a8bfb531b787d633880ace4b05bd99a9dc5a9e2cadd613e48c9f5ccae3ba5aab

Sharing

Copy URL Twitter E-mail

General

Target

a8bfb531b787d633880ace4b05bd99a9dc5a9e2cadd613e48c9f5ccae3ba5aab
Size

826KB
MD5

51b26447feb2895e1f71c42889dd1713
SHA1

ba4eacbfe3fc8f2c3f4f5c77c5eb182670eccf1f
SHA256

a8bfb531b787d633880ace4b05bd99a9dc5a9e2cadd613e48c9f5ccae3ba5aab
SHA512

54dfea8ab71a3ac5569d552925993aa763e36ca8e0ff5bfe861d505d0068d59ddb67ba8a3661025ee86f6a6a027e657f00a391064db420593afe3e54da1d35e6
SSDEEP

24576:pjNj4avOG98MaME+CENXvHGtYX+WUNXuc:Rd7vOe8BW5NXvHGKXL

Score

N/A

Malware Config

Signatures

Files

a8bfb531b787d633880ace4b05bd99a9dc5a9e2cadd613e48c9f5ccae3ba5aab
.exe windows x86

b7418e330dba1c6fb5b2abdc91675bfe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

?setlock@ios@@QAAXXZ
??6ostream@@QAEAAV0@C@Z
?eatwhite@istream@@QAEXXZ
?setb@streambuf@@IAEXPAD0H@Z
??_Dstdiostream@@QAEXXZ
??5istream@@QAEAAV0@PAVstreambuf@@@Z
??0ostream@@QAE@PAVstreambuf@@@Z
??0iostream@@QAE@PAVstreambuf@@@Z
??_Gstrstreambuf@@UAEPAXI@Z
??0ofstream@@QAE@XZ
??0exception@@QAE@ABQBD@Z
?hex@@YAAAVios@@AAV1@@Z
??0stdiostream@@QAE@ABV0@@Z
?flags@ios@@QBEJXZ
??4exception@@QAEAAV0@ABV0@@Z
??_8strstream@@7Bostream@@@
?rdbuf@ios@@QBEPAVstreambuf@@XZ
??4ofstream@@QAEAAV0@ABV0@@Z
??4ostream_withassign@@QAEAAV0@ABV0@@Z
?precision@ios@@QBEHXZ
??_Eostream_withassign@@UAEPAXI@Z
?put@ostream@@QAEAAV1@E@Z
?sync@stdiobuf@@UAEHXZ
??1ofstream@@UAE@XZ
?get@istream@@QAEAAV1@AAD@Z
?str@istrstream@@QAEPADXZ
?underflow@strstreambuf@@UAEHXZ

pdh

PdhRelogA
PdhListLogFileHeaderW
PdhLookupPerfNameByIndexA
PdhParseCounterPathW
PdhEnumMachinesA
PdhParseCounterPathA
PdhRemoveCounter
PdhVerifySQLDBW
PdhValidatePathA
PdhComputeCounterStatistics
PdhMakeCounterPathW
PdhEnumObjectItemsHA
PdhFormatFromRawValue
PdhGetLogFileSize
PdhBrowseCountersA
PdhBrowseCountersHW
PdhGetDefaultPerfObjectA
PdhGetRawCounterArrayW
PdhBindInputDataSourceA
PdhCollectQueryData
PdhGetFormattedCounterValue

kernel32

WriteFileEx
GetCommandLineA
HeapSummary
GetCurrentProcessId
SetConsoleHardwareState
GetConsoleAliasExesA
GetVersion
GetConsoleAliasesW
GetPrivateProfileStringA
LoadLibraryW
SetConsoleCP
CreateSemaphoreA
OpenSemaphoreA
FileTimeToSystemTime
FlushViewOfFile
GetLocaleInfoA
RemoveDirectoryA
GetCommMask
ZombifyActCtx
EnumCalendarInfoW
QueryPerformanceCounter
UpdateResourceA
GetFullPathNameA
GetCurrentThread
FileTimeToLocalFileTime
GetModuleHandleA

imagehlp

ImageGetDigestStream
SymGetModuleBase
UpdateDebugInfoFileEx
SymGetLineNext64
SymGetModuleInfoW64
SymGetSymFromAddr
SymGetModuleInfo64
SymMatchFileName
SymEnumerateModules64
SymGetModuleInfoW
CheckSumMappedFile
SymEnumSym
FindExecutableImage
GetTimestampForLoadedLibrary
ImageGetCertificateData
SymFindFileInPath
SymUnloadModule64
ImageGetCertificateHeader

oleaut32

VarI4FromI8
VarUI2FromStr
SafeArrayPtrOfIndex
VarCyFromUI4
VarBstrFromUI1
VarI2FromBool
DosDateTimeToVariantTime
VarCyFromI2
VarUI8FromBool
VarR8FromStr
VarDateFromCy
VarDecSub

winscard

g_rgSCardT1Pci
SCardForgetReaderGroupW
SCardListReadersW
SCardIntroduceCardTypeA
SCardGetStatusChangeW
SCardStatusW
SCardGetCardTypeProviderNameA
SCardSetCardTypeProviderNameW
g_rgSCardRawPci

hhsetup

?WriteFolder@CCollection@@AAEHPAPAVCFolder@@@Z
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?SetTitle@CLocation@@QAEXPBG@Z
?CheckTitleRef@CCollection@@AAEKPBDG@Z
?ConfirmTitles@CCollection@@QAEXXZ
?AddChildFolder@CFolder@@QAEPAV1@PBDKPAKG@Z
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?AddFolder@CCollection@@QAEPAVCFolder@@PBDKPAKG@Z
?GetCollectionFileName@CCollection@@QAEPBDXZ
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?GetVisableRootFolder@CCollection@@QAEPAVCFolder@@XZ
?SetMasterCHM@CCollection@@QAEXPBDG@Z
?SetVolume@CLocation@@QAEXPBD@Z
?SetNextFolder@CFolder@@QAEXPAV1@@Z
?GetRootFolder@CCollection@@QAEPAVCFolder@@XZ
??4CLocation@@QAEAAV0@ABV0@@Z
?SetOrder@CFolder@@QAEXK@Z
?Close@CCollection@@QAEKXZ
?SetNextLocation@CLocation@@QAEXPAV1@@Z
?AddLocationHistory@CTitle@@QAEKKPBG00PBVCLocation@@00H@Z
?SetVolume@CLocation@@QAEXPBG@Z

ir50_qcx

CompressEnd
DllMain
CompressBegin
CompressFramesInfo
SetCPUID
SetScalability
Compress
CompressQuery
FreeInstanceData
AllocInstanceData

Sections

.text
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7418e330dba1c6fb5b2abdc91675bfe

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

pdh

kernel32

imagehlp

oleaut32

winscard

hhsetup

ir50_qcx

Sections

.text Size: 368KB - Virtual size: 367KB

.rdata Size: 100KB - Virtual size: 99KB

.data Size: 197KB - Virtual size: 1.6MB

.rsrc Size: 159KB - Virtual size: 158KB

.reloc Size: 1024B - Virtual size: 876B

.text
Size: 368KB - Virtual size: 367KB

.rdata
Size: 100KB - Virtual size: 99KB

.data
Size: 197KB - Virtual size: 1.6MB

.rsrc
Size: 159KB - Virtual size: 158KB

.reloc
Size: 1024B - Virtual size: 876B