8be468677f8b84e3839b3bde6882af091ebf446061b5eafed285c8262f9143ee

Sharing

Copy URL Twitter E-mail

General

Target

8be468677f8b84e3839b3bde6882af091ebf446061b5eafed285c8262f9143ee
Size

5.1MB
MD5

fc11cd568619990f942e8e9c73b753e7
SHA1

868af7a4983e418ead16047860da4c3e82e5154b
SHA256

8be468677f8b84e3839b3bde6882af091ebf446061b5eafed285c8262f9143ee
SHA512

bb548272cb03e5680c2df9ca4e6daed684f21b8630cbee029fbac74f4e498bb7675accefb02fbe44445b4edd9e6d924e20839e53665a8ddf047b77c95403e88c
SSDEEP

98304:clUtZN44L60HiNvwp0NCLfGsBOmRG2xpEvD03f1nVrzDCfJnsD6/WPquofAt:GM44L16+0QLUE6D0DCfu6/WrwAt

Score

N/A

Malware Config

Signatures

Files

8be468677f8b84e3839b3bde6882af091ebf446061b5eafed285c8262f9143ee
.exe windows x86

1d3bceaadf1e8ad885d69c8ccfa4d3a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcp60

_Toupper

scrrun

DllUnregisterServer
DllGetClassObject
DllCanUnloadNow

dssenh

CPDuplicateKey
CPSetKeyParam
CPGetProvParam
CPAcquireContext
CPVerifySignature
CPSetHashParam
CPExportKey
CPHashData
CPGetKeyParam
CPDuplicateHash
CPGenRandom
CPDeriveKey
CPGetUserKey
CPSignHash
CPSetProvParam
CPGenKey

inseng

CheckForVersionConflict
CheckTrust
GetICifFileFromFile
DllGetClassObject
CheckTrustEx
PurgeDownloadDirectory
DllCanUnloadNow
GetICifRWFileFromFile
DownloadFile

ifmon

InitHelperDll

kernel32

GetProcAddress
ResumeThread
SetConsoleNlsMode
WriteFile
GetPrivateProfileStructW
SetComputerNameW
InvalidateConsoleDIBits
EnumSystemLocalesA
Thread32Next
GetExitCodeThread
UpdateResourceA
GetFileSize
LoadLibraryA
GetCommandLineW
MapViewOfFile
Heap32First
GetFileAttributesExA
GetCommTimeouts
WaitForDebugEvent
ClearCommBreak
Sleep
HeapSetInformation
Process32Next
GetCPInfoExA
OpenProfileUserMapping
RegisterConsoleIME
GetConsoleCP
UnlockFileEx
GetEnvironmentStrings
EnumCalendarInfoExA
HeapUnlock
GetLargestConsoleWindowSize
Process32First
SetFileAttributesW
LoadResource
FormatMessageA
MoveFileExA
WritePrivateProfileStructA
GetLastError
GetUserDefaultLangID
GetVolumeNameForVolumeMountPointA
VirtualAlloc
TryEnterCriticalSection
ClearCommError
MoveFileWithProgressW

expsrv

__vbaGetFxStr4
rtcIntVar
rtcDatePart
__vbaFPFix
_adj_fdivr_m64
rtcInputCount
__vbaVarLateMemSt
Zombie_QueryInterface
__vbaRsetFixstrFree
__vbaGetOwner4
rtcRightVar

qasf

DllGetClassObject
DllRegisterServer
DllCanUnloadNow
DllUnregisterServer

mswsock

MigrateWinsockConfiguration
TransmitFile
GetAddressByNameA
AcceptEx
GetAcceptExSockaddrs
GetTypeByNameA
EnumProtocolsW
GetServiceW
SetServiceA
SetServiceW
GetAddressByNameW
WSARecvEx
NPLoadNameSpaces
s_perror
EnumProtocolsA
GetServiceA
GetNameByTypeA
GetTypeByNameW
dn_expand
GetNameByTypeW

perfctrs

CollectDhcpPerformanceData
OpenTcpIpPerformanceData
CloseTcpIpPerformanceData
CollectTcpIpPerformanceData
CloseDhcpPerformanceData
CollectNWNBPerformanceData

synceng

DeleteTwin
DestroyTwinList
CreateTwinList
GetOpenBriefcaseInfo
IsFolderTwin
BeginReconciliation
ReleaseTwinHandle
AddAllTwinsToTwinList
CreateFolderTwinList
AnyTwins
FindNextBriefcase
GetObjectTwinHandle
CompareFileStamps
AddObjectTwin
OpenBriefcase
DestroyRecList
GetVolumeDescription
RemoveTwinFromTwinList
CreateRecList
CountSourceFolderTwins
DestroyFolderTwinList
GetFolderTwinStatus
ReconcileItem
CloseBriefcase
IsPathOnVolume
SaveBriefcase
ClearBriefcaseCache
DeleteBriefcase
AddTwinToTwinList
FindBriefcaseClose
FindFirstBriefcase
GetFileStamp
EndReconciliation
IsOrphanObjectTwin
AddFolderTwin
RemoveAllTwinsFromTwinList

ddraw

DirectDrawCreateClipper
CompleteCreateSysmemSurface
RegisterSpecialCase
DirectDrawEnumerateExA
DirectDrawEnumerateA
DllGetClassObject
DirectDrawEnumerateExW
GetSurfaceFromDC
DllCanUnloadNow
DirectDrawEnumerateW
DirectDrawCreateEx
DSoundHelp
DirectDrawCreate
DDInternalLock
GetDDSurfaceLocal
ReleaseDDThreadLock
D3DParseUnknownCommand
GetOLEThunkData

regapi

RegPdCreateW
RegWdEnumerateA
RegOpenServerA
RegWinStationEnumerateW
RegUserConfigQuery
RegPdDeleteA
RegBuildNumberQuery
RegWinStationEnumerateA
RegWinStationDeleteW
RegCdDeleteW
RegWinStationAccessCheck
RegWdCreateW

qmgrprxy

DllCanUnloadNow
DllUnregisterServer
DllRegisterServer
DllGetClassObject

mstext40

DllRegisterServer
DllUnregisterServer

Sections

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 710KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 14.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1d3bceaadf1e8ad885d69c8ccfa4d3a7

Headers

File Characteristics

Imports

msvcp60

scrrun

dssenh

inseng

ifmon

kernel32

expsrv

qasf

mswsock

perfctrs

synceng

ddraw

regapi

qmgrprxy

mstext40

Sections

.rsrc Size: 42KB - Virtual size: 41KB

.tls Size: 512B - Virtual size: 4KB

.text Size: 710KB - Virtual size: 709KB

.data Size: - Virtual size: 14.3MB

.rsrc
Size: 42KB - Virtual size: 41KB

.tls
Size: 512B - Virtual size: 4KB

.text
Size: 710KB - Virtual size: 709KB

.data
Size: - Virtual size: 14.3MB