1461a43ce97d36e86f50d76fac6622926eb5f747ed17b4ad2fdb44588e80a3aa

Sharing

Copy URL

Twitter E-mail

General

Target

1461a43ce97d36e86f50d76fac6622926eb5f747ed17b4ad2fdb44588e80a3aa
Size

91KB
MD5

741f3faedfee455337d28b42a4cbe293
SHA1

9d465991e80248ad9c335d6f3766482ea8e8cd90
SHA256

1461a43ce97d36e86f50d76fac6622926eb5f747ed17b4ad2fdb44588e80a3aa
SHA512

d713d58ba9ffd35190d5b2b97c62d694fa41527e47eb4444a87bac20513b49ad2ea41d2f295be18866ae8fb2bebc6ca6994b1520462ce60926ff7f85d9ebf89e
SSDEEP

1536:TtuwZ4lMwCyxQykKCcViSbflNs9xoA6y89qcAwuawIzxAqKHBtN6b50jUTjOsdS9:TtumAQT2VvblNgxo5Ec/DKHBBYTjms9K

Score

N/A

Malware Config

Signatures

Files

1461a43ce97d36e86f50d76fac6622926eb5f747ed17b4ad2fdb44588e80a3aa
.exe windows x86

412b44498e97cef7a9c74b068d4814bb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleTextAttribute
GlobalFree
SetMessageWaitingIndicator
OutputDebugStringW
LoadLibraryA
ExitProcess
BeginUpdateResourceW
GetCurrentDirectoryW
GetFirmwareEnvironmentVariableW
BaseCleanupAppcompatCacheSupport
GetStartupInfoA
RemoveDirectoryW
FlushViewOfFile
DebugBreakProcess
FindNextVolumeMountPointW
IsDBCSLeadByteEx
GetACP
SetCurrentDirectoryW
GlobalAddAtomW
GetModuleHandleA
GetDateFormatA
EnumUILanguagesA
GetConsoleInputWaitHandle
VerSetConditionMask
EnumResourceLanguagesW
GetFirmwareEnvironmentVariableA
IsWow64Process
ProcessIdToSessionId
FlushConsoleInputBuffer
VirtualAlloc
GetSystemPowerStatus
ExpandEnvironmentStringsW

utildll

IsPartOfDomain
StrSdClass
DateTimeString
NetworkDeviceEnumerate
GetUserFromSid
CurrentDateTimeString
StandardErrorMessage
EnumerateMultiUserServers
StrSystemWaitReason
CachedGetUserFromSid
CalculateElapsedTime
WinEnumerateDevices
CtxGetAnyDCName
ElapsedTimeString
GetAssociatedPortName
GetUnknownString
CompareElapsedTime
GetSystemMessageA
AsyncDeviceEnumerate
TestUserForAdmin
NetBIOSDeviceEnumerate
HaveAnonymousUsersChanged
SetupAsyncCdConfig
ParseDecoratedAsyncDeviceName
StrAsyncConnectState
FormDecoratedAsyncDeviceName

msoert2

CreateEnumFormatEtc
PszEscapeMenuStringA
HrGetBodyElement
ChConvertFromHex
CleanupFileNameInPlaceW
HrGetStreamSize
HrBSTRToLPSZ
GenerateUniqueFileName
ReplaceCharsW
HrStreamToByte
HrGetStyleSheet
HrSetDirtyFlagImpl
UnlocStrEqNW
PszDayFromIndex
PszAllocW
fGetBrowserUrlEncoding
IsPrint
PszMonthFromIndex
HrCopyLockBytesToStream
HrIsStreamUnicode
HrIStreamWToBSTR
PszDupW
OpenFileStream
HrFindInetTimeZone
ReplaceChars
OpenFileStreamShareW
HrGetStreamPos

ole32

ComPs_NdrDllUnregisterProxy
UtGetDvtd16Info
ComPs_NdrDllGetClassObject
CoFileTimeNow
OleCreateMenuDescriptor
HWND_UserMarshal
HMETAFILEPICT_UserFree
OleCreateLinkFromDataEx
OleConvertOLESTREAMToIStorageEx
OleCreateFromData
CoCopyProxy
CoGetInstanceFromIStorage
IsValidInterface
CoGetApartmentID
CreateObjrefMoniker
OleCreateLink
CoGetPSClsid
HMENU_UserSize
CLIPFORMAT_UserSize
CoEnableCallCancellation
CreateBindCtx
OleRegGetUserType
RevokeDragDrop
HENHMETAFILE_UserFree
CoFreeUnusedLibraries
SetErrorInfo
SNB_UserUnmarshal

msvcirt

?bad@ios@@QBEHXZ
??4iostream@@IAEAAV0@AAV0@@Z
??1ofstream@@UAE@XZ
?ipfx@istream@@QAEHH@Z
?setb@streambuf@@IAEXPAD0H@Z
??_8stdiostream@@7Bostream@@@
??_7ios@@6B@
??0ios@@IAE@ABV0@@Z
?close@filebuf@@QAEPAV1@XZ
??5istream@@QAEAAV0@AAE@Z
??_Eostream_withassign@@UAEPAXI@Z
?is_open@fstream@@QBEHXZ
??_Estrstreambuf@@UAEPAXI@Z
??_7stdiostream@@6B@
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
?x_curindex@ios@@0HA
?str@istrstream@@QAEPADXZ
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
??0ostream_withassign@@QAE@ABV0@@Z
?close@ofstream@@QAEXXZ
??5istream@@QAEAAV0@AAF@Z
?xalloc@ios@@SAHXZ
??_Gstrstreambuf@@UAEPAXI@Z
??0fstream@@QAE@ABV0@@Z
?stossc@streambuf@@QAEXXZ
?setlock@ios@@QAAXXZ
??_Eexception@@UAEPAXI@Z
?setp@streambuf@@IAEXPAD0@Z
?setrwbuf@stdiobuf@@QAEHHH@Z
?sync@istream@@QAEHXZ
??_8ostrstream@@7B@
??1ostream@@UAE@XZ

winrnr

NSPStartup
RemoveNTDSProvider
InstallNTDSProvider

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

412b44498e97cef7a9c74b068d4814bb

Headers

File Characteristics

Imports

kernel32

utildll

msoert2

ole32

msvcirt

winrnr

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 15KB - Virtual size: 29KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 15KB - Virtual size: 29KB

.rsrc
Size: 8KB - Virtual size: 8KB