c7be2771d0998a4d878f3dbe844eb47a5f60b3a15266b24dd533461e00ef0221

Sharing

Copy URL Twitter E-mail

General

Target

c7be2771d0998a4d878f3dbe844eb47a5f60b3a15266b24dd533461e00ef0221
Size

132KB
MD5

c3a6e2cec9cb83926c6ac719f467515f
SHA1

53e94f9a9b9b0ea9b95c896c17c124ed4f6d53b0
SHA256

c7be2771d0998a4d878f3dbe844eb47a5f60b3a15266b24dd533461e00ef0221
SHA512

0e01754cd49f70c97110115d3a7f0ad0c6083af852a382ec4bfdc675753ee67d05b52f06fce3b591761f761f37460ac3b0e519b4fd2dd7732a6ecae1a7bafb73
SSDEEP

3072:ztJYNYiFpiDPwVVKn8CWuoO28FM9ePuIr6vZj/xvXrI:xJaYiGDakzWuj9M9ePZ2R1U

Score

N/A

Malware Config

Signatures

Files

c7be2771d0998a4d878f3dbe844eb47a5f60b3a15266b24dd533461e00ef0221
.exe windows x86

52a91e04cea2880255a8404e65423329

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFileTimeToFileTime
GetVolumePathNameW
GetModuleHandleA
GetLocaleInfoA
OpenEventW
CancelTimerQueueTimer
WritePrivateProfileStructW
GetCurrentThread
SetCommState
RemoveDirectoryA
LoadLibraryW
SetFileTime
GetLocalTime
VerifyVersionInfoW
SleepEx

ntmarta

AccProvHandleRevokeAccessRights
AccRewriteSetHandleRights
AccConvertAccessMaskToActrlAccess
AccProvCancelOperation
AccGetAccessForTrustee
AccProvHandleIsObjectAccessible
AccProvGetCapabilities
AccFreeIndexArray
AccConvertSDToAccess
AccProvHandleGrantAccessRights
AccProvRevokeAccessRights
AccRewriteGetHandleRights
AccRewriteSetNamedRights

ifsutil

??1INTSTACK@@UAE@XZ
?GetDrive@SECRUN@@QAEPAVIO_DP_DRIVE@@XZ
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
??0SECRUN@@QAE@XZ
?SetSystemId@LOG_IO_DP_DRIVE@@QAEEE@Z
?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
?DiskCopyMainLoop@@YGHPBVWSTRING@@000EPAVMESSAGE@@1@Z

ws2_32

WSANSPIoctl
WSAAsyncSelect
htonl
WSAStartup
WSACancelAsyncRequest
WSAInstallServiceClassW
WSAJoinLeaf
WSASendTo
WSAEventSelect
WSAStringToAddressA
WSARecvDisconnect
WSAAsyncGetServByPort
WSALookupServiceNextW
WSADuplicateSocketW
WSASocketA
WSASetServiceA
getpeername
WSAIoctl
WSAAddressToStringW
WSAGetServiceClassInfoA
WSAAddressToStringA
WEP
WSAInstallServiceClassA

shell32

StrChrA
SHCreateProcessAsUserW
SHGetDataFromIDListA
SHExtractIconsW
SHUpdateRecycleBinIcon
StrRStrIW
SHGetFileInfoW
SHFreeNameMappings
SHChangeNotify
InternalExtractIconListW
AppCompat_RunDLLW
SHGetFileInfo
SHGetDiskFreeSpaceExA
ShellAboutW
Shell_NotifyIconW
StrRStrA
StrRChrA
FindExecutableA
ShellExecuteEx
SHHelpShortcuts_RunDLLA
ShellHookProc
DllUnregisterServer
StrCmpNIA
SHFormatDrive
FindExecutableW
StrCmpNW
SHLoadNonloadedIconOverlayIdentifiers

w32topl

ToplListNumberOfElements
ToplGraphAddVertex
ToplGetSpanningTreeEdgesForVtx
ToplFree
ToplVertexGetOutEdge
ToplGraphMakeRing
ToplAddEdgeToGraph
ToplEdgeGetWeight
ToplGraphRemoveVertex
ToplHeapCreate
ToplVertexInit
ToplScheduleMaxUnavailable
ToplScheduleMerge
ToplSTHeapExtractMin
ToplEdgeFree
ToplVertexSetId
ToplScheduleNumEntries

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

52a91e04cea2880255a8404e65423329

Headers

File Characteristics

Imports

kernel32

ntmarta

ifsutil

ws2_32

shell32

w32topl

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 58KB - Virtual size: 58KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 58KB - Virtual size: 58KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB