d26cea107dc4fbdd6dd38085af7ff0e093428c1e58e45a8e11b861fbbab6a107

Sharing

Copy URL

Twitter E-mail

General

Target

d26cea107dc4fbdd6dd38085af7ff0e093428c1e58e45a8e11b861fbbab6a107
Size

836KB
MD5

c5384e4f219444b362f4eabb0ed691f4
SHA1

3ae4379927fed5da2c6478b4a1f05085d3eedb6c
SHA256

d26cea107dc4fbdd6dd38085af7ff0e093428c1e58e45a8e11b861fbbab6a107
SHA512

f1147c75b17efbb48377ad20032e0cce4aa1626d85ce717f84f5b779204ee9015aef7b0a44394b335b346d5ce6fe1f42606d3788add269e552a6246babbe6342
SSDEEP

12288:gmHDGPRigEzJEwtudnp016VCXnBhGTxahwy8DUN8NOFZXGUiA7SrYjvPpd5RopHS:M9Ezftuz0GgnBzBQYMOrXz+UjZy9

Score

N/A

Malware Config

Signatures

Files

d26cea107dc4fbdd6dd38085af7ff0e093428c1e58e45a8e11b861fbbab6a107
.exe windows x86

23a35978da2047175f1d512e354ab579

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wow32

WOWGlobalUnlock16
WOWDirectedYield16
WOW32ResolveMemory
CopyDropFilesFrom32
WOWFreeMetafile
WOWHandle32
WOWGlobalAlloc16
WOWCallback16Ex
W32Init
WOWGlobalLock16
WOWYield16
WOWGlobalUnlockFree16
WOWGlobalAllocLock16
WOWHandle16
WOWCallback16
WOWGetVDMPointer
W32Dispatch
W32HungAppNotifyThread
WOWGlobalFree16
GetCommShadowMSR
WOW32DriverCallback
CopyDropFilesFrom16
WOWGetVDMPointerFix
WOWGetVDMPointerUnfix
WOW32ResolveHandle
GetCommHandle
WOWGlobalLockSize16
WOWUseMciavi16

cmutil

?LoadEntry@CIniA@@IBEPADPBD@Z
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
?GetPrimaryRegPath@CIniA@@QBEPBDXZ
CmAtolW
CmWinHelp
?Init@CRandom@@QAEXK@Z
?Start@CmLogFile@@QAEJH@Z
?IsEnabled@CmLogFile@@QAEHXZ
?Write@CmLogFile@@AAEJPAG@Z
?GPPI@CIniW@@QBEKPBG0K@Z
?GPPB@CIniA@@QBEHPBD0H@Z
?Clear@CIniW@@QAEXXZ
?GetPrimaryFile@CIniA@@QBEPBDXZ
?SetHInst@CIniW@@QAEXPAUHINSTANCE__@@@Z
?OpenFile@CmLogFile@@AAEJXZ

pdh

PdhLookupPerfNameByIndexA
PdhVerifySQLDBW
PdhGetDataSourceTimeRangeA
PdhVbGetOneCounterPath
PdhGetDefaultPerfObjectW
PdhVbOpenQuery
PdhExpandWildCardPathHW
PdhSetQueryTimeRange
PdhTranslateLocaleCounterA
PdhEnumObjectsW
PdhGetRawCounterArrayA
PdhEnumMachinesW
PdhCloseLog
PdhEnumObjectItemsHA
PdhLookupPerfIndexByNameA
PdhRelogA
PdhReadRawLogRecord
PdhOpenQueryH
PdhRelogW
PdhCreateSQLTablesA
PdhAdd009CounterA

advapi32

CreateWellKnownSid
QueryAllTracesW
LsaQueryForestTrustInformation
CreatePrivateObjectSecurityWithMultipleInheritance
OpenServiceA
GetMultipleTrusteeA
GetInheritanceSourceA
CredGetTargetInfoW
EqualPrefixSid
ElfReportEventW
GetLocalManagedApplications
WmiFreeBuffer

sqlunirl

_ExpandEnvironmentStrings_@12
_ReplaceText_@4
newMultiByteFromWideCharEx
_CreateStatusWindow_@16
_CreateEnhMetaFile_@16
_LoadCursorFromFile_@4
_SendDlgItemMessage@20
_FindFirstFileEx_@24
__hwrite_@12
_MessageBoxEx_@20
_GetBinaryType_@8
_GetWindowTextLength@4
_lstrcpy_@8
__lcreat_@8
_MoveFile@8
_CopyEnhMetaFile_@8
_CreateWaitableTimer_@12
_TabbedTextOut_@32
_CreateDC_@16
_EnumFontFamiliesEx_@20
_lstrcmp_@8
AllocConvertMultiSZNameToA
_NDdeSetShareSecurity_@16
_QueryDosDevice_@12
_CallNamedPipe_@28
_DeviceCapabilities_@20
_CallMsgFilter_@8
_GetCurrentDirectory_@8

kernel32

SetLastError
GetWriteWatch
GetUserDefaultLCID
DeactivateActCtx
BaseCleanupAppcompatCacheSupport
MapViewOfFileEx
GetTickCount
LoadLibraryW
ScrollConsoleScreenBufferW
GetConsoleCommandHistoryLengthA
SetFileShortNameA
OpenMutexA
SetEnvironmentVariableA
SetTapePosition
GlobalGetAtomNameW
SetComputerNameW

dhcpsapi

DhcpRemoveOption
DhcpScanDatabase
DhcpGetVersion
DhcpEnumClasses
DhcpModifyClass
DhcpServerSetConfig
DhcpGetSubnetInfo
DhcpSetThreadOptions
DhcpDsInit
DhcpScanMDatabase
DhcpGetClassInfo
DhcpGetOptionInfoV5

mfcsubs

?Left@CString@@QBE?AV1@H@Z
??ACString@@QBEGH@Z
?Find@CString@@QBEHPBG@Z
?GetBuffer@CString@@QAEPAGH@Z
?UnlockBuffer@CString@@QAEXXZ
??1CSyncObject@@UAE@XZ
?FormatMessageW@CString@@QAAXPBGZZ
??1CString@@QAE@XZ
??YCString@@QAEABV0@G@Z
?FreeExtra@CString@@QAEXXZ
??0CMapStringToPtr@@QAE@H@Z
??N@YG_NABVCString@@PBG@Z
?FormatV@CString@@IAEXPBGPAD@Z
??4CString@@QAEABV0@D@Z

Sections

.text
Size: 426KB - Virtual size: 425KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23a35978da2047175f1d512e354ab579

Headers

DLL Characteristics

File Characteristics

Imports

wow32

cmutil

pdh

advapi32

sqlunirl

kernel32

dhcpsapi

mfcsubs

Sections

.text Size: 426KB - Virtual size: 425KB

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 197KB - Virtual size: 1.5MB

.rsrc Size: 91KB - Virtual size: 91KB

.reloc Size: 1024B - Virtual size: 932B

.text
Size: 426KB - Virtual size: 425KB

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 197KB - Virtual size: 1.5MB

.rsrc
Size: 91KB - Virtual size: 91KB

.reloc
Size: 1024B - Virtual size: 932B