56809d376f5046a2932b4aab05eb5aaf1699d04684afde1999e2678514803c64

Sharing

Copy URL Twitter E-mail

General

Target

56809d376f5046a2932b4aab05eb5aaf1699d04684afde1999e2678514803c64
Size

825KB
MD5

8c18717148d83f90e207ff7d7ee8277c
SHA1

a7a4cd21a9ee563a3538a664bc3e62cc2bfd6e72
SHA256

56809d376f5046a2932b4aab05eb5aaf1699d04684afde1999e2678514803c64
SHA512

baea40897826107dc3741aebddab630e322e5fe62bf1a3c5f743ab372ba10b9c329a994ae916892fd28d4bcee057f4bd93298a5b158bf67f76693d3bc261ec0c
SSDEEP

24576:7PPSRNNT49NOouQ0eEX1nteGIEBpmr6+/H3:7PsTkOLQoeG9fpG

Score

N/A

Malware Config

Signatures

Files

56809d376f5046a2932b4aab05eb5aaf1699d04684afde1999e2678514803c64
.exe windows x86

7c1dd484b9befdd8549055c12dd03101

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapistub

ScUNCFromLocalPath@12
FtSubFt@16
MAPIInitialize@4
ScInitMapiUtil@4
BMAPIAddress
HrDispatchNotifications@4
MAPISendDocuments
FtAddFt@16
MAPILogoff
cmc_act_on
BMAPIGetAddress
HrSzFromEntryID@12
UlAddRef@4
MAPIAdminProfiles
ScCopyProps@16
MNLS_IsBadStringPtrW@8
cmc_logon
HrGetOneProp@12
MAPIInitialize
OpenStreamOnFile
ScMAPIXFromSMAPI
IsBadBoundedStringPtr@8
MAPIAddress
FtgRegisterIdleRoutine@20
CbOfEncoded@4

kernel32

GetFileSizeEx
GetModuleHandleW
IsProcessInJob
GetLocaleInfoA
GlobalGetAtomNameA
WriteConsoleOutputW
GetConsoleMode
GetPrivateProfileSectionW
GetCurrentActCtx
DosPathToSessionPathA
SetCurrentDirectoryW
GetFileAttributesExA
DeactivateActCtx
BuildCommDCBA
IsDBCSLeadByteEx
FindNextVolumeMountPointA
MoveFileWithProgressA
LoadLibraryW
DefineDosDeviceW
Heap32ListFirst
SetVolumeLabelA
GetConsoleFontInfo
SetFilePointerEx
ReadConsoleOutputAttribute
GetShortPathNameA
GetFileSize
MapUserPhysicalPagesScatter
GetModuleHandleExW
LocalAlloc
RegisterConsoleVDM
EnumResourceLanguagesW
HeapUnlock
GetTempPathW
GetPrivateProfileIntW
GetConsoleCursorInfo
AttachConsole
WriteProcessMemory
DelayLoadFailureHook
FileTimeToDosDateTime
GetCPInfoExA
EnumLanguageGroupLocalesA
CancelWaitableTimer
EndUpdateResourceA
SetUserGeoID
GetCurrentThread
SetLastConsoleEventActive
GetConsoleCursorMode
GetConsoleAliasesLengthA
GetFullPathNameA
SetErrorMode
DnsHostnameToComputerNameA
IsDBCSLeadByte

dhcpcsvc

DhcpNotifyConfigChangeEx
McastApiCleanup
McastGenUID
DhcpDeRegisterOptions
DhcpAcquireParameters
DhcpDeRegisterParamChange
DhcpReleaseIpAddressLeaseEx
DhcpHandlePnPEvent
DhcpRenewIpAddressLease
McastRenewAddress
DhcpRequestOptions
DhcpLeaseIpAddress
McastEnumerateScopes
DhcpFallbackRefreshParams
McastApiStartup

mscat32

CryptCATEnumerateAttr
DllRegisterServer
CryptCATEnumerateCatAttr
CryptCATCDFEnumCatAttributes
CryptCATPersistStore
CryptCATGetMemberInfo
CryptCATPutAttrInfo
MsCatFreeHashTag
CryptCATCDFEnumAttributes
CryptCATHandleFromStore
CryptCATCDFEnumAttributesWithCDFTag
CryptCATCDFEnumMembersByCDFTag
CryptCATAdminCalcHashFromFileHandle
CryptCATPutCatAttrInfo
MsCatConstructHashTag
CryptCATAdminEnumCatalogFromHash
CryptCATCDFOpen
CryptCATVerifyMember

untfs

?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MASTER_FILE_TABLE@@@Z
??0NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAE@XZ
?Initialize@NTFS_UPCASE_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?IsAttributePresent@NTFS_FILE_RECORD_SEGMENT@@QAEEKPBVWSTRING@@E@Z
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
?QueryLcnFromVcn@NTFS_EXTENT_LIST@@QBEEVBIG_INT@@PAV2@1@Z
??0NTFS_BOOT_FILE@@QAE@XZ
?Relocate@NTFS_CLUSTER_RUN@@QAEXVBIG_INT@@@Z
?AddSecurityDescriptor@NTFS_FILE_RECORD_SEGMENT@@QAEEW4_CANNED_SECURITY_TYPE@@PAVNTFS_BITMAP@@@Z
?CreateDataAttribute@NTFS_LOG_FILE@@QAEEVBIG_INT@@KPAVNTFS_BITMAP@@@Z

wintrust

CryptCATAdminResolveCatalogPath
CryptCATPutAttrInfo
SoftpubLoadMessage
DriverFinalPolicy
CryptCATCDFEnumMembersByCDFTagEx
mscat32DllUnregisterServer
CryptCATGetCatAttrInfo
CryptCATPersistStore
WinVerifyTrust
SoftpubDllUnregisterServer
CatalogCompactHashDatabase

Sections

.text
Size: 395KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c1dd484b9befdd8549055c12dd03101

Headers

DLL Characteristics

File Characteristics

Imports

mapistub

kernel32

dhcpcsvc

mscat32

untfs

wintrust

Sections

.text Size: 395KB - Virtual size: 395KB

.rdata Size: 154KB - Virtual size: 154KB

.data Size: 173KB - Virtual size: 1.5MB

.rsrc Size: 100KB - Virtual size: 99KB

.reloc Size: 1024B - Virtual size: 864B

.text
Size: 395KB - Virtual size: 395KB

.rdata
Size: 154KB - Virtual size: 154KB

.data
Size: 173KB - Virtual size: 1.5MB

.rsrc
Size: 100KB - Virtual size: 99KB

.reloc
Size: 1024B - Virtual size: 864B