@YGHPBVWSTRING@@000EPAVMESSAGE@@1@Z

ws2_32

WSANSPIoctl
WSAAsyncSelect
htonl
WSAStartup
WSACancelAsyncRequest
WSAInstallServiceClassW
WSAJoinLeaf
WSASendTo
WSAEventSelect
WSAStringToAddressA
WSARecvDisconnect
WSAAsyncGetServByPort
WSALookupServiceNextW
WSADuplicateSocketW
WSASocketA
WSASetServiceA
getpeername
WSAIoctl
WSAAddressToStringW
WSAGetServiceClassInfoA
WSAAddressToStringA
WEP
WSAInstallServiceClassA

shell32

StrChrA
SHCreateProcessAsUserW
SHGetDataFromIDListA
SHExtractIconsW
SHUpdateRecycleBinIcon
StrRStrIW
SHGetFileInfoW
SHFreeNameMappings
SHChangeNotify
InternalExtractIconListW
AppCompat_RunDLLW
SHGetFileInfo
SHGetDiskFreeSpaceExA
ShellAboutW
Shell_NotifyIconW
StrRStrA
StrRChrA
FindExecutableA
ShellExecuteEx
SHHelpShortcuts_RunDLLA
ShellHookProc
DllUnregisterServer
StrCmpNIA
SHFormatDrive
FindExecutableW
StrCmpNW
SHLoadNonloadedIconOverlayIdentifiers

w32topl

ToplListNumberOfElements
ToplGraphAddVertex
ToplGetSpanningTreeEdgesForVtx
ToplFree
ToplVertexGetOutEdge
ToplGraphMakeRing
ToplAddEdgeToGraph
ToplEdgeGetWeight
ToplGraphRemoveVertex
ToplHeapCreate
ToplVertexInit
ToplScheduleMaxUnavailable
ToplScheduleMerge
ToplSTHeapExtractMin
ToplEdgeFree
ToplVertexSetId
ToplScheduleNumEntries

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52a91e04cea2880255a8404e65423329

Headers

File Characteristics

Imports

kernel32

ntmarta

ifsutil

ws2_32

shell32

w32topl

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB