2b2259318909bc539b3e54145c1c25990e1d69519efb9268025135c0327fde25

Sharing

Copy URL Twitter E-mail

General

Target

2b2259318909bc539b3e54145c1c25990e1d69519efb9268025135c0327fde25
Size

136KB
MD5

449cce40e3900276b67d3ec639df3041
SHA1

35cfc603047fed7c03b8979e23e77e88dc8a983c
SHA256

2b2259318909bc539b3e54145c1c25990e1d69519efb9268025135c0327fde25
SHA512

f0ca7bdc3c6969c48b35aba713b9243b11f094b61f848b8ae9bf2538f274f625634d3e95d89994826ed5c75b8ecb38727343d404cc71db68e3988214ea53f10e
SSDEEP

3072:vXpwhUr0hVn8fBvdxg2UXDJ+TWnQmUb88Y7eMgoI2Mj7udiyOor8EcVR:vZEhKBvdxgNOWnQJmNYuTWL

Score

N/A

Malware Config

Signatures

Files

2b2259318909bc539b3e54145c1c25990e1d69519efb9268025135c0327fde25
.exe windows x86

80053741eb5fff12fb94c7c63dd327ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winipsec

EnumQMPolicies
EnumQMSAs
DeleteQMPolicy
OpenTunnelFilterHandle
GetQMPolicyByID
DeleteTunnelFilter
AddQMPolicy
SetTunnelFilter
MatchMMFilter
AddMMFilter
GetQMPolicy
MatchTunnelFilter
EnumTransportFilters
AddMMAuthMethods
EnumMMAuthMethods
AddTunnelFilter
SPDApiBufferFree
DeleteTransportFilter
GetTunnelFilter
OpenMMFilterHandle
MatchTransportFilter
GetMMPolicy
CloseTransportFilterHandle
DeleteMMFilter
SetTransportFilter

kernel32

BaseUpdateAppcompatCache
AddConsoleAliasW
GetLogicalDriveStringsA
DeleteFileA
GetEnvironmentStringsW
AddRefActCtx
EnumUILanguagesW
PeekConsoleInputW
GetCommModemStatus
RegisterWowBaseHandlers
AddAtomA
SetTimerQueueTimer
GetTapeStatus
AddConsoleAliasA
GetFirmwareEnvironmentVariableA
lstrcmpW
GetProcessShutdownParameters
LoadLibraryA
GetThreadTimes
GetCurrentThread
RtlCaptureContext
VirtualAlloc
GetProcAddress
SetTapeParameters
GetVersion
_hwrite
GetPrivateProfileIntW
OutputDebugStringA
GetLongPathNameA
GetACP
DnsHostnameToComputerNameA
TlsFree
SetMessageWaitingIndicator
ConsoleMenuControl
lstrlen
GetNumaNodeProcessorMask
GetPrivateProfileSectionA
RegisterConsoleOS2
WriteConsoleInputVDMA
ReadFileEx
SearchPathA

olecli32

OleRevertClientDoc
OleQueryLinkFromClip
PbQueryBounds
OleCreateInvisible
ErrQueryOutOfDate
LeActivate
GenEnumFormat
LeExecute
PbCreateLinkFromClip
ErrReconnect
OleSavedClientDoc
BmChangeData
OleLockServer
MfSaveToStream
LeQueryOutOfDate
OleCreateFromFile
LeSetHostNames
ErrClose
OleObjectConvert
ErrObjectConvert
OleIsDcMeta
DefCreateInvisible
LeQueryOpen
OleQueryReleaseError
MfCopy
ObjQuerySize
OleQueryName
OleRename
LeSetData
BmRelease
DefCreateFromTemplate
LeCopyFromLink
ErrCopyFromLink
OleUpdate

imm32

ImmIMPQueryIMEA
ImmCallImeConsoleIME
ImmIMPGetIMEW
ImmRequestMessageW
ImmGenerateMessage
ImmSendIMEMessageExW
ImmSystemHandler
ImmLockImeDpi
ImmConfigureIMEA
ImmGetCompositionStringW
ImmGetRegisterWordStyleW
ImmRegisterWordA
ImmGetImeInfoEx
ImmGetStatusWindowPos
ImmIsUIMessageW
ImmGetCompositionFontW
ImmGetConversionListA
ImmGetDescriptionA
ImmSetOpenStatus
ImmGetRegisterWordStyleA
ImmNotifyIME
ImmIsIME
ImmRegisterWordW
ImmSetCompositionWindow
ImmSetCompositionStringW
ImmGetConversionListW
ImmSetCompositionFontW
ImmEnumRegisterWordW
ImmSendIMEMessageExA
ImmGetImeMenuItemsA
ImmLockClientImc
ImmSetHotKey
ImmRegisterClient
ImmEnumInputContext
ImmGetIMEFileNameA
ImmLoadIME

iphlpapi

DeleteIpNetEntry
RestoreMediaSense
DeleteProxyArpEntry
GetIpErrorString
InternalSetIfEntry
IcmpCreateFile
FlushIpNetTable
_PfRemoveFiltersFromInterface@20
GetNumberOfInterfaces
SetIpForwardEntry
IcmpParseReplies
GetFriendlyIfIndex
GetAdapterOrderMap
GetTcpTable
AddIPAddress
EnableRouter
InternalSetTcpEntry
_PfDeleteLog@0
SetIpTTL
GetAdaptersAddresses
_PfAddGlobalFilterToInterface@8
GetIpStatistics
IpReleaseAddress
InternalSetIpForwardEntry
_PfCreateInterface@24
CreateIpForwardEntry
_PfTestPacket@20
InternalGetIpAddrTable
UnenableRouter
DeleteIPAddress
NhGetGuidFromInterfaceName
_PfBindInterfaceToIPAddress@12
SetIpStatistics
GetIpStatisticsEx
SetIpNetEntry
DeleteIpForwardEntry
_PfDeleteInterface@4
CreateProxyArpEntry
NotifyRouteChange
SetTcpEntry

msvcrt

_eof
wcsncpy
_heapwalk
_mbsicmp
_yn
difftime
_ismbcprint
??0exception@@QAE@XZ
localtime
__p__commode
_setjmp3
iswctype
malloc
??_Gbad_typeid@@UAEPAXI@Z
_timezone
_aligned_realloc
_spawnle
fgetpos
_fmode
atan2
_adj_fdivr_m32i
strlen
_findfirst64
_loaddll
__set_app_type
raise
_except_handler2
_wchdir
_beep
floor
_mbsnicmp
_winver
mbtowc
__p__fileinfo
labs
wcstombs
?unexpected@@YAXXZ
_strnicoll
__crtLCMapStringA
__getmainargs
_fcvt
exit
__p__winmajor

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80053741eb5fff12fb94c7c63dd327ee

Headers

DLL Characteristics

File Characteristics

Imports

winipsec

kernel32

olecli32

imm32

iphlpapi

msvcrt

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 42KB - Virtual size: 265KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 42KB - Virtual size: 265KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B