242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd

Sharing

Copy URL

Twitter E-mail

General

Target

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd
Size

832KB
MD5

dc57cea633e4fab658ec12066f4d0291
SHA1

8fcbcbfa132d7a471405863f09e121f944546a9a
SHA256

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd
SHA512

8197855a21e5a2f6c3a87dc4dc49a6b26707ce9751db9f4a1ac2fab2917b474af3e184f467c1f46e76b4080f064dabe292658889a1978b228800eb1425db8e42
SSDEEP

12288:tPQyqgtrdlpCrW4F5cPdxCoqsWIstry4Lf+Bdql+r0U5cV5tWcoPpdjCNaY8:hcgj6rWJVMC+d2Bdql5U5cMcid0

Score

N/A

Malware Config

Signatures

Files

242955b0d2ace8d28457d76dc003ac5b55fefb880dd3cc935772a82842e8d0fd
.exe windows x86

c144461183fd4d71955cf4fa4e956ef6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ifsutil

?GetCannedSecurity@IFS_SYSTEM@@SGPAVCANNED_SECURITY@@XZ
?GetCannedSecurityDescriptor@CANNED_SECURITY@@QAEPAXW4_CANNED_SECURITY_TYPE@@PAK@Z
?ShellSort@TLINK@@QAEXXZ
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?QueryMemberCount@TLINK@@QBEGXZ
??1MOUNT_POINT_MAP@@UAE@XZ
?AddEdge@DIGRAPH@@QAEEKK@Z
?Initialize@TLINK@@QAEEG@Z
?PushEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?Initialize@INTSTACK@@QAEEXZ
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?QueryRecommendedMediaType@DP_DRIVE@@QBE?AW4_MEDIA_TYPE@@XZ
?InvalidateVolume@IO_DP_DRIVE@@QAEEXZ
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
??1CANNED_SECURITY@@UAE@XZ
??0VOL_LIODPDRV@@IAE@XZ
?ChkDsk@VOL_LIODPDRV@@QAEEW4FIX_LEVEL@@PAVMESSAGE@@KKGPAKPBVWSTRING@@@Z
??1VOL_LIODPDRV@@UAE@XZ
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?QueryDisjointRangeAndAssignBuffer@TLINK@@QAEPAXPAVBIG_INT@@PAG1PAXK2@Z
?DoesIntersectSet@NUMBER_SET@@QBEEVBIG_INT@@0@Z
??0SECRUN@@QAE@XZ
?GetNext@TLINK@@QAEPAXPAX@Z
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?QueryParentsWithChildren@DIGRAPH@@QBEEPAVNUMBER_SET@@K@Z
??0LOG_IO_DP_DRIVE@@QAE@XZ
?GetDrive@SUPERAREA@@QAEPAVIO_DP_DRIVE@@XZ
??1NUMBER_SET@@UAE@XZ

kernel32

GetStringTypeA
CommConfigDialogA
IsSystemResumeAutomatic
AddRefActCtx
VirtualAlloc
QueueUserWorkItem
DeleteVolumeMountPointA
GlobalGetAtomNameW
RegisterWowExec
WaitForSingleObject
GetNamedPipeHandleStateA
GetThreadTimes
GetQueuedCompletionStatus
ExitProcess
WaitForMultipleObjectsEx
OutputDebugStringW
RtlMoveMemory
GetCPInfoExA
LZClose
GetLogicalDriveStringsA
GetPrivateProfileIntW
Process32Next
DeleteFileA
EnumTimeFormatsA
GlobalMemoryStatus
lstrcmpiW
SetComputerNameW
DeleteFiber
DeviceIoControl
BackupWrite
ReplaceFileA
GlobalAlloc
WriteProcessMemory
WriteConsoleOutputW
PrivMoveFileIdentityW
FindResourceExW
QueueUserAPC
BaseFlushAppcompatCache
SetConsoleCursorMode
GetConsoleTitleA
LoadLibraryA
RequestWakeupLatency
GetPrivateProfileStringA
SetConsoleNumberOfCommandsW
GetTempPathW
SetConsoleTextAttribute
SetFileApisToOEM
ExpandEnvironmentStringsA
CreateRemoteThread
IsValidLocale
CreatePipe
GlobalDeleteAtom
GetConsoleAliasExesLengthW
CreateHardLinkA
GetLogicalDrives
GetLongPathNameA
GetThreadSelectorEntry
FoldStringW
EnumUILanguagesA
EnumTimeFormatsW
WriteFileGather
SetErrorMode
CreateSemaphoreA
GetVolumePathNamesForVolumeNameA
BackupRead
lstrcat
QueryDosDeviceA
GetConsoleFontSize

msdart

?_LockSpin@CReaderWriterLock@@AAEX_N@Z
?_Initialize@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@P6G?BKPBX@ZP6GKK@ZP6G_NKK@ZP6GX0H@ZPBDNK@Z
?SetDefaultSpinCount@CSmallSpinLock@@SGXG@Z
??1CFakeLock@@QAE@XZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?ConvertSharedToExclusive@CSpinLock@@QAEXXZ
mpRealloc
?WriteLock@CCritSec@@QAEXXZ
?IsWriteUnlocked@CLKRLinearHashTable@@QBE_NXZ
?IsReadLocked@CReaderWriterLock@@QBE_NXZ
?ReadUnlock@CReaderWriterLock@@QAEXXZ
?GetDefaultSpinCount@CReaderWriterLock@@SGGXZ
?IsReadUnlocked@CReaderWriterLock2@@QBE_NXZ
?IsMillnm@CMdVersionInfo@@SAHXZ
?RemoveTail@CLockedDoubleList@@QAEQAVCListEntry@@XZ
?TryReadLock@CReaderWriterLock@@QAE_NXZ
?_H0@CLKRLinearHashTable@@ABEKK@Z
??4CCritSec@@QAEAAV0@ABV0@@Z
?ConvertExclusiveToShared@CReaderWriterLock3@@QAEXXZ
??4CFakeLock@@QAEAAV0@ABV0@@Z
?_WriteLockSpin@CReaderWriterLock2@@AAEXXZ
?SetSpinCount@CCritSec@@SGKPAPAVCCriticalSection@@K@Z
mpFree
?GetDefaultSpinCount@CReaderWriterLock2@@SGGXZ
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
?FindKey@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
MPCSUninitialize
?DeleteIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@Z1@Z
??4CSingleList@@QAEAAV0@ABV0@@Z

tapisrv

ServiceMain

Sections

.text
Size: 407KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c144461183fd4d71955cf4fa4e956ef6

Headers

DLL Characteristics

File Characteristics

Imports

ifsutil

kernel32

msdart

tapisrv

Sections

.text Size: 407KB - Virtual size: 407KB

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 188KB - Virtual size: 1.5MB

.rsrc Size: 120KB - Virtual size: 119KB

.reloc Size: 1024B - Virtual size: 948B

.text
Size: 407KB - Virtual size: 407KB

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 188KB - Virtual size: 1.5MB

.rsrc
Size: 120KB - Virtual size: 119KB

.reloc
Size: 1024B - Virtual size: 948B