f5689b3c94111e73eabba6cdf48d85cba7a253a9c0abadcbe6587eb1eab4e1c7

Sharing

Copy URL Twitter E-mail

General

Target

f5689b3c94111e73eabba6cdf48d85cba7a253a9c0abadcbe6587eb1eab4e1c7
Size

163KB
MD5

c096d5e44f433bba748fba354acd6ed4
SHA1

f011b8a5f81828a7f0579da014d20f229a53f279
SHA256

f5689b3c94111e73eabba6cdf48d85cba7a253a9c0abadcbe6587eb1eab4e1c7
SHA512

60fe0041600c80b8d4a8a62b2b409566d27502dadd21e9ccf05e21aabded133d93cf960701aebe4de4c64fb24e4a415ac36dd3ff7bbc5f2ede2d7d5f87a09bb0
SSDEEP

3072:jl1UsVjRre5qToJMxpn2jMp3tZttRXtoZ8Jvxiue40f3yBGu+MpzYZkbBgd4gOW:hCsza5qDxR2joZFtVxiLf3yBjHJZy

Score

N/A

Malware Config

Signatures

Files

f5689b3c94111e73eabba6cdf48d85cba7a253a9c0abadcbe6587eb1eab4e1c7
.exe windows x86

86364e315010a53d5a9acba09bd812fc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAcquireResourceExclusive
ZwStopProfile
RtlNumberGenericTableElements
NtSetInformationDebugObject
NtSetLdtEntries
NtFindAtom
RtlpEnsureBufferSize
ZwSetInformationDebugObject
ZwSetSystemEnvironmentValue
NtGetPlugPlayEvent
NtCreateJobSet
CsrClientCallServer
RtlComputePrivatizedDllName_U
NtOpenProcessTokenEx
RtlGetLongestNtPathLength
RtlDeleteTimerQueueEx
RtlNewSecurityObject
ZwCreateProcess
NtQueryVolumeInformationFile
strtol
RtlSizeHeap
RtlFindSetBitsAndClear
NtQueryBootEntryOrder
iswxdigit
RtlApplyRXactNoFlush
RtlGetCurrentDirectory_U
ZwOpenSymbolicLinkObject
ZwQuerySection
ZwSetTimer
RtlGUIDFromString
NtDuplicateObject
ZwWaitHighEventPair
ZwCreateMailslotFile
NtDeleteKey
ZwAccessCheck
ceil
RtlAddAccessAllowedAce
NtQueryMutant

kernel32

IsValidCodePage
IsWow64Process
ReadConsoleInputExW
GetProfileIntW
EnumResourceLanguagesA
Process32Next
GetDriveTypeW
MoveFileExA
GetOEMCP
GenerateConsoleCtrlEvent
FindFirstFileW
GetComputerNameW
WriteProfileStringW
SuspendThread
FindResourceExW
QueryPerformanceFrequency
Module32Next
GetACP
GetConsoleCommandHistoryW
ActivateActCtx
EnumCalendarInfoExW
GetEnvironmentStringsW
GetConsoleAliasesLengthW
GetUserDefaultUILanguage
Module32First
DuplicateConsoleHandle
AllocateUserPhysicalPages
lstrcat
SystemTimeToTzSpecificLocalTime
CancelWaitableTimer
HeapWalk
VirtualAlloc
EnumDateFormatsA
LoadLibraryA
lstrcatA
GetStartupInfoA
WriteConsoleA
GetStartupInfoW
GetUserDefaultLangID
VirtualFree
VirtualQuery
GetCurrentProcess

opengl32

glIndexsv
glRotated
glColor3sv
glIndexubv
glVertex2fv
glGetLightiv
glClear
glLineStipple
glColor3f
glTexGenf
glMaterialfv
glRasterPos3f
glRasterPos3i
glRasterPos2iv
glPopMatrix
glRasterPos3s
glLoadMatrixf
glColor4usv
glBlendFunc
glScaled
glDeleteLists
glGetTexGeniv
glGetDoublev
glTexGend
glFrustum
glRectf
glEvalCoord2d
glBegin
glRasterPos4sv
glIndexMask
glColor3ubv
glCallLists
glCopyTexSubImage1D
glClearStencil
glGetPixelMapfv
glTexCoordPointer
glGetError
glGetTexLevelParameteriv
glMapGrid1f
glGetFloatv
glRenderMode
glBitmap

query

?LookupSDID@CSdidLookupTable@@QAEKPAXK@Z
?AddDir@CCatState@@QAEXAAV?$XPtrST@G@@@Z
?VT_VARIANT_LT@@YGHABUtagPROPVARIANT@@0@Z
?Init@CFileMapView@@QAEXXZ
?Marshall@CNodeRestriction@@QBEXAAVPSerStream@@@Z
?_dwLastCheckMoment@CGlobalPropFileRefresher@@0KA
??0CSort@@QAE@I@Z
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?GetDouble@CMemDeSerStream@@UAENXZ
?Add@CDbColumns@@QAEHABVCDbColId@@I@Z
??1CCatalogEnum@@QAE@XZ
??1CSort@@QAE@XZ
?QueryInterface@CEnumWorkid@@UAGJABU_GUID@@PAPAX@Z
_AbortMerges@16
?IsCIEnabled@CMachineAdmin@@QAEHXZ
?GetVolumeName@CDriveInfo@@QAEPBGH@Z
??0CPhysStorage@@IAE@AAVPStorage@@AAVPStorageObject@@KPAVPMmStream@@W4EOpenMode@1@HIH@Z
?GetDiskSpace@CDriveInfo@@QAEXAA_J0@Z
?OpenExclusive@CMmStream@@QAEXPAGH@Z
??0CException@@QAE@XZ
LocateCatalogsW
CITextToFullTreeEx
??0CPerfMon@@QAE@PBG@Z
?FillMax@CKeyArray@@QAEHH@Z
?GetGlobalStaticPropertyList@@YGPAVCStaticPropertyList@@XZ
?DoFailTest@@YGXJ@Z

atmlib

ATMSelectObject
ATMFontStatusW
ATMAddFontEx
ATMGetGlyphList
ATMGetFontPathsW
ATMBBoxBaseXYShowTextW
ATMRemoveSubstFontW
ATMBBoxBaseXYShowText
ATMGetPostScriptNameW
ATMFontStatusA
ATMGetGlyphListW
ATMGetVersion
ATMGetVersionEx
ATMAddFontExW
ATMMakePSSA
ATMGetNtmFieldsW
ATMGetFontBBox
ATMEnumFontsA
ATMGetGlyphListA
ATMAddFontExA
ATMGetOutline
ATMBBoxBaseXYShowTextA
ATMGetPostScriptName
ATMBeginFontChange
ATMXYShowTextA
ATMGetFontPaths
ATMGetNtmFields
ATMAddFontW
ATMAddFontA
ATMEndFontChange
ATMProperlyLoaded
ATMXYShowTextW
ATMInstallSubstFontW
ATMForceFontChange
ATMEnumMMFontsA
ATMGetBuildStrW
ATMXYShowText
ATMSetFlags

snmpapi

SnmpSvcAddrIsIpx
SnmpSvcGetEnterpriseOID
SnmpSvcGetUptime
SnmpTfxQuery
SnmpSvcInitUptime
SnmpUtilUnicodeToUTF8
SnmpUtilAnsiToUnicode
SnmpUtilOctetsCmp
SnmpUtilOctetsCpy
SnmpUtilAsnAnyCpy
SnmpUtilPrintAsnAny
SnmpUtilMemReAlloc
SnmpTfxOpen
SnmpUtilVarBindListFree
SnmpUtilOidCpy
SnmpSvcAddrToSocket
SnmpTfxClose
SnmpUtilUnicodeToAnsi
SnmpUtilOidToA
SnmpUtilVarBindCpy
SnmpUtilOidCmp
SnmpUtilOidAppend
SnmpUtilIdsToA
SnmpUtilPrintOid
SnmpUtilVarBindListCpy

pstorsvc

ServiceEntry
Start
PSTOREServiceMain

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86364e315010a53d5a9acba09bd812fc

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

opengl32

query

atmlib

snmpapi

pstorsvc

Sections

.text Size: 78KB - Virtual size: 78KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 47KB - Virtual size: 213KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 78KB - Virtual size: 78KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 47KB - Virtual size: 213KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 1024B