2f71ad7a3b2be21cccdb111465629027324744b8ee1316d51f22a0d17f19afb9

Sharing

Copy URL Twitter E-mail

General

Target

2f71ad7a3b2be21cccdb111465629027324744b8ee1316d51f22a0d17f19afb9
Size

14KB
MD5

f7ebafce3d28de72c530b871eb7bb702
SHA1

3c9ac1f5144e9fdd97b897571c5a88379c84facc
SHA256

2f71ad7a3b2be21cccdb111465629027324744b8ee1316d51f22a0d17f19afb9
SHA512

3c2e9b32d705077b9351e85d84906e54dfc26770818ee7cdc4303e339b8551fbb4771703d632d46d325a290ca746e52e054c18acedfe85f847b9156e02b00b6f
SSDEEP

192:hZgZ0Y2tnCpyVLijI2jS8gPj7iKe+vIcLn7MAb5nCVszH:3TVfNZk+vj4Ab5n2g

Score

N/A

Malware Config

Signatures

Files

2f71ad7a3b2be21cccdb111465629027324744b8ee1316d51f22a0d17f19afb9
.exe windows x86

bfc2fb0834f4c10a76833a72cf859045

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??1ostream_withassign@@UAE@XZ
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
??_Estrstream@@UAEPAXI@Z
?bad@ios@@QBEHXZ
?pptr@streambuf@@IBEPADXZ
?basefield@ios@@2JB
??0filebuf@@QAE@XZ
?read@istream@@QAEAAV1@PADH@Z
??_Eostream_withassign@@UAEPAXI@Z
?open@ifstream@@QAEXPBDHH@Z
??_Distrstream@@QAEXXZ
?setp@streambuf@@IAEXPAD0@Z
??0ostream@@IAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??_8strstream@@7Bistream@@@
??4stdiobuf@@QAEAAV0@ABV0@@Z
??4ios@@IAEAAV0@ABV0@@Z
?width@ios@@QAEHH@Z
??Bios@@QBEPAXXZ
?ipfx@istream@@QAEHH@Z
??4ostrstream@@QAEAAV0@ABV0@@Z
??0filebuf@@QAE@H@Z
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
??1ostrstream@@UAE@XZ
?open@fstream@@QAEXPBDHH@Z

kernel32

InterlockedDecrement
CreateEventA
BuildCommDCBAndTimeoutsW
ActivateActCtx
WriteProfileStringW
OutputDebugStringA
PurgeComm
_lopen
ReplaceFileW
GetHandleInformation
ReadConsoleOutputCharacterW
ReplaceFile
UnregisterConsoleIME
LoadLibraryA
GetPrivateProfileSectionNamesW
SuspendThread
GetSystemDefaultLCID
WriteConsoleInputA
IsValidCodePage
GetUserDefaultLCID
WriteFileEx
DeleteTimerQueue
GetLongPathNameW
GetSystemPowerStatus
EnterCriticalSection
EnumResourceNamesA
SetComputerNameExA
GetConsoleCP
FindFirstVolumeA
SetProcessWorkingSetSize
FatalExit
IsDebuggerPresent
EscapeCommFunction
GetVolumeNameForVolumeMountPointA
LeaveCriticalSection
VirtualAlloc
GetSystemDefaultLangID
IsValidLocale
LockResource
LocalHandle
LCMapStringA
GetModuleHandleA
EnumSystemCodePagesW
WritePrivateProfileSectionA
GetProfileSectionA
SetDefaultCommConfigA
FindFirstVolumeMountPointA
BeginUpdateResourceW
GetConsoleCommandHistoryLengthW
RegisterConsoleIME
CreateHardLinkW

lz32

LZSeek
LZClose
LZDone
LZCloseFile
GetExpandedNameA
LZRead
LZInit
LZOpenFileA
GetExpandedNameW
CopyLZFile
LZCopy
LZOpenFileW
LZCreateFileW
LZStart

ntdll

ZwOpenIoCompletion
RtlMultiByteToUnicodeSize
NtAllocateVirtualMemory
_i64tow
ZwAccessCheckByTypeAndAuditAlarm
NtTranslateFilePath
ZwDeleteValueKey
RtlDebugPrintTimes
RtlAreBitsSet
RtlPinAtomInAtomTable
NtWriteFile
ZwResetWriteWatch
RtlLookupAtomInAtomTable
NtFsControlFile
_chkstk
RtlUpdateTimer
NtQueryObject
RtlCreateUnicodeString
NtImpersonateClientOfPort
RtlInterlockedPushListSList
RtlAddRefActivationContext
NtQueryDefaultUILanguage
RtlAreAnyAccessesGranted
RtlSetTimeZoneInformation
_CIlog
NtCompleteConnectPort
RtlImageRvaToVa
ZwCreateProfile
RtlSetDaclSecurityDescriptor
RtlTraceDatabaseValidate
RtlFindLeastSignificantBit
ZwWriteFileGather
wcsncpy
RtlpNtSetValueKey
ZwWaitForSingleObject
strcspn
RtlUpperChar
ZwInitializeRegistry

wintrust

CryptCATAdminPauseServiceForBackup
HTTPSCertificateTrust
CryptCATGetCatAttrInfo
CryptSIPGetRegWorkingFlags
WinVerifyTrust
WVTAsn1CatNameValueEncode
WintrustAddDefaultForUsage
WVTAsn1SpcSigInfoEncode
WintrustSetRegPolicyFlags
WVTAsn1SpcStatementTypeDecode
CryptCATGetMemberInfo
CryptCATAdminReleaseCatalogContext
WVTAsn1SpcPeImageDataEncode
DriverFinalPolicy
CryptCATVerifyMember
SoftpubDllRegisterServer
WVTAsn1SpcSpAgencyInfoEncode
DriverCleanupPolicy
WVTAsn1CatMemberInfoDecode
CatalogCompactHashDatabase
CryptCATCDFEnumMembersByCDFTag
WTHelperIsInRootStore
TrustIsCertificateSelfSigned
WinVerifyTrustEx
WTHelperProvDataFromStateData
CryptCATCDFEnumAttributesWithCDFTag
MsCatConstructHashTag
MsCatFreeHashTag
CryptCATPutAttrInfo
CryptCATAdminResolveCatalogPath
CryptSIPCreateIndirectData
CryptCATOpen
GenericChainCertificateTrust
WTHelperGetProvPrivateDataFromChain
SoftpubAuthenticode
mssip32DllRegisterServer
CryptSIPGetSignedDataMsg
CryptCATClose

msvcrt

__set_app_type
__getmainargs
exit
_memicmp
__RTCastToVoid
_lfind
_safe_fdivr
wcscmp
_outpd
_adj_fprem1
_winver
_stat64
_findnext64
_rmdir
_aligned_offset_realloc
_wfullpath
_pipe
wcslen
__p__commode
__CxxFrameHandler
__CxxQueryExceptionSize
_getwch
towupper
_tzname
_acmdln
_ismbbprint
wcstoul
_mbsdec

wmvcore

WMCreateWriterNetworkSink
WMCreateEditor
WMCreateWriterPriv
WMCreateIndexer
WMCreateReaderPriv
WMCreateBackupRestorerPrivate
WMCreateProfileManager
WMCreateWriterFileSink
WMValidateData
WMCheckURLExtension

kbduk

KbdLayerDescriptor

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfc2fb0834f4c10a76833a72cf859045

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

kernel32

lz32

ntdll

wintrust

msvcrt

wmvcore

kbduk

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 74KB - Virtual size: 74KB

.data Size: 33KB - Virtual size: 230KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 74KB - Virtual size: 74KB

.data
Size: 33KB - Virtual size: 230KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB