f2e44482b91e2e8ac34f929a2cf9e1e08e06348a697d9c296a803e63bec854b6

Sharing

Copy URL Twitter E-mail

General

Target

f2e44482b91e2e8ac34f929a2cf9e1e08e06348a697d9c296a803e63bec854b6
Size

232KB
MD5

cd07670bc6ce309e213c239f71a1f533
SHA1

7614cc5db7c9a55e27346408a362872f56233c26
SHA256

f2e44482b91e2e8ac34f929a2cf9e1e08e06348a697d9c296a803e63bec854b6
SHA512

99df8e3bbaf352407b98d037932299728fe286b805a7032806f9a356a34f6207b9b676a60e2d730551c715a5294446ffd29aae46eac8165c22473df75cc35258
SSDEEP

6144:D6ovf9TamQG4jC+38HIF8FMyavbv3xh8wCpRkN:WOf9mm/AQM7vBqBpSN

Score

N/A

Malware Config

Signatures

Files

f2e44482b91e2e8ac34f929a2cf9e1e08e06348a697d9c296a803e63bec854b6
.exe windows x86

0cd05272e4464415af0e555ab38bf258

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasman

RasProtocolEnum
RasPortSetFraming
RasRequestNotification
RasPortGetProtocolCompression
RasFreeBuffer
RasBundleGetPort
RasGetTimeSinceLastActivity
RasGetPortUserData
RasPortReceive
RasGetDevConfigEx
RasPortGetStatistics
RasGetHConnFromEntry
RasRpcConnectServer
RasSendCreds
RasRpcGetCountryInfo
RasCreateConnection
RasSetCachedCredentials
RasCompressionSetInfo
RasIsTrustedCustomDll
RasRpcGetVersion
RasEnumLanNets
RasServerPortClose

olecli32

OleSaveToStream
ErrObjectLong
MfEnumFormat
MfQueryBounds
LeShow
PbCreateLinkFromFile
ErrClose
LeChangeData
GenSaveToStream
LeCopyFromLink
OleGetLinkUpdateOptions
OleSavedClientDoc
OleActivate
OleUnlockServer
OleSetColorScheme
OleQueryName
PbGetData
OleCreateFromClip
LeEnumFormat
ErrQueryOutOfDate

kernel32

_lwrite
LockResource
BaseFlushAppcompatCache
LoadLibraryW
SetLastError
GetLocaleInfoW
GetEnvironmentStringsA
FoldStringW
SetConsoleActiveScreenBuffer
SetCalendarInfoW
GetConsoleInputExeNameA
GetThreadContext
QueryDosDeviceW
Process32NextW
SetCurrentDirectoryA

vssapi

??1CVssWriter@@UAE@XZ
VssFreeSnapshotProperties
?Uninitialize@CVssJetWriter@@QAGXXZ
?OnAbortEnd@CVssJetWriter@@UAGXXZ
??1CVssJetWriter@@UAE@XZ
?OnPrepareSnapshotBegin@CVssJetWriter@@UAG_NXZ
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
IsVolumeSnapshotted
?OnFreezeBegin@CVssJetWriter@@UAG_NXZ

authz

AuthziModifyAuditEvent
AuthziInitializeAuditQueue
AuthziFreeAuditEventType
AuthzInitializeResourceManager
AuthziInitializeAuditEvent
AuthziLogAuditEvent
AuthziFreeAuditQueue
AuthziModifyAuditQueue
AuthzFreeHandle
AuthziAllocateAuditParams
AuthzFreeAuditEvent
AuthzFreeContext
AuthziInitializeAuditParamsWithRM
AuthzInitializeContextFromSid
AuthziModifyAuditEventType
AuthzInitializeObjectAccessAuditEvent
AuthzAccessCheck
AuthzGetInformationFromContext
AuthziInitializeAuditEventType
AuthziFreeAuditParams
AuthziInitializeAuditParamsFromArray

crypt32

CryptVerifyDetachedMessageSignature
CertFindRDNAttr
CertDeleteCRLFromStore
CertEnumSubjectInSortedCTL
PFXExportCertStoreEx
CertGetNameStringW
CryptExportPublicKeyInfo
CertFindCertificateInStore
CertDuplicateStore
CryptSIPRemoveSignedDataMsg

sqlunirl

_ShellExecuteEx_@4
_GetDiskFreeSpaceEx_@16
_EnumDesktops_@12
_FindResource@12
_InsertMenuItem_@16
_CreateStatusWindow_@16
_lstrcmp_@8
_SetFileAttributes_@8
_InitiateSystemShutdown_@20
newWideCharFromMultiByte
_SetCurrentDirectory_@4
_CompareString_@24
_GetSystemDirectory_@8
_EnumICMProfiles_@12
_CommDlg_OpenSave_GetFolderPath@12
_SendMessageTimeout_@28
_CreateFont@56
_lstrcmpi_@8
_ResetDC_@8
_GetCompressedFileSize_@8
_RegQueryMultipleValues_@20
_LoadString@16
ConvertMultiSZNameToW
_NDdeGetTrustedShare_@20
_UnregisterClass_@8

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cd05272e4464415af0e555ab38bf258

Headers

File Characteristics

Imports

rasman

olecli32

kernel32

vssapi

authz

crypt32

sqlunirl

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 128KB - Virtual size: 127KB

.data Size: 61KB - Virtual size: 60KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 128KB - Virtual size: 127KB

.data
Size: 61KB - Virtual size: 60KB

.rsrc
Size: 1KB - Virtual size: 1KB