b9f99c2f598d439c7cfd24399476e43c0bb9909691396fe91e14d36974b07147

Sharing

Copy URL Twitter E-mail

General

Target

b9f99c2f598d439c7cfd24399476e43c0bb9909691396fe91e14d36974b07147
Size

1.8MB
MD5

498427b671a535a112ea3a8c79c394c2
SHA1

6f647f5f42494d7bae937ffe4fff0b7432ac4e2c
SHA256

b9f99c2f598d439c7cfd24399476e43c0bb9909691396fe91e14d36974b07147
SHA512

4f0a1de7391571c2ac86f7767f2a3d62fecd622a61b63f59d2dbf8922f2d565db582190101e6544b291a7b2243f92cd4f8e47eaa24f874c99b2e83df0322925a
SSDEEP

49152:7YjQhktU5ZEav338Vc0J7RiC4PafPfEwp0NCFdUN:7uQhktYv8W0HiNvwp0NCg

Score

N/A

Malware Config

Signatures

Files

b9f99c2f598d439c7cfd24399476e43c0bb9909691396fe91e14d36974b07147
.exe windows x86

8a5ee8897244edd6d25c3bc6d1e4a63e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

d3d8thk

OsThunkDdFlip
OsThunkDdLockD3D
OsThunkDdGetDriverState
OsThunkDdSetColorKey
OsThunkDdGetMoCompBuffInfo
OsThunkDdDestroySurface
OsThunkDdGetScanLine
OsThunkDdCreateSurfaceObject
OsThunkDdGetMoCompGuids
OsThunkDdCreateSurfaceEx
OsThunkDdDeleteSurfaceObject
OsThunkDdReleaseDC
OsThunkDdCreateMoComp
OsThunkDdResetVisrgn
OsThunkDdAlphaBlt
OsThunkDdWaitForVerticalBlank
OsThunkDdGetDC
OsThunkD3dContextCreate
OsThunkDdUpdateOverlay
OsThunkDdCanCreateD3DBuffer
OsThunkDdSetOverlayPosition
OsThunkDdBlt
OsThunkDdCreateD3DBuffer
OsThunkDdAddAttachedSurface
OsThunkDdFlipToGDISurface
OsThunkDdEndMoCompFrame
OsThunkDdDestroyD3DBuffer
OsThunkDdAttachSurface
OsThunkDdSetGammaRamp
OsThunkDdCreateDirectDrawObject
OsThunkDdColorControl
OsThunkD3dContextDestroy
OsThunkDdUnlockD3D
OsThunkDdGetDriverInfo
OsThunkDdGetInternalMoCompInfo
OsThunkDdSetExclusiveMode
OsThunkDdGetBltStatus
OsThunkDdCreateSurface
OsThunkDdCanCreateSurface
OsThunkDdBeginMoCompFrame
OsThunkDdUnattachSurface
OsThunkD3dContextDestroyAll
OsThunkDdGetDxHandle
OsThunkDdRenderMoComp

ntlanman

NPGetUser
NPCloseEnum
NPGetConnection3
NPCancelConnection
NPGetResourceInformation
NPGetResourceParent
NPGetConnectionPerformance
I_SystemFocusDialog
NPGetReconnectFlags
NPAddConnection
NPGetUniversalName
DllMain
NPEnumResource
NPGetCaps
NPAddConnection3
NPOpenEnum
NPFormatNetworkName
NPGetConnection

winmm

mmioSendMessage
midiInGetErrorTextW
midiStreamRestart
mmioSetInfo
waveOutGetDevCapsA
mmioOpenA
midiOutGetDevCapsW
mciSendStringA
timeGetTime
mmioAdvance
auxSetVolume
waveInGetPosition
midiOutReset
waveOutWrite
mmioClose
joySetCapture
mmioFlush
mmioSeek
waveInGetNumDevs
midiInPrepareHeader
mmTaskSignal
aux32Message
midiInStop
mmioWrite
sndPlaySoundW
waveOutBreakLoop
midiStreamClose
WOWAppExit
NotifyCallbackData
waveOutMessage
mciGetDeviceIDFromElementIDW
waveOutReset
waveInStop
waveOutSetVolume
waveInGetDevCapsA
PlaySoundA
timeBeginPeriod
mmioStringToFOURCCW
midiStreamStop
midiInMessage
mciSetYieldProc

traffic

TcDeregisterClient
TcAddFlow
TcSetFlowA
TcSetFlowW
TcOpenInterfaceW
TcModifyFlow
TcEnumerateFlows
TcEnumerateInterfaces
TcQueryFlowA
TcOpenInterfaceA
TcGetFlowNameA
TcRegisterClient
TcAddFilter
TcSetInterface
TcQueryFlowW
TcDeleteFilter
TcGetFlowNameW
TcCloseInterface
TcQueryInterface
TcDeleteFlow

rastapi

PortDisconnect
EnableDeviceForDialIn
PortSetInfo
AddPorts
PortClearStatistics
PortSend
PortSetFraming
PortGetIOHandle
RastapiSetCalledID
DeviceGetDevConfig
PortOpen
DeviceConnect
PortEnum
PortCompressionSetInfo
PortReceive

sti

DllUnregisterServer
StiCreateInstanceW
DllGetClassObject
DllRegisterServer
DllCanUnloadNow
StiCreateInstance

netshell

HrLaunchConnection
DllUnregisterServer
DllGetClassObject
DllRegisterServer
NcFreeNetconProperties
HrCreateDesktopIcon
DllCanUnloadNow
HrRenameConnection
NcIsValidConnectionName

msihnd

DllRegisterServer
DllCanUnloadNow
DllUnregisterServer
DllGetClassObject

mapi32

cmc_logon
OpenTnefStreamEx
MAPIInitialize
cmc_list
MAPILogon
FixMAPI
FGetComponentPath
MAPIReadMail
MAPIAdminProfiles
BMAPIGetReadMail
GetOutlookVersion
MAPIFreeBuffer
HrGetOmiProvidersFlags
cmc_read
MAPIResolveName
MAPISaveMail
MAPIDetails
DllGetClassObject
MAPIDeleteMail
cmc_free
BMAPIGetAddress
ScMAPIXFromSMAPI
PRProviderInit
BMAPIDetails
ScMAPIXFromCMC
MAPIOpenFormMgr
MAPIAddress
cmc_act_on
cmc_look_up
BMAPISaveMail
DllCanUnloadNow
MAPIAllocateBuffer
BMAPIReadMail
OpenTnefStream
MAPIFindNext
cmc_send
RTFSync

mfc40

DllRegisterServer
DllUnregisterServer
DllGetClassObject
DllCanUnloadNow

msxml3

DllRegisterServer
DllGetClassObject
DllUnregisterServer
DllCanUnloadNow
DllMain

msvcrt20

_CIpow

kernel32

VirtualAlloc
SetVolumeMountPointW
NlsGetCacheUpdateCount
SetVDMCurrentDirectories
ReadConsoleInputA
GetUserDefaultLCID
CreatePipe
GetCurrentDirectoryW
GetCommandLineW
SignalObjectAndWait
SetConsoleMode
GetComputerNameExA
CreateDirectoryExA
FindFirstFileW
GetOEMCP
TlsSetValue
ExitThread
TerminateThread
CreateProcessInternalA
BackupRead
OpenFile
ExitProcess
WriteConsoleInputVDMA
RtlFillMemory
GetCommTimeouts
CreateNamedPipeA
lstrcmpW
SetConsoleCP
CreateDirectoryExW
FillConsoleOutputCharacterA
UnhandledExceptionFilter
SetCommConfig
GlobalSize

dmocx

DllGetClassObject
DllCanUnloadNow
DllRegisterServer
DllUnregisterServer

raschap

DllUnregisterServer
RasEapGetInfo
RasEapInvokeInteractiveUI
DllCanUnloadNow
RasCpEnumProtocolIds
DllGetClassObject
RasEapGetIdentity
RasEapInvokeConfigUI
RasCpGetInfo
RasEapFreeMemory
DllRegisterServer

rasmontr

RutlAlloc
RutlStrDup
InitHelperDll
RutlCloseDumpFile
RutlGetOsVersion
RutlGetTagToken
RutlFree
RutlDwordDup
RutlAssignmentFromTokenAndDword
RutlCreateDumpFile
RutlParse
RutlAssignmentFromTokens
RutlIsHelpToken

rasppp

PppStop
RasCpEnumProtocolIds
RasCpGetInfo

Sections

.text
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 14.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8a5ee8897244edd6d25c3bc6d1e4a63e

Headers

File Characteristics

Imports

d3d8thk

ntlanman

winmm

traffic

rastapi

sti

netshell

msihnd

mapi32

mfc40

msxml3

msvcrt20

kernel32

dmocx

raschap

rasmontr

rasppp

Sections

.text Size: 376KB - Virtual size: 375KB

.rsrc Size: 258KB - Virtual size: 257KB

.tls Size: 512B - Virtual size: 4KB

.data Size: - Virtual size: 14.7MB

.rdata Size: 137KB - Virtual size: 136KB

.text
Size: 376KB - Virtual size: 375KB

.rsrc
Size: 258KB - Virtual size: 257KB

.tls
Size: 512B - Virtual size: 4KB

.data
Size: - Virtual size: 14.7MB

.rdata
Size: 137KB - Virtual size: 136KB