86c21ce73821cbe42772900a2a7cd3b241796d08275dcbed96779870835d31ad

Sharing

Copy URL Twitter E-mail

General

Target

86c21ce73821cbe42772900a2a7cd3b241796d08275dcbed96779870835d31ad
Size

43KB
MD5

e256c9575c6a03560caaca0dbb9fcdc3
SHA1

812a05c631a16885b492933305cee578ac52cf0b
SHA256

86c21ce73821cbe42772900a2a7cd3b241796d08275dcbed96779870835d31ad
SHA512

13300327d477a052ef29ce9d002d873e057c6af9cab37446b71c1764cc97c78a640449e2ceb5a709c91326fe67ce70d9968daf4855bc47d5ff926fe01288b949
SSDEEP

768:ug+e7+5LWDRDg037IbDrUfF3cgEbKJZm43fbUegrLv+l94izjf6FuX:we7+5cVgs7qyMgEbKi8TmLoOizT6EX

Score

N/A

Malware Config

Signatures

Files

86c21ce73821cbe42772900a2a7cd3b241796d08275dcbed96779870835d31ad
.exe windows x86

28ca294ded8b2592bded6a7e9264122a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mprapi

MprConfigServerBackup
MprAdminBufferFree
MprAdminConnectionGetInfo
MprAdminSendUserMessage
MprAdminMIBServerConnect
MprAdminUserServerDisconnect
MprConfigBufferFree
MprAdminMIBEntrySet
MprAdminInterfaceDeviceGetInfo
MprInfoDuplicate
MprAdminServerConnect
MprConfigServerRefresh
MprAdminInterfaceDelete
MprConfigInterfaceGetHandle
MprAdminMIBEntryGetFirst
MprAdminConnectionEnum
MprConfigTransportSetInfo
MprConfigTransportDelete
MprAdminUserGetInfo
MprAdminMIBEntryCreate
MprAdminInterfaceDisconnect
MprConfigTransportGetHandle
MprAdminMIBEntryGet
MprConfigTransportCreate

kernel32

GetCommState
lstrcpyW
LoadLibraryA
RegisterConsoleVDM
CreateWaitableTimerW
CreateConsoleScreenBuffer
ConnectNamedPipe
ReadFileEx
GetConsoleAliasExesLengthA
GetPrivateProfileSectionA
GetCPInfoExW
CreateDirectoryW
SetVolumeMountPointW
GetCurrentThread
GetEnvironmentVariableA
MapUserPhysicalPages
SetConsoleCursor
SetFilePointer
SetLocaleInfoA
WriteProfileStringW
GetModuleHandleA
SetThreadIdealProcessor
EnumResourceLanguagesW
VDMOperationStarted
PeekConsoleInputA
VirtualAlloc

query

?CIShutdown@@YGXXZ
?Empty@CPidLookupTable@@QAEXXZ
?SetNumberOfColumns@CCatState@@QAEXI@Z
??0CRcovStrmAppendTrans@@QAE@AAVPRcovStorageObj@@@Z
?Release@CFwPropertyMapper@@UAGKXZ
?Marshall@CDbPropSet@@QBEXAAVPSerStream@@@Z
??0CCiAdminParams@@QAE@PAVCLangList@@@Z
?IsCIDialect@CDbPropertyRestriction@@QAEHXZ
?Clone@CNodeRestriction@@QBEPAV1@XZ
??0CRequestClient@@QAE@PBGPAUIDBProperties@@@Z
?Clone@CDbCmdTreeNode@@QBEPAV1@H@Z
?Start@CCatalogAdmin@@QAEHXZ
?AddToWorkQueue@CFwAsyncWorkItem@@QAEXXZ
?GetBlob@CMemDeSerStream@@UAEXPAEK@Z
?UnMarshall@CDbProperties@@QAEHAAVPDeSerStream@@@Z
?AbortWorkItems@CWorkManager@@QAEXXZ
?Init@CPidLookupTable@@QAEHPAVPRcovStorageObj@@@Z
?IsWriteProtected@CDriveInfo@@QAEHXZ
?ShrinkToFit@CPhysStorage@@QAEXXZ
BindIFilterFromStorage
?CheckError@CLocalGlobalPropertyList@@QAEJAAKPAPAG@Z
?SetExclude@CScopeAdmin@@QAEXH@Z
??1CPerfMon@@QAE@XZ
?QueryScopeAdmin@CScopeEnum@@QAEPAVCScopeAdmin@@XZ
?ExtensionHasScriptMap@CMetaDataMgr@@QAEHPBG@Z
?Find@CCombinedPropertyList@@UAEPBVCPropEntry@@PBG@Z
?Copy@CDbPropSet@@QAEHABUtagDBPROPSET@@@Z
?DoFailTest@@YGXJ@Z
?GetStartupData@CGenericCiProxy@@QAEPBEAAU_GUID@@AAK@Z
FsCiShutdown
?AddArg@CEventItem@@QAEXK@Z
CollectCIPerformanceData
?ChangeCurrentCatalog@CCatState@@QAEXPBG@Z
?UpdateDiskLowInfo@CDiskFreeStatus@@QAEXXZ
?ValidateScopeRestriction@@YGHPAVCRestriction@@@Z
?SetUI8@CStorageVariant@@QAEXT_ULARGE_INTEGER@@I@Z
CollectFILTERPerformanceData
?Marshall@CPropNameArray@@QBEXAAVPSerStream@@@Z
??1CSynRestriction@@QAE@XZ
??1CColumns@@QAE@XZ
?Find@CEmptyPropertyList@@QAEPBVCPropEntry@@ABVCDbColId@@@Z
?AddRef@CFwPropertyMapper@@UAGKXZ
?AddMachine@CCatState@@QAEXAAV?$XPtrST@G@@@Z
?ciIsValidPointer@@YGHPBX@Z
?DecodeURLEscapes@@YGXPAEAAKPAGK@Z
?SetPhrase@CContentRestriction@@QAEXPBG@Z
??0CPhysStorage@@IAE@AAVPStorage@@AAVPStorageObject@@KIPAVPMmStream@@HIH@Z

msvcrt20

??4ostream_withassign@@QAEAAV0@ABV0@@Z
?bitalloc@ios@@SAJXZ
??1ostream@@UAE@XZ
modf
ispunct
_isnan
_mbsdec
?setmode@ifstream@@QAEHH@Z
?unlockc@ios@@KAXXZ
?fd@fstream@@QBEHXZ
fclose
_tcsninc
tan
_filbuf
??0filebuf@@QAE@ABV0@@Z
perror
?open@filebuf@@QAEPAV1@PBDHH@Z
setvbuf
?get@istream@@QAEAAV1@PAEHD@Z
_strerror
_mbsupr
_strtime
?sgetc@streambuf@@QAEHXZ
?in_avail@streambuf@@QBEHXZ
fwrite
_getdiskfree
vsprintf
??_8ofstream@@7B@

expsrv

rtcCos
rtcInputCharCountVar
__vbaFpUI1
__vbaVargObjAddref
rtcRgb
__vbaLbound
__vbaHresultCheckNonvirt
__vbaForEachAry
__vbaExitEachColl
rtcIntVar
__vbaVarCmpLt
__vbaLenBstrB
rtcAppActivate
__vbaStrI2
rtcCreateObject2
__vbaCheckType
rtcMidVar
__vbaAryRecMove
__vbaVargUnkAddref
EbSetContextWorkerThread
__vbaCyForNext
__vbaPutOwner3
rtcVarType
rtcFileDateTime

shlwapi

PathCompactPathA
SHRegDeleteUSValueA
AssocQueryKeyA
StrRetToStrW
SHRegWriteUSValueA
StrRStrIW
SHRegSetUSValueA
SHSkipJunction
SHGetThreadRef
PathRemoveExtensionA
StrRetToBufW
SHRegGetBoolUSValueW
PathUnExpandEnvStringsA
PathRenameExtensionW
StrRetToBSTR
UrlApplySchemeW
PathIsLFNFileSpecA
SHRegQueryInfoUSKeyW
PathIsNetworkPathW
SHLoadIndirectString
AssocCreate
ChrCmpIA
PathIsUNCServerShareA
StrStrW
StrDupW
StrRetToStrA
StrToIntExA
SHGetValueA
PathQuoteSpacesA
AssocQueryStringByKeyW

Sections

.text
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28ca294ded8b2592bded6a7e9264122a

Headers

DLL Characteristics

File Characteristics

Imports

mprapi

kernel32

query

msvcrt20

expsrv

shlwapi

Sections

.text Size: 1024B - Virtual size: 662B

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 96KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 1024B - Virtual size: 662B

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 96KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 512B - Virtual size: 64B