b733f85e91533035a8927bc2e37761c96bb3c642dc7d81ae50ad075fd6499ab4

Sharing

Copy URL Twitter E-mail

General

Target

b733f85e91533035a8927bc2e37761c96bb3c642dc7d81ae50ad075fd6499ab4
Size

51KB
MD5

f7494ebb4d081da4af9e98c8d84cf8b3
SHA1

da6a57c26871c9571f54336c61423a0a7e63a18b
SHA256

b733f85e91533035a8927bc2e37761c96bb3c642dc7d81ae50ad075fd6499ab4
SHA512

6f06556565ab87360c75897125551ee1f5e85aa304079a4675c8bf61d0901a8de7cd1e6db6dbc53d54d4629b2d0cefbc22e811ab445ac05371b2e4bc215ae412
SSDEEP

1536:go1Z7BpjpyqShql0t3H/WYVq65urkE8Jj:goX7HVUH9crkZJ

Score

N/A

Malware Config

Signatures

Files

b733f85e91533035a8927bc2e37761c96bb3c642dc7d81ae50ad075fd6499ab4
.exe windows x86

f9c8c104e37863d4dbd67288f727a17a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

untfs

?Initialize@NTFS_BITMAP_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?QueryExtentList@NTFS_ATTRIBUTE_RECORD@@QBEEPAVNTFS_EXTENT_LIST@@@Z
??0NTFS_MFT_INFO@@QAE@XZ
?Read@NTFS_SA@@UAEEXZ
Extend
??0NTFS_EXTENT_LIST@@QAE@XZ
?Initialize@NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@E@Z
??1NTFS_LOG_FILE@@UAE@XZ
??1NTFS_INDEX_TREE@@UAE@XZ
Format
??1NTFS_REFLECTED_MASTER_FILE_TABLE@@UAE@XZ
?WriteRemainingBootCode@NTFS_SA@@QAEEXZ
??0NTFS_ATTRIBUTE@@QAE@XZ
?QueryLcnFromVcn@NTFS_EXTENT_LIST@@QBEEVBIG_INT@@PAV2@1@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
?QueryEntry@NTFS_INDEX_TREE@@QAEEKPAXKPAPAU_INDEX_ENTRY@@PAPAVNTFS_INDEX_BUFFER@@PAE@Z
?QueryFileSizes@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVBIG_INT@@0PAE@Z
??1NTFS_BITMAP@@UAE@XZ
??1NTFS_ATTRIBUTE@@UAE@XZ
?Initialize@NTFS_UPCASE_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?ComputeDupInfoSignature@NTFS_MFT_INFO@@CGXPAU_DUPLICATED_INFORMATION@@QAE@Z
?Write@NTFS_FRS_STRUCTURE@@QAEEXZ
?IsDosName@NTFS_SA@@SGEPBU_FILE_NAME@@@Z
?QueryNumberOfExtents@NTFS_EXTENT_LIST@@QBEKXZ
?ResetIterator@NTFS_INDEX_TREE@@QAEXXZ
?Read@NTFS_ATTRIBUTE@@QAEEPAXVBIG_INT@@KPAK@Z
??1NTFS_ATTRIBUTE_DEFINITION_TABLE@@UAE@XZ
?ReadAgain@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
??1NTFS_ATTRIBUTE_LIST@@UAE@XZ
??1NTFS_FRS_STRUCTURE@@UAE@XZ
?ReadSet@NTFS_FRS_STRUCTURE@@QAEEPAVTLINK@@@Z
?MakeNonresident@NTFS_ATTRIBUTE@@UAEEPAVNTFS_BITMAP@@@Z

ole32

OleUninitialize
StgOpenPropStg
HMENU_UserSize
ProgIDFromCLSID
OleRegGetMiscStatus
CoGetInterfaceAndReleaseStream
CoGetInterceptor
CoGetProcessIdentifier
CoUnmarshalHresult
ReadClassStg
StgCreatePropStg
CoTreatAsClass
CreateErrorInfo
FreePropVariantArray
CLIPFORMAT_UserFree
HBITMAP_UserSize
CoGetObject
OleCreateStaticFromData
ComPs_NdrDllGetClassObject
CoUnmarshalInterface
GetRunningObjectTable
RevokeDragDrop
UtConvertDvtd16toDvtd32
PropVariantChangeType
CoGetInstanceFromFile
OleQueryLinkFromData
CoPushServiceDomain
CoUnloadingWOW
CoInstall
CoGetCurrentProcess
OleCreateFromData
CoLockObjectExternal
CreateFileMoniker
OleCreateLinkFromDataEx

kernel32

GetNumberOfConsoleMouseButtons
CreateDirectoryExA
GetFileAttributesExW
QueryPerformanceCounter
GetGeoInfoW
EnumDateFormatsW
CreateMailslotA
RemoveDirectoryA
WaitNamedPipeW
GetTimeZoneInformation
GetBinaryType
GetStdHandle
LocalAlloc
GetProcessPriorityBoost
GetCommandLineW
GetUserDefaultUILanguage
VirtualAlloc
VirtualAllocEx
SignalObjectAndWait
CompareStringA
DebugBreakProcess
lstrcat
GetConsoleCharType
OpenProcess
SetFileAttributesA
QueueUserWorkItem
GetLargestConsoleWindowSize
CreateActCtxA
LoadLibraryA
WriteConsoleOutputAttribute
GetNumberFormatA
GetConsoleAliasExesLengthA
GetTickCount

wow32

GetCommShadowMSR
WOWUseMciavi16
WOWCallback16
WOWGlobalAlloc16
WOWGetVDMPointerFix
WOWHandle16
WOWGlobalUnlockFree16
W32Dispatch
WOWGlobalLockSize16
WOWFreeMetafile
WOWGlobalUnlock16
W32Init
WOW32ResolveMemory
WOWGlobalFree16
GetCommHandle
WOWCallback16Ex
WOWGetVDMPointerUnfix
WOW32DriverCallback
CopyDropFilesFrom32
WOWGetVDMPointer
WOWGlobalLock16
WOW32ResolveHandle
WOWHandle32
CopyDropFilesFrom16
WOWDirectedYield16
W32HungAppNotifyThread
WOWGlobalAllocLock16

cfgmgr32

CM_Run_Detection_Ex
CM_Set_DevNode_Registry_Property_ExW
CM_Query_And_Remove_SubTree_ExW
CM_Connect_MachineA
CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_Interface_ListA
CM_Delete_DevNode_Key_Ex
CM_Get_Parent
CM_Get_Next_Res_Des_Ex
CM_Next_Range
CM_Remove_SubTree_Ex
CM_Get_DevNode_Registry_Property_ExA
CM_Reenumerate_DevNode_Ex
CM_Get_Hardware_Profile_InfoA
CM_Create_DevNode_ExA
CM_Create_Range_List
CM_Unregister_Device_InterfaceA
CM_Enable_DevNode
CM_Get_Next_Log_Conf
CM_Get_Class_NameW
CM_Invert_Range_List
CM_Query_And_Remove_SubTreeW
CM_Enumerate_Enumerators_ExA
CM_Get_Device_Interface_List_Size_ExA
CM_Free_Res_Des
CM_Add_Res_Des
CM_Free_Log_Conf_Ex
CM_Get_Device_Interface_AliasA
CM_Get_Device_ID_ListA
CM_Set_DevNode_Registry_Property_ExA

ntdll

ZwQueryKey
RtlGetNtGlobalFlags
_aulldiv
ZwOpenJobObject
NtReadFile
NtQuerySemaphore
RtlImageRvaToSection
ZwSetSecurityObject
RtlDeregisterWaitEx
swprintf
RtlPcToFileHeader
NtEnumerateSystemEnvironmentValuesEx
ZwReplyPort
ZwCancelTimer
RtlSplay
RtlClearBits
NtRemoveProcessDebug
NtWaitForMultipleObjects
NtRequestPort
RtlMultiAppendUnicodeStringBuffer
RtlQuerySecurityObject
NtInitializeRegistry
RtlLockHeap
LdrInitializeThunk
ZwQueryEvent
ZwQueryInformationPort
RtlUnicodeToMultiByteN
NtAccessCheckByTypeResultListAndAuditAlarm
RtlLookupElementGenericTable

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9c8c104e37863d4dbd67288f727a17a

Headers

DLL Characteristics

File Characteristics

Imports

untfs

ole32

kernel32

wow32

cfgmgr32

ntdll

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1KB - Virtual size: 1KB