fb2983693afa0d37af286aa7c2b78900f3925939e22a3647a5966d9cec04c645

Sharing

Copy URL Twitter E-mail

General

Target

fb2983693afa0d37af286aa7c2b78900f3925939e22a3647a5966d9cec04c645
Size

159KB
MD5

a9d9ce86cb2a5bde1cfa145999a4abe8
SHA1

f608a5a60d70fb1bf0e89b0388d6c52064a9a719
SHA256

fb2983693afa0d37af286aa7c2b78900f3925939e22a3647a5966d9cec04c645
SHA512

452d82445d7987be1c6cdcb1ebd12a6fbc822eb312f37e74cbf4e1a95ad9d1aca60b6405d32b59c1e1e30b326f5a7d89bbf7f4b06664434369eef7f0ec71a49c
SSDEEP

3072:KnzIsjwFGSVTGsTjOsXRURafWq7KfqlcH90r+s1u1KymsC/vYjnxy9HU7EK7c:KzIsWGYQs2Rxq2f4090r+sH1Yltoy

Score

N/A

Malware Config

Signatures

Files

fb2983693afa0d37af286aa7c2b78900f3925939e22a3647a5966d9cec04c645
.exe windows x86

260b79acbedcd462b2de93ef87d27dbf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d8thk

OsThunkDdAlphaBlt
OsThunkDdFlip
OsThunkDdCreateSurface
OsThunkDdWaitForVerticalBlank
OsThunkDdReenableDirectDrawObject
OsThunkDdDestroyMoComp
OsThunkDdGetDxHandle
OsThunkDdLock
OsThunkDdCanCreateSurface
OsThunkDdGetBltStatus
OsThunkDdCreateSurfaceEx
OsThunkDdGetScanLine
OsThunkDdCreateD3DBuffer
OsThunkDdDestroySurface
OsThunkDdCreateSurfaceObject
OsThunkDdReleaseDC
OsThunkDdGetMoCompBuffInfo
OsThunkDdDeleteSurfaceObject
OsThunkDdUnlock
OsThunkDdBeginMoCompFrame
OsThunkDdColorControl
OsThunkD3dValidateTextureStageState
OsThunkDdUpdateOverlay
OsThunkDdDestroyD3DBuffer
OsThunkDdQueryDirectDrawObject
OsThunkDdSetOverlayPosition
OsThunkDdBlt
OsThunkDdUnlockD3D
OsThunkDdGetInternalMoCompInfo
OsThunkDdSetGammaRamp
OsThunkDdEndMoCompFrame
OsThunkDdGetFlipStatus
OsThunkDdSetColorKey
OsThunkDdGetDC

kernel32

HeapDestroy
RtlCaptureStackBackTrace
WaitForDebugEvent
RtlMoveMemory
EscapeCommFunction
RegisterConsoleVDM
SetProcessPriorityBoost
RegisterWaitForInputIdle
GetTapeParameters
EnumDateFormatsA
IsBadHugeReadPtr
MapViewOfFileEx
CreatePipe
CommConfigDialogW
GetNamedPipeInfo
RequestDeviceWakeup
BaseInitAppcompatCacheSupport
EnumResourceNamesW
SystemTimeToFileTime
HeapValidate
QueryMemoryResourceNotification
GetCommConfig
InterlockedPopEntrySList
Beep
PeekConsoleInputA
CloseHandle
GetSystemWindowsDirectoryA
WritePrivateProfileSectionW
GetConsoleAliasA
InitializeSListHead
CreateDirectoryExA
CreateMutexW
GetSystemWow64DirectoryW
SetTermsrvAppInstallMode
EnumerateLocalComputerNamesA
FindNextVolumeMountPointW
SetLocalPrimaryComputerNameA
VirtualAlloc
LockResource
ExpandEnvironmentStringsW
GetStartupInfoA
CompareStringW
GetProcessHeap
IsValidCodePage
HeapQueryInformation
DeleteTimerQueueTimer
SetUserGeoID
GetPrivateProfileStringA
SetConsoleCtrlHandler
WideCharToMultiByte
SetTapeParameters
GetACP
CreateNamedPipeA
SetCalendarInfoA
SetFilePointer
DeleteTimerQueue
BuildCommDCBAndTimeoutsA
GetFileTime
ExpungeConsoleCommandHistoryW
EnumUILanguagesA
TlsGetValue
LCMapStringW
AddAtomA
EnumDateFormatsW
GetLastError
SetHandleInformation
VerLanguageNameW
DeleteAtom
GetEnvironmentStringsW
GetPriorityClass
GetOEMCP
IsBadCodePtr
QueryInformationJobObject
FlushFileBuffers
LoadLibraryA
EnumCalendarInfoExA
GetNativeSystemInfo
CloseConsoleHandle
SetCommMask
TzSpecificLocalTimeToSystemTime
UnregisterWaitEx
GetCurrentDirectoryW
FindFirstVolumeW
GetProcessTimes
HeapWalk
GetConsoleCommandHistoryW
ReleaseMutex
SetMessageWaitingIndicator
MoveFileWithProgressW
DebugSetProcessKillOnExit
GetCurrentProcess
ProcessIdToSessionId
OpenProcess
EnumCalendarInfoExW
GetDriveTypeA
TerminateJobObject
GetStartupInfoW
FreeConsole
LZSeek
PurgeComm
SetVolumeLabelA
UpdateResourceA
Process32Next
SetSystemTime
PeekNamedPipe
GlobalCompact

pdh

PdhListLogFileHeaderW
PdhExpandWildCardPathHA
PdhComputeCounterStatistics
PdhGetDataSourceTimeRangeA
PdhUpdateLogA
PdhBrowseCountersHA
PdhGetFormattedCounterValue
PdhEnumObjectItemsA
PdhOpenLogW
PdhEnumMachinesA
PdhEnumLogSetNamesW
PdhReadRawLogRecord
PdhGetDefaultPerfCounterW
PdhBrowseCountersHW
PdhVbUpdateLog
PdhExpandWildCardPathW
PdhCloseQuery
PdhParseInstanceNameW
PdhFormatFromRawValue
PdhGetDllVersion
PdhEnumMachinesW
PdhRemoveCounter
PdhEnumObjectsHA
PdhTranslate009CounterA
PdhBindInputDataSourceA
PdhMakeCounterPathW
PdhVbIsGoodStatus
PdhOpenQueryH
PdhAddCounterA
PdhVbGetDoubleCounterValue
PdhConnectMachineA
PdhLookupPerfIndexByNameA
PdhSetLogSetRunID
PdhCreateSQLTablesW
PdhAdd009CounterA
PdhTranslateLocaleCounterA
PdhGetLogFileTypeA
PdhCloseLog
PdhVbGetCounterPathElements
PdhGetCounterInfoA
PdhCalculateCounterFromRawValue

msvcrt40

mktime
?eof@ios@@QBEHXZ
_mbsnbset
?lockc@ios@@KAXXZ
??_Distrstream@@QAEXXZ
_putws
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
_getws
?get@istream@@IAEAAV1@PADHH@Z
_strnicmp
_adj_fdivr_m32
putchar
_wctime
wcstoul
?get@istream@@QAEAAV1@PAEHD@Z
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
strlen
_sys_errlist
_mtunlock
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
?read@istream@@QAEAAV1@PADH@Z
_getmaxstdio
remove
_fullpath
??8type_info@@QBEHABV0@@Z
__p__wpgmptr
?tellp@ostream@@QAEJXZ
ceil
_acmdln
_adj_fprem
_strset
frexp
_mbsnbicmp
_wstrdate
?cin@@3Vistream_withassign@@A
?lock@streambuf@@QAEXXZ
wctomb
_adj_fprem1
??1bad_cast@@UAE@XZ
_ismbcpunct

hhsetup

?GetPath@CLocation@@QAEPADXZ
?GetColNo@CCollection@@QAEKXZ
?SetMasterCHM@CCollection@@QAEXPBDG@Z
??1CFolder@@QAE@XZ
?RemoveCollection@CCollection@@QAEKH@Z
??4CTitle@@QAEAAV0@ABV0@@Z
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?SetPath@CLocation@@QAEXPBG@Z
?GetMasterCHM@CCollection@@QAEHPAPAGPAG@Z
?Open@CCollection@@QAEKPBD@Z
?GetNextLocation@CLocation@@QAEPAV1@XZ
?GetLocation@CTitle@@QAEPAULocationHistory@@K@Z
?GetNextFolder@CFolder@@QAEPAV1@XZ
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?GetTitle@CFolder@@QAEPADXZ
??1CCollection@@QAE@XZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?SetNextTitle@CTitle@@QAEXPAV1@@Z
??1CLocation@@QAE@XZ
?GetNextTitle@CTitle@@QAEPAV1@XZ
?IncrementRefTitleCount@CCollection@@QAEXXZ
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?SetVersion@CCollection@@QAEXK@Z
?GetId@CLocation@@QBEPADXZ
?SetFirstChildFolder@CFolder@@QAEXPAV1@@Z
?SetExTitlePtr@CFolder@@QAEXPAVCExTitle@@@Z
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?SetTitle@CFolder@@QAEXPBG@Z
?AddLocation@CCollection@@QAEPAVCLocation@@PBD000PAK@Z

msdart

?_Expand@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_CmpExch@CReaderWriterLock@@AAE_NJJ@Z
MPDeleteCriticalSection
?_TryWriteLock@CReaderWriterLock@@AAE_NXZ
?_TryLock@CSpinLock@@AAE_NXZ
?GetDefaultSpinAdjustmentFactor@CReaderWriterLock@@SGNXZ
?DeleteRecord@CLKRLinearHashTable@@QAE?AW4LK_RETCODE@@PBX@Z
mpRealloc
?ConvertSharedToExclusive@CReaderWriterLock@@QAEXXZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
IrtlTrace
?_IsLocked@CSpinLock@@ABE_NXZ
?SetDefaultSpinCount@CFakeLock@@SGXG@Z
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
?IsReadUnlocked@CLKRLinearHashTable@@QBE_NXZ
?_LockSpin@CSpinLock@@AAEXXZ
?ApplyIf@CLKRHashTable@@QAEKP6G?AW4LK_PREDICATE@@PBXPAX@ZP6G?AW4LK_ACTION@@01@Z1W4LK_LOCKTYPE@@@Z
?_TryWriteLock@CReaderWriterLock3@@AAE_NJ@Z
??4CReaderWriterLock@@QAEAAV0@ABV0@@Z
?ReadOrWriteLock@CReaderWriterLock3@@QAE_NXZ
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
MPInitializeCriticalSection
??0CLKRHashTableStats@@QAE@XZ
?ReadLock@CReaderWriterLock@@QAEXXZ
?InsertTail@CDoubleList@@QAEXQAVCListEntry@@@Z
?_TryWriteLock@CReaderWriterLock2@@AAE_NJ@Z
?FindKey@CLKRHashTable@@QBE?AW4LK_RETCODE@@KPAPBX@Z
?sm_dblDfltSpinAdjFctr@CReaderWriterLock3@@1NA
?IsWriteLocked@CCritSec@@QBE_NXZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?IsWin9x@CMdVersionInfo@@SAHXZ
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?_Initialize@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@P6G?BKPBX@ZP6GKK@ZP6G_NKK@ZP6GX0H@ZPBDNK@Z

msvcrt

_wfullpath
_wtoi64
_mbsncmp
getenv
_mbsstr
??_E__non_rtti_object@@UAEPAXI@Z
_osver
_mbcasemap
_putenv
_mbsnset
_controlfp
_HUGE
exit
fprintf
_mbsbtype
_setsystime
_adj_fdiv_m32i
_mbscpy
strcoll
__badioinfo
__getmainargs
_wputenv
fputc
_wmkdir
__pctype_func
_loaddll
_ismbcprint
_commit
__set_app_type
__pxcptinfoptrs
_wenviron
_CItan
isalnum
memmove
_adj_fdivr_m64
_CIcos
_seh_longjmp_unwind
?what@exception@@UBEPBDXZ
strcmp
_atoldbl
__p__commode
_ismbslead
__wargv
_heapadd
_wmktemp

mmcbase

??1CEventBuffer@@QAE@XZ
?FormatErrorString@@YGXPBGVSC@mmcerror@@IPAGH@Z
??9SC@mmcerror@@QBE_NJ@Z
?GetFacility@SC@mmcerror@@ABE?AW4facility_type@12@XZ
?s_pDispatcher@CConsoleEventDispatcherProvider@@0PAVCConsoleEventDispatcher@@A
?SetMainThreadID@SC@mmcerror@@SGXK@Z
?FormatErrorShort@@YGXVSC@mmcerror@@IPAG@Z
??4CMMCStrongReferences@@QAEAAV0@ABV0@@Z
?InternalRelease@CMMCStrongReferences@@AAEKXZ
?SetHinst@SC@mmcerror@@SGXPAUHINSTANCE__@@@Z
?SetHWnd@SC@mmcerror@@SGXPAUHWND__@@@Z
??0CEventBuffer@@QAE@ABV0@@Z
?Lock@CEventBuffer@@QAEXXZ
?InternalLastRefReleased@CMMCStrongReferences@@AAE_NXZ
?Unlock@CEventBuffer@@QAEXXZ
?FatalError@SC@mmcerror@@QBEXXZ
?GetErrorMessage@SC@mmcerror@@QBEXIPAG@Z
??0?$CEventLock@UAppEvents@@@@QAE@XZ
?ScFlushPostponed@CEventBuffer@@AAE?AVSC@mmcerror@@XZ
??7SC@mmcerror@@QBEHXZ
?MMCUpdateRegistry@@YGJHPBVCObjectRegParams@@PBVCControlRegParams@@@Z
??_FSC@mmcerror@@QAEXXZ
?Trace_@SC@mmcerror@@QBEXXZ
?GetMainThreadID@SC@mmcerror@@SGKXZ
?IsError@SC@mmcerror@@QBE_NXZ
?InternalAddRef@CMMCStrongReferences@@AAEKXZ
?HrFromSc@@YGJABVSC@mmcerror@@@Z
?FromMMC@SC@mmcerror@@QAEAAV12@J@Z
?Throw@SC@mmcerror@@QAEXJ@Z
?GetStringModule@@YGPAUHINSTANCE__@@XZ

rasser

PortEnum
PortClose
PortSetInfo
PortSetFraming
PortGetPortState
PortGetStatistics
PortTestSignalState
PortCompressionSetInfo
PortGetInfo
PortReceiveComplete
PortOpen
PortSetINetCfg
PortDisconnect
PortReceive
PortChangeCallback
PortConnect
PortClearStatistics
PortSend
PortInit

Sections

.tixt
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

260b79acbedcd462b2de93ef87d27dbf

Headers

DLL Characteristics

File Characteristics

Imports

d3d8thk

kernel32

pdh

msvcrt40

hhsetup

msdart

msvcrt

mmcbase

rasser

Sections

.tixt Size: 73KB - Virtual size: 73KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 44KB - Virtual size: 252KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 73KB - Virtual size: 73KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 44KB - Virtual size: 252KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B