886e80c273dcde39ae86a418e5166949a87a759c428fe98620d281b1d0d5b57a

Sharing

Copy URL Twitter E-mail

General

Target

886e80c273dcde39ae86a418e5166949a87a759c428fe98620d281b1d0d5b57a
Size

2.8MB
MD5

8aefa9800f21d9321312df31ea0083a7
SHA1

ffd9a32675c6ca588a1ce4874ac43c36a5e4fd74
SHA256

886e80c273dcde39ae86a418e5166949a87a759c428fe98620d281b1d0d5b57a
SHA512

11d6eca840840e1e4292e236e574761c9caf0ffd77887f5d062f643d5609956c158ed12c4f2aee695b73a1c5f1a00f2b23f4626c5474b7f1fe399e7541168330
SSDEEP

49152:gfQxU6r0k5iIIY4Q3W0bitRiC4PafPfEwp0NCFdgoUNxkpvJG1KT8tp:vQYiJeVbiviNvwp0NCgoUYpvosT8v

Score

N/A

Malware Config

Signatures

Files

886e80c273dcde39ae86a418e5166949a87a759c428fe98620d281b1d0d5b57a
.exe windows x86

1f93eee09e031d0b394a4ec5192816ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

raschap

DllUnregisterServer
RasCpGetInfo
RasEapInvokeConfigUI
RasCpEnumProtocolIds
DllGetClassObject
RasEapFreeMemory
DllCanUnloadNow
RasEapGetInfo
RasEapGetIdentity
RasEapInvokeInteractiveUI
DllRegisterServer

msxml3

DllUnregisterServer
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllMain

mapi32

BMAPIReadMail
MAPIAddress
PRProviderInit
FixMAPI
MAPIResolveName
cmc_act_on
BMAPIGetAddress
cmc_free
MAPIDetails
DllCanUnloadNow
cmc_read
MAPIReadMail
BMAPIGetReadMail
cmc_list
MAPIInitialize
ScMAPIXFromSMAPI
BMAPIDetails
MAPIFreeBuffer
MAPIFindNext
GetOutlookVersion
FGetComponentPath
DllGetClassObject
cmc_send
cmc_look_up
RTFSync
ScMAPIXFromCMC
MAPISaveMail
MAPIDeleteMail
HrGetOmiProvidersFlags
OpenTnefStreamEx
MAPIAllocateBuffer
MAPIOpenFormMgr
BMAPISaveMail
OpenTnefStream
MAPILogon
cmc_logon
MAPIAdminProfiles

rastapi

PortSetInfo
PortCompressionSetInfo
PortReceive
PortGetIOHandle
RastapiSetCalledID
PortClearStatistics
PortSetFraming
DeviceGetDevConfig
AddPorts
PortSend
DeviceConnect
PortEnum
PortDisconnect
EnableDeviceForDialIn
PortOpen

netshell

HrRenameConnection
HrCreateDesktopIcon
NcIsValidConnectionName
DllUnregisterServer
DllGetClassObject
DllRegisterServer
DllCanUnloadNow
HrLaunchConnection
NcFreeNetconProperties

msihnd

DllCanUnloadNow
DllUnregisterServer
DllGetClassObject
DllRegisterServer

rasmontr

RutlAlloc
RutlIsHelpToken
RutlCreateDumpFile
RutlAssignmentFromTokens
RutlAssignmentFromTokenAndDword
RutlGetOsVersion
RutlStrDup
RutlCloseDumpFile
RutlGetTagToken
InitHelperDll
RutlFree
RutlDwordDup
RutlParse

msvcrt20

_CIpow

d3d8thk

OsThunkDdCanCreateSurface
OsThunkDdUnattachSurface
OsThunkDdResetVisrgn
OsThunkD3dContextDestroy
OsThunkDdColorControl
OsThunkDdSetOverlayPosition
OsThunkDdCreateSurfaceEx
OsThunkDdCreateSurface
OsThunkDdGetScanLine
OsThunkDdWaitForVerticalBlank
OsThunkDdCanCreateD3DBuffer
OsThunkDdDestroySurface
OsThunkDdGetMoCompGuids
OsThunkDdUnlockD3D
OsThunkDdSetExclusiveMode
OsThunkDdFlipToGDISurface
OsThunkDdGetInternalMoCompInfo
OsThunkDdAttachSurface
OsThunkDdDeleteSurfaceObject
OsThunkDdReleaseDC
OsThunkDdEndMoCompFrame
OsThunkDdGetDC
OsThunkDdSetColorKey
OsThunkDdDestroyD3DBuffer
OsThunkDdAlphaBlt
OsThunkDdCreateMoComp
OsThunkDdGetDxHandle
OsThunkDdGetBltStatus
OsThunkDdCreateSurfaceObject
OsThunkDdUpdateOverlay
OsThunkDdLockD3D
OsThunkDdRenderMoComp
OsThunkD3dContextDestroyAll
OsThunkDdFlip
OsThunkDdCreateDirectDrawObject
OsThunkDdAddAttachedSurface
OsThunkDdBlt
OsThunkD3dContextCreate
OsThunkDdGetMoCompBuffInfo
OsThunkDdGetDriverState
OsThunkDdBeginMoCompFrame
OsThunkDdCreateD3DBuffer
OsThunkDdSetGammaRamp
OsThunkDdGetDriverInfo

mfc40

DllGetClassObject
DllUnregisterServer
DllCanUnloadNow
DllRegisterServer

winmm

midiStreamRestart
mmioClose
joySetCapture
waveOutBreakLoop
WOWAppExit
midiOutReset
NotifyCallbackData
waveInGetNumDevs
PlaySoundA
waveOutSetVolume
timeBeginPeriod
sndPlaySoundW
waveOutReset
mciGetDeviceIDFromElementIDW
midiOutGetDevCapsW
mmioFlush
timeGetTime
mmioStringToFOURCCW
auxSetVolume
waveInGetDevCapsA
midiInGetErrorTextW
midiInPrepareHeader
mmioOpenA
waveOutMessage
mciSetYieldProc
mciSendStringA
mmioSendMessage
mmTaskSignal
midiInMessage
mmioSeek
midiInStop
waveOutWrite
waveOutGetDevCapsA
mmioAdvance
mmioSetInfo
waveInStop
midiStreamStop
mmioWrite
midiStreamClose
waveInGetPosition
aux32Message

sti

StiCreateInstanceW
DllUnregisterServer
StiCreateInstance
DllRegisterServer
DllGetClassObject
DllCanUnloadNow

rasppp

RasCpEnumProtocolIds
PppStop
RasCpGetInfo

dmocx

DllUnregisterServer
DllGetClassObject
DllCanUnloadNow
DllRegisterServer

traffic

TcModifyFlow
TcOpenInterfaceA
TcQueryFlowW
TcAddFilter
TcSetInterface
TcEnumerateInterfaces
TcQueryInterface
TcRegisterClient
TcDeleteFilter
TcAddFlow
TcCloseInterface
TcGetFlowNameA
TcOpenInterfaceW
TcSetFlowA
TcDeleteFlow
TcEnumerateFlows
TcGetFlowNameW
TcDeregisterClient
TcQueryFlowA
TcSetFlowW

kernel32

GetCommandLineW
UnhandledExceptionFilter
SetConsoleMode
FillConsoleOutputCharacterA
GlobalSize
ReadConsoleInputA
BackupRead
SetVolumeMountPointW
VirtualAlloc
ExitThread
GetComputerNameExA
FindFirstFileW
NlsGetCacheUpdateCount
SignalObjectAndWait
CreateDirectoryExW
OpenFile
SetCommConfig
SetConsoleCP
TlsSetValue
CreatePipe
GetUserDefaultLCID
GetCommTimeouts
ExitProcess
SetVDMCurrentDirectories
CreateNamedPipeA
GetConsoleWindow
WriteConsoleInputVDMA
GetCurrentDirectoryW
lstrcmpW
RtlFillMemory
TerminateThread
CreateProcessInternalA
CreateDirectoryExA

ntlanman

NPCloseEnum
NPGetCaps
NPGetConnection
NPEnumResource
NPGetConnection3
NPAddConnection3
I_SystemFocusDialog
NPCancelConnection
NPGetUser
NPGetUniversalName
NPFormatNetworkName
NPGetResourceParent
NPOpenEnum
NPGetConnectionPerformance
NPGetReconnectFlags
DllMain
NPGetResourceInformation
NPAddConnection

Sections

.text
Size: 462KB - Virtual size: 462KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 430KB - Virtual size: 430KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 15.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1f93eee09e031d0b394a4ec5192816ff

Headers

File Characteristics

Imports

raschap

msxml3

mapi32

rastapi

netshell

msihnd

rasmontr

msvcrt20

d3d8thk

mfc40

winmm

sti

rasppp

dmocx

traffic

kernel32

ntlanman

Sections

.text Size: 462KB - Virtual size: 462KB

.rsrc Size: 430KB - Virtual size: 430KB

.tls Size: 512B - Virtual size: 4KB

.data Size: - Virtual size: 15.6MB

.rdata Size: 169KB - Virtual size: 169KB

.text
Size: 462KB - Virtual size: 462KB

.rsrc
Size: 430KB - Virtual size: 430KB

.tls
Size: 512B - Virtual size: 4KB

.data
Size: - Virtual size: 15.6MB

.rdata
Size: 169KB - Virtual size: 169KB