ae85f165d2b5527be47cb3abcbb5214381f53d853c1412d1e5f4523c6db695c4

Sharing

Copy URL Twitter E-mail

General

Target

ae85f165d2b5527be47cb3abcbb5214381f53d853c1412d1e5f4523c6db695c4
Size

139KB
MD5

b1ee5ad8dc5b9191070c0479f9803d83
SHA1

914da8f06c8ed66639796b0b188ae5b3e341d206
SHA256

ae85f165d2b5527be47cb3abcbb5214381f53d853c1412d1e5f4523c6db695c4
SHA512

7dcbaf8bd9ceaa818e56c6699e39baf7967a6ba77bc17251b6c16b78d875bbaf6d9a85f4c0270f81e3e03b86b47eafab2ad80b080bf288f1aa12ae7949b0dffc
SSDEEP

3072:SsIn9SFVdVs2o9wCCbp3TJmq3deugCJqN5iEye1nrSUNkAhww6ajUU1:S798dVZJC8pJmq3deRCJq2EyarSDhC

Score

N/A

Malware Config

Signatures

Files

ae85f165d2b5527be47cb3abcbb5214381f53d853c1412d1e5f4523c6db695c4
.exe windows x86

6f438c6902ccdf675e319127ac1ec9ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

waveOutPrepareHeader
midiInGetDevCapsA
timeKillEvent
timeBeginPeriod
mixerClose
midiStreamOpen
PlaySoundW
waveOutSetPlaybackRate
waveInAddBuffer
midiInGetErrorTextW
mmioSendMessage
mid32Message
midiOutReset
midiInGetID
timeGetSystemTime
joy32Message
mmioAdvance
joySetCapture
timeSetEvent
mciSetYieldProc
midiStreamPause
waveOutGetPlaybackRate
waveInGetDevCapsA
GetDriverModuleHandle
joyGetNumDevs
joyGetThreshold
joyGetDevCapsW
waveOutRestart
midiInGetDevCapsW
waveOutSetPitch
PlaySound
mciSendStringA
waveOutReset
midiOutGetVolume
waveOutBreakLoop
midiInOpen
mmioAscend
joyGetDevCapsA
sndPlaySoundW
mmioFlush
mmioRead
waveInPrepareHeader
mmioCreateChunk

ntdll

NtQuerySecurityObject
ZwQueryAttributesFile
abs
NtSetInformationFile
LdrFindResource_U
RtlQueueWorkItem
RtlpApplyLengthFunction
ZwReleaseMutant
_itow
ZwSuspendThread
RtlEnumerateGenericTable
memset
NtQuerySemaphore
RtlActivateActivationContextUnsafeFast
ZwOpenIoCompletion
iswdigit
ZwSaveMergedKeys
RtlpNtEnumerateSubKey
RtlLargeIntegerShiftLeft
NtOpenProcessToken
NtMapUserPhysicalPages
RtlLockBootStatusData
NtSetDefaultHardErrorPort
ZwFsControlFile
RtlUpcaseUnicodeToOemN
NtCreateEventPair
strcpy
NtCreateProfile
ZwLockVirtualMemory
ZwSetUuidSeed
RtlSetCurrentDirectory_U
_alldiv
RtlAddAccessDeniedAce
RtlFindLastBackwardRunClear
RtlEqualUnicodeString

kernel32

GetFileSize
RtlMoveMemory
EnumResourceTypesA
RtlCaptureContext
UnregisterConsoleIME
RtlUnwind
DeviceIoControl
SetConsoleNumberOfCommandsA
GetNativeSystemInfo
lstrcmpiA
GetConsoleAliasA
ReadConsoleOutputAttribute
MapUserPhysicalPages
GetFileType
GetLocalTime
SetLastError
ReleaseSemaphore
GetWriteWatch
LoadLibraryA
PeekConsoleInputW
FindVolumeClose
BuildCommDCBAndTimeoutsA
GetStartupInfoW
GetConsoleAliasExesW
GlobalAlloc
GetStartupInfoA
GetThreadContext
DebugBreakProcess
WriteFile
ConvertFiberToThread
GetSystemDefaultUILanguage
GetProcessVersion
lstrlenW
ExpungeConsoleCommandHistoryA
LZOpenFileW
GetConsoleCommandHistoryLengthA
ResetWriteWatch
SetCurrentDirectoryA
SetFileShortNameA
LocalAlloc
FlushInstructionCache
CloseHandle
GetTickCount
LZInit
VirtualAlloc
EnumerateLocalComputerNamesW
GetCurrentDirectoryA
GetDiskFreeSpaceExA
DeleteFileA

cryptext

CryptExtOpenSTRW
CryptExtAddPFX
CryptExtAddP7R
CryptExtOpenPKCS7W
CryptExtAddCTL
DllGetClassObject
CryptExtAddSPC
CryptExtOpenPKCS7
CryptExtOpenCATW
CryptExtOpenCTLW
CryptExtAddCER
CryptExtOpenP7RW
CryptExtOpenCAT
CryptExtOpenCTL
CryptExtOpenCRLW
CryptExtAddCRLW
CryptExtAddPFXW
CryptExtAddSPCW
CryptExtOpenCERW
CryptExtAddCRL
CryptExtOpenCER
CryptExtAddCERW
CryptExtOpenSTR
CryptExtOpenP7R
CryptExtAddCTLW
CryptExtAddP7RW
CryptExtOpenCRL

msdart

?ConvertSharedToExclusive@CLKRHashTable@@QBEXXZ
?IsEmpty@CDoubleList@@QBE_NXZ
?HeadNode@CDoubleList@@QBEQBVCListEntry@@XZ
?WriteLock@CSmallSpinLock@@QAEXXZ
_DllMain@12
?TryWriteLock@CReaderWriterLock@@QAE_NXZ
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?ConvertExclusiveToShared@CReaderWriterLock@@QAEXXZ
?IsReadUnlocked@CReaderWriterLock2@@QBE_NXZ
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
?_H0@CLKRLinearHashTable@@CGKKK@Z
?GetSpinCount@CSpinLock@@QBEGXZ
?_CmpExch@CReaderWriterLock2@@AAE_NJJ@Z
?IsWriteLocked@CSmallSpinLock@@QBE_NXZ
?InsertHead@CDoubleList@@QAEXQAVCListEntry@@@Z
?WriteUnlock@CReaderWriterLock3@@QAEXXZ
?sm_wDefaultSpinCount@CReaderWriterLock3@@1GA
IrtlTrace
?IsWinNT4@CMdVersionInfo@@SAHXZ
?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
??1CLockedDoubleList@@QAE@XZ
?_Lock@CSpinLock@@AAEXXZ
mpCalloc
?GetSpinCount@CCritSec@@QBEGXZ
?First@CDoubleList@@QBEQAVCListEntry@@XZ
?Pop@CLockedSingleList@@QAEQAVCSingleListEntry@@XZ
?_H1@CLKRLinearHashTable@@ABEKK@Z
?TryWriteLock@CSpinLock@@QAE_NXZ
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?_Apply@CLKRLinearHashTable@@AAEKP6G?AW4LK_ACTION@@PBXPAX@Z1W4LK_LOCKTYPE@@AAW4LK_PREDICATE@@@Z
FXMemDetach
?IsReadLocked@CReaderWriterLock3@@QBE_NXZ
?s_aBucketSizes@?1??BucketSizes@CLKRHashTableStats@@SGPBJXZ@4QBJB
?ReadUnlock@CReaderWriterLock@@QAEXXZ
??1CLockedSingleList@@QAE@XZ
?ReleaseVersionInfo@CMdVersionInfo@@SAXXZ
?SetSpinCount@CCritSec@@QAE_NG@Z
MPCSInitialize
?ConvertSharedToExclusive@CFakeLock@@QAEXXZ
?GetDefaultSpinCount@CSpinLock@@SGGXZ
?_LockSpin@CSmallSpinLock@@AAEXXZ
?ConvertExclusiveToShared@CFakeLock@@QAEXXZ

gdi32

GetBrushOrgEx
CreateEnhMetaFileW
GetDeviceCaps
EngReleaseSemaphore
GdiPlayDCScript
LineDDA
SetDIBitsToDevice
AngleArc
DdEntry5
XLATEOBJ_iXlate
CreateDIBitmap
GdiIsPlayMetafileDC
DdEntry12
EnumICMProfilesW
GetCharABCWidthsW
DdEntry3
GdiEntry3
GetClipBox
EudcLoadLinkW
GetCharABCWidthsI
UnrealizeObject
SetICMProfileW
CheckColorsInGamut
EngCreateSemaphore
TextOutA
GetKerningPairs
PATHOBJ_vEnumStart
PlayEnhMetaFileRecord
DdEntry14
RemoveFontResourceTracking
GdiFlush
DeleteMetaFile

iphlpapi

_PfUnBindInterface@4
CreateIpForwardEntry
register_icmp
IpRenewAddress
SetIpForwardEntry
GetAdaptersInfo
_PfRemoveFilterHandles@12
IcmpCloseHandle
NhpAllocateAndGetInterfaceInfoFromStack
do_echo_req
SetIfEntry
_PfBindInterfaceToIPAddress@12
InternalGetIpNetTable
_PfBindInterfaceToIndex@16
DeleteIpForwardEntry
NotifyRouteChange
SetTcpEntry
do_echo_rep
GetIpErrorString
InternalSetIfEntry
GetBestRoute
IcmpSendEcho
GetUdpTable
SetIpStatistics
GetIpStatistics
Icmp6SendEcho2
_PfSetLogBuffer@28
DeleteIPAddress
GetAdapterIndex
Icmp6CreateFile
InternalCreateIpNetEntry
CreateProxyArpEntry
NhGetInterfaceNameFromGuid
NhGetInterfaceNameFromDeviceGuid
_PfDeleteLog@0
_PfCreateInterface@24
GetNumberOfInterfaces
GetAdapterOrderMap
InternalGetIpForwardTable
InternalSetIpNetEntry

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f438c6902ccdf675e319127ac1ec9ca

Headers

DLL Characteristics

File Characteristics

Imports

winmm

ntdll

kernel32

cryptext

msdart

gdi32

iphlpapi

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 17KB - Virtual size: 128KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 224B

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 17KB - Virtual size: 128KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 224B