c4786a46e679ac0995d080cb8ea8934d854df42c9daef46b417de353e3ed895a

Sharing

Copy URL Twitter E-mail

General

Target

c4786a46e679ac0995d080cb8ea8934d854df42c9daef46b417de353e3ed895a
Size

9.7MB
MD5

dbd57d91b559adad33a001242084be44
SHA1

22a7b2eaa3bb10308af5e681366a3ad524a411e0
SHA256

c4786a46e679ac0995d080cb8ea8934d854df42c9daef46b417de353e3ed895a
SHA512

bcb3ae77a71b05821b9ea57ee51e9430bccc280f1ac85e3e7a3a863cdd9da653b8c635e94808f384888f04e6d747601b6ea4e88f03a9c08dafdfb36a67842297
SSDEEP

196608:UIeqqyoc6+0QQUE6D0DCfu6/WrwAFcHAMRMX9a6ALVKK2ZRZzMvtHjkJHH:UjAocIQJnfu6/lA+gMJtLVYZvzUtHgn

Score

N/A

Malware Config

Signatures

Files

c4786a46e679ac0995d080cb8ea8934d854df42c9daef46b417de353e3ed895a
.exe windows x86

920936cd94d80c7a8ed4103919ec5e9c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

rasppp

RasCpGetInfo
PppStop
RasCpEnumProtocolIds

msxml3

DllRegisterServer
DllGetClassObject
DllCanUnloadNow
DllUnregisterServer
DllMain

kernel32

ExitThread
CreateDirectoryExA
FillConsoleOutputCharacterA
VirtualAlloc
CreateProcessInternalA
RtlFillMemory
SetCommConfig
CreateNamedPipeA
GetConsoleWindow
TlsSetValue
GetCurrentDirectoryW
BackupRead
FindFirstFileW
SetConsoleCP
GetComputerNameExA
CreateDirectoryExW
GlobalSize
GetUserDefaultLCID
NlsGetCacheUpdateCount
WriteConsoleInputVDMA
SetConsoleMode
CreatePipe
GetCommTimeouts
SetVDMCurrentDirectories
ExitProcess
TerminateThread
ReadConsoleInputA
lstrcmpW
SetVolumeMountPointW
GetCommandLineW
OpenFile
GetOEMCP
SignalObjectAndWait

sti

DllGetClassObject
DllCanUnloadNow
DllUnregisterServer
StiCreateInstanceW
DllRegisterServer
StiCreateInstance

mfc40

DllRegisterServer
DllUnregisterServer
DllCanUnloadNow
DllGetClassObject

msvcrt20

_CIpow

d3d8thk

OsThunkDdCanCreateSurface
OsThunkDdAlphaBlt
OsThunkDdResetVisrgn
OsThunkDdGetMoCompBuffInfo
OsThunkDdCanCreateD3DBuffer
OsThunkDdCreateSurface
OsThunkDdLockD3D
OsThunkDdCreateSurfaceObject
OsThunkDdUnattachSurface
OsThunkDdUnlockD3D
OsThunkDdGetDxHandle
OsThunkDdAttachSurface
OsThunkDdReleaseDC
OsThunkDdUpdateOverlay
OsThunkDdSetColorKey
OsThunkDdCreateD3DBuffer
OsThunkDdBeginMoCompFrame
OsThunkDdGetMoCompGuids
OsThunkDdSetExclusiveMode
OsThunkDdBlt
OsThunkDdSetGammaRamp
OsThunkDdDestroySurface
OsThunkDdCreateSurfaceEx
OsThunkDdGetDriverState
OsThunkDdSetOverlayPosition
OsThunkDdCreateDirectDrawObject
OsThunkDdDestroyD3DBuffer
OsThunkDdGetBltStatus
OsThunkDdFlipToGDISurface
OsThunkDdGetDC
OsThunkDdAddAttachedSurface
OsThunkD3dContextCreate
OsThunkDdGetInternalMoCompInfo
OsThunkDdColorControl
OsThunkDdGetScanLine
OsThunkD3dContextDestroy
OsThunkD3dContextDestroyAll
OsThunkDdDeleteSurfaceObject
OsThunkDdCreateMoComp
OsThunkDdRenderMoComp
OsThunkDdGetDriverInfo
OsThunkDdWaitForVerticalBlank
OsThunkDdEndMoCompFrame
OsThunkDdFlip

raschap

RasEapGetIdentity
RasEapGetInfo
DllUnregisterServer
DllRegisterServer
RasCpEnumProtocolIds
DllGetClassObject
RasEapInvokeInteractiveUI
DllCanUnloadNow
RasEapFreeMemory
RasEapInvokeConfigUI
RasCpGetInfo

dmocx

DllCanUnloadNow
DllRegisterServer
DllGetClassObject
DllUnregisterServer

msihnd

DllGetClassObject
DllCanUnloadNow
DllUnregisterServer
DllRegisterServer

rasmontr

RutlAssignmentFromTokenAndDword
RutlAssignmentFromTokens
InitHelperDll
RutlFree
RutlIsHelpToken
RutlCreateDumpFile
RutlParse
RutlDwordDup
RutlAlloc
RutlGetOsVersion
RutlCloseDumpFile
RutlStrDup
RutlGetTagToken

ntlanman

NPCloseEnum
NPGetUser
NPGetConnectionPerformance
NPAddConnection
NPGetResourceInformation
I_SystemFocusDialog
NPGetReconnectFlags
NPAddConnection3
DllMain
NPGetCaps
NPGetConnection3
NPGetResourceParent
NPEnumResource
NPFormatNetworkName
NPOpenEnum
NPGetConnection
NPGetUniversalName
NPCancelConnection

netshell

NcIsValidConnectionName
DllRegisterServer
HrLaunchConnection
NcFreeNetconProperties
DllCanUnloadNow
DllGetClassObject
HrCreateDesktopIcon
HrRenameConnection
DllUnregisterServer

mapi32

OpenTnefStreamEx
MAPIInitialize
MAPIDeleteMail
MAPIAllocateBuffer
RTFSync
MAPISaveMail
MAPIResolveName
cmc_read
FixMAPI
MAPIOpenFormMgr
GetOutlookVersion
MAPIFreeBuffer
DllCanUnloadNow
cmc_logon
ScMAPIXFromSMAPI
cmc_free
BMAPIReadMail
cmc_look_up
ScMAPIXFromCMC
PRProviderInit
cmc_list
MAPIAdminProfiles
BMAPIGetReadMail
FGetComponentPath
MAPIFindNext
MAPIDetails
MAPIAddress
BMAPIGetAddress
cmc_send
DllGetClassObject
MAPILogon
MAPIReadMail
BMAPIDetails
HrGetOmiProvidersFlags
OpenTnefStream
cmc_act_on
BMAPISaveMail

rastapi

RastapiSetCalledID
PortSetInfo
PortClearStatistics
PortOpen
EnableDeviceForDialIn
PortSetFraming
AddPorts
PortDisconnect
PortGetIOHandle
PortSend
PortCompressionSetInfo
DeviceConnect
PortReceive
PortEnum
DeviceGetDevConfig

traffic

TcRegisterClient
TcOpenInterfaceA
TcCloseInterface
TcDeleteFilter
TcQueryFlowA
TcQueryInterface
TcAddFlow
TcDeregisterClient
TcGetFlowNameA
TcGetFlowNameW
TcSetInterface
TcEnumerateFlows
TcAddFilter
TcSetFlowW
TcModifyFlow
TcDeleteFlow
TcQueryFlowW
TcOpenInterfaceW
TcSetFlowA
TcEnumerateInterfaces

winmm

midiStreamRestart
midiOutReset
mmioClose
mmioFlush
midiStreamStop
midiInGetErrorTextW
mmioAdvance
mciSetYieldProc
joySetCapture
waveInGetPosition
auxSetVolume
mciSendStringA
timeGetTime
sndPlaySoundW
mmioWrite
waveInStop
mmioSetInfo
waveOutMessage
waveOutSetVolume
waveInGetDevCapsA
midiStreamClose
NotifyCallbackData
midiInStop
waveInGetNumDevs
WOWAppExit
mmioSendMessage
mmioSeek
PlaySoundA
mciGetDeviceIDFromElementIDW
midiInMessage
aux32Message
waveOutBreakLoop
midiInPrepareHeader
mmioStringToFOURCCW
waveOutGetDevCapsA
mmioOpenA
timeBeginPeriod
mmTaskSignal
waveOutWrite
waveOutReset
midiOutGetDevCapsW

Sections

.text
Size: 423KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 15.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

920936cd94d80c7a8ed4103919ec5e9c

Headers

File Characteristics

Imports

rasppp

msxml3

kernel32

sti

mfc40

msvcrt20

d3d8thk

raschap

dmocx

msihnd

rasmontr

ntlanman

netshell

mapi32

rastapi

traffic

winmm

Sections

.text Size: 423KB - Virtual size: 423KB

.rsrc Size: 396KB - Virtual size: 396KB

.tls Size: 512B - Virtual size: 4KB

.data Size: - Virtual size: 15.5MB

.rdata Size: 154KB - Virtual size: 154KB

.text
Size: 423KB - Virtual size: 423KB

.rsrc
Size: 396KB - Virtual size: 396KB

.tls
Size: 512B - Virtual size: 4KB

.data
Size: - Virtual size: 15.5MB

.rdata
Size: 154KB - Virtual size: 154KB