5711390fa79b445a631a4b581f4e39e8d5e8d13ae8dd164a9e2d0c2f3952f1e1

Sharing

Copy URL Twitter E-mail

General

Target

5711390fa79b445a631a4b581f4e39e8d5e8d13ae8dd164a9e2d0c2f3952f1e1
Size

828KB
MD5

f0a6a43512960fee126faa1e8647d813
SHA1

084a23b8b0fde32e25296df9d2a8ff224a0440e5
SHA256

5711390fa79b445a631a4b581f4e39e8d5e8d13ae8dd164a9e2d0c2f3952f1e1
SHA512

52c84ef561d5ab15e18c483f199b70d3d23a6886e5e83d5dc2fcfcf8eeeb56e87142eebfad0e9f2f7135c67305613c227e7a8a1138e98882eef158141e0adfab
SSDEEP

24576:wMWTCOog/dBAyXQdPNnRLU2Wr2D1x5ka82LW:wMAhzWlnRE2DziN

Score

N/A

Malware Config

Signatures

Files

5711390fa79b445a631a4b581f4e39e8d5e8d13ae8dd164a9e2d0c2f3952f1e1
.exe windows x86

a161417f633fd8df5cc2dd8665de1d22

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

ClusterNodeGetEnumCount
GetClusterQuorumResource
ClusterRegQueryInfoKey
CreateClusterNotifyPort
SetClusterNetworkPriorityOrder
GetClusterNetInterfaceKey
CloseClusterNetwork
CloseClusterResource
GetNodeClusterState
OpenClusterNetInterface
EvictClusterNodeEx
GetClusterNetworkId
GetClusterResourceKey
DeleteClusterResourceType
CreateClusterGroup
ClusterResourceTypeOpenEnum
GetClusterInformation
AddClusterResourceDependency
ClusterOpenEnum
ClusterRegGetKeySecurity
ClusterNodeCloseEnum
ClusterGetEnumCount
CloseClusterGroup
GetClusterFromNetwork
ClusterRegCloseKey
ClusterControl
CloseCluster

ntdll

CsrFreeCaptureBuffer
RtlTraceDatabaseLock
RtlZombifyActivationContext
RtlAcquireResourceExclusive
RtlCreateUnicodeStringFromAsciiz
RtlReleaseResource
wcsrchr
RtlSetBits
RtlInitString
ZwAlertResumeThread
RtlCaptureContext
toupper
NtQueryEvent
ZwOpenSymbolicLinkObject
ZwPrivilegeCheck
RtlHashUnicodeString
RtlInitializeCriticalSectionAndSpinCount
RtlCreateUserProcess
RtlpNtSetValueKey
ZwFilterToken
NtSetEaFile
PfxInsertPrefix
LdrGetDllHandleEx

kernel32

WriteProfileStringW
RemoveDirectoryA
GetNumberOfConsoleFonts
LockFile
LoadLibraryW
GetCurrentThread
lstrcpyW
SetNamedPipeHandleState
GetLocaleInfoA
Process32FirstW
SetLocalPrimaryComputerNameA
OpenConsoleW
SuspendThread
GetModuleHandleA
HeapWalk
FindNextFileW
WTSGetActiveConsoleSessionId
CancelDeviceWakeupRequest
HeapCreate
CancelTimerQueueTimer
BuildCommDCBA
GetDriveTypeW
FlushInstructionCache
GetThreadTimes

msvcrt

_mbscmp
_spawnvp
_ismbslead
_wfindfirst64
__p__fmode
__p___initenv
_searchenv
_stricoll
_spawnve
_creat
_tzname
free
__getmainargs
_mbsnbicoll
__p__commode
wcsxfrm
_mbscpy
calloc
exit
fread
iswlower
_Strftime
_mbslen
strlen
_pctype
_cwait
__set_app_type
_loaddll
toupper
?unexpected@@YAXXZ
_wcslwr
_ismbcprint

iphlpapi

InternalGetIfTable
AllocateAndGetIpAddrTableFromStack
FlushIpNetTable
_PfUnBindInterface@4
_PfRemoveFilterHandles@12
IcmpSendEcho
GetIfEntry
_PfTestPacket@20
GetFriendlyIfIndex

inetcomm

EssKeyExchPreferenceEncodeEx
MimeOleSMimeCapGetEncAlg
MimeOleGetInternat
HrAthGetFileName
MimeOleSetDefaultCharset
HrGetAttachIcon
MimeOleSetPropA
MimeOleStripHeaders
MimeOleUnEscapeStringInPlace
HrAttachDataFromBodyPart
MimeOleSMimeCapsFromDlg
MimeOleGetBodyPropW
MimeOleGetFileExtension
MimeOleFileTimeToInetDate
MimeOleGetContentTypeExt
HrAttachDataFromFile
MimeOleInetDateToFileTime
EssSecurityLabelEncodeEx
MimeOleClearDirtyTree
MimeOleCreateHeaderTable
MimeEditGetBackgroundImageUrl
CreateIMAPTransport
MimeOleCreateVirtualStream
MimeOleGetPropertySchema
HrGetLastOpenFileDirectory
HrFreeAttachData
MimeOleCreateMessageParts
HrDoAttachmentVerb

user32

RegisterClassW
DefWindowProcW
PostQuitMessage

Sections

.text
Size: 389KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a161417f633fd8df5cc2dd8665de1d22

Headers

DLL Characteristics

File Characteristics

Imports

clusapi

ntdll

kernel32

msvcrt

iphlpapi

inetcomm

user32

Sections

.text Size: 389KB - Virtual size: 389KB

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 173KB - Virtual size: 1.5MB

.rsrc Size: 148KB - Virtual size: 147KB

.reloc Size: 1024B - Virtual size: 792B

.text
Size: 389KB - Virtual size: 389KB

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 173KB - Virtual size: 1.5MB

.rsrc
Size: 148KB - Virtual size: 147KB

.reloc
Size: 1024B - Virtual size: 792B