1c1fabad8fd0d774c3ac6bf59ec0623ddb2f33e09190ba1c4eba2cb824a70f64

Sharing

Copy URL

Twitter E-mail

General

Target

1c1fabad8fd0d774c3ac6bf59ec0623ddb2f33e09190ba1c4eba2cb824a70f64
Size

146KB
MD5

1b4a163a4b181635694c844bda4b9920
SHA1

964f72f8d9803ef4f86a14db1bdeb2708cb0c0db
SHA256

1c1fabad8fd0d774c3ac6bf59ec0623ddb2f33e09190ba1c4eba2cb824a70f64
SHA512

f1ac1feafef79f02b1cc68bd933eab2b41aecddc10c05c1d340a6ae1a53ac6f812fc1725fb3f028b89a9cffc97daf6543cf03de13b18a02e2b074bf72502f9c1
SSDEEP

3072:Cn8nBGsEMXOoKBFRamYd5J4/W828GRKbJJYeAmT/fwVBCBP/j+:CqAsEgKBFRa9JZJSJffw+Bz+

Score

N/A

Malware Config

Signatures

Files

1c1fabad8fd0d774c3ac6bf59ec0623ddb2f33e09190ba1c4eba2cb824a70f64
.exe windows x86

972c799cc8cf0470f67b7a1c56767843

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsApiRealloc
DnsAsyncRegisterTerm
Dns_SendEx
DnsReplaceRecordSetUTF8
DnsRemoveRegistrations
DnsWriteQuestionToBuffer_W
DnsExtractRecordsFromMessage_W
DnsUpdateTest_UTF8
DnsStringCopyAllocateEx
Dns_SendAndRecvUdp
DnsModifyRecordsInSet_UTF8
DnsQueryConfigDword
DnsQueryConfig
DnsFlushResolverCacheEntry_UTF8
DnsRecordCompare
DnsFlushResolverCacheEntry_A
DnsApiHeapReset
Dns_ParseMessage
DnsRecordSetCopyEx
DnsQuery_UTF8
DnsGetBufferLengthForStringCopy
DnsUpdate
DnsCopyStringEx
DnsNameCopy

sqlunirl

_CreateProcessAsUser_@44
_IsDialogMessage@8
_ExpandEnvironmentStrings_@12
_lstrcat_@8
_GetOpenFileName@4
__lopen_@8
_DrawState_@40
_PrivilegedServiceAuditAlarm_@20
_FindResource@12
_GetMessage_@16
_CreateEnhMetaFile_@16
_ChangeDisplaySettings_@8
newMultiByteFromWideChar
_CharUpper@4
_GetWindowText@12
_SetWindowsHookEx_@16
_VkKeyScan_@4
_CreateDirectoryEx_@12
_GetClassInfoEx_@12
_OemToChar_@8
_OpenWaitableTimer_@12
_SHGetFileInfo_@20
_SetProp@12
_NDdeSetShareSecurity_@16
_ExtractAssociatedIcon_@12
_OpenFileMapping_@12

kernel32

GetModuleHandleA
SetThreadLocale
GetSystemDirectoryW
DosDateTimeToFileTime
CreateActCtxW
_lcreat
CreateSemaphoreA
EnumSystemGeoID
CreateWaitableTimerW
UnregisterWait
Process32FirstW
CmdBatNotification
LoadLibraryA
MultiByteToWideChar
OutputDebugStringW
GetConsoleKeyboardLayoutNameW
GetFirmwareEnvironmentVariableW
GetPrivateProfileStructW

advpack

UserInstStubWrapper
DelNodeRunDLL32
DoInfInstall
NeedRebootInit
GetVersionFromFile
RebootCheckOnInstall
FileSaveRestore
OpenINFEngine
RegSaveRestoreOnINF
LaunchINFSection
TranslateInfStringEx
LaunchINFSectionEx
CloseINFEngine
IsNTAdmin
FileSaveMarkNotExist
RegRestoreAll
GetVersionFromFileEx
FileSaveRestoreOnINF
ExecuteCab
ExtractFiles
RunSetupCommand
TranslateInfString
RegisterOCX
AdvInstallFile
DelNode

wininet

InternetGetCertByURL
DeleteIE3Cache
InternetCombineUrlA
InternetCanonicalizeUrlW
InternetGoOnline
DeleteUrlCacheContainerW
SetUrlCacheConfigInfoW
InternetReadFileExA
GetUrlCacheEntryInfoExW
InternetAlgIdToStringA
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetLockRequestFile
GetUrlCacheGroupAttributeW
FindNextUrlCacheContainerW
FtpFindFirstFileA
DeleteUrlCacheContainerA
GetUrlCacheHeaderData
FindNextUrlCacheEntryExW
HttpEndRequestA
InternetAlgIdToStringW
FtpGetCurrentDirectoryW
FreeUrlCacheSpaceA

cmutil

CmLoadIconA
?GPPS@CIniW@@QBEPAGPBG00@Z
CmEndOfStrW
?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
?CloseFile@CmLogFile@@AAEJXZ
??4CIniW@@QAEAAV0@ABV0@@Z
GetOSBuildNumber
??_FCIniA@@QAEXXZ
??0CIniW@@QAE@PAUHINSTANCE__@@PBG111@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
?CIniA_DeleteEntryFromReg@CIniA@@IBEHPAUHKEY__@@PBD1@Z
SzToWz
?Log@CmLogFile@@QAAXW4_CMLOG_ITEM@@ZZ
?LoadSection@CIniW@@QBEPAGPBG@Z
MakeBold
??4CIniA@@QAEAAV0@ABV0@@Z
?CIniW_DeleteEntryFromReg@CIniW@@IBEHPAUHKEY__@@PBG1@Z
?SetPrimaryRegPath@CIniA@@QAEXPBD@Z

imagehlp

SymLoadModule64
SymEnumerateSymbolsW
SymSetContext
SymGetSymNext64
SymEnumTypes
SymGetSymNext
SymLoadModule
ImageDirectoryEntryToDataEx
ImageAddCertificate
SymGetModuleBase
RemoveRelocations
SymFindFileInPath
SymGetModuleInfo64
SetImageConfigInformation
SymEnumSymbols
GetImageConfigInformation
FindFileInPath
UnmapDebugInformation
SymGetLineFromAddr
SymEnumerateModules
ReBaseImage64
FindDebugInfoFileEx
SymGetSymFromAddr64

mfcsubs

?SpanExcluding@CString@@QBE?AV1@PBG@Z
?GetAssocAt@CMapStringToPtr@@IBEPAUCAssoc@1@PBGAAI@Z
??0CString@@QAE@PBD@Z
?SetAtGrow@CStringArray@@QAEXHPBG@Z
??H@YG?AVCString@@ABV0@G@Z
?CopyBeforeWrite@CString@@IAEXXZ
??0CString@@QAE@XZ
?SetAt@CMapStringToPtr@@QAEXPBGPAX@Z
??8@YG_NABVCString@@0@Z
??4CString@@QAEABV0@D@Z

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

972c799cc8cf0470f67b7a1c56767843

Headers

File Characteristics

Imports

dnsapi

sqlunirl

kernel32

advpack

wininet

cmutil

imagehlp

mfcsubs

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 106KB - Virtual size: 122KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 106KB - Virtual size: 122KB

.rsrc
Size: 3KB - Virtual size: 3KB