8a2cae92329e592eadc44a67bb5916924eb306fc60c2f2b9f5d4748c5d4cc07b

Sharing

Copy URL Twitter E-mail

General

Target

8a2cae92329e592eadc44a67bb5916924eb306fc60c2f2b9f5d4748c5d4cc07b
Size

93KB
MD5

20d71775264aa7b4c4129e6c1507a4c0
SHA1

b186ec0d89302c692581057fdbd6cc519e05adc3
SHA256

8a2cae92329e592eadc44a67bb5916924eb306fc60c2f2b9f5d4748c5d4cc07b
SHA512

8a4a6a75152dffe5da3e42f439fa6dbdb1b0dd2ed1fc0c7b9b4d019f41df4e85b0e95c52cd8c8aff9fd0e554c53661302ac53070f4f60358a7381fb6d64a6120
SSDEEP

1536:FqA7OjoVSAbGCa3uOB3VYnYgZIs7yLxsayo60BitWnrlSsTBLcM783cRadH:B7uoVfbBqlSYgZXKxsawNaS4BIZse

Score

N/A

Malware Config

Signatures

Files

8a2cae92329e592eadc44a67bb5916924eb306fc60c2f2b9f5d4748c5d4cc07b
.exe windows x86

f1a2f3ac299cb200cc0a86af9c100c78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ieakeng

ModifyZones
GetFavoritesMaxNumber
ErrorMessageBox
BuildPalette
ProcessFavSelChange
DoReboot
CheckField
MoveUpFavorite
BToolbar_Remove
MoveDownFavorite
DestroyADMWindow
GetAdmWindowHandle
ModifyRatings
SelectADMItem
SaveADMItem
CreateADMWindow
ShowADMWindow
CanDeleteADM
GetFavoritesNumber
ModifyAuthCode
CheckForDupKeys
DisplayADMItem
IsFavoriteItem
NewFolder
ShowInetcpl
MoveADMWindow
BToolbar_Edit

kernel32

EnumSystemLanguageGroupsA
SetSystemTimeAdjustment
UnhandledExceptionFilter
WaitNamedPipeA
OutputDebugStringW
VirtualLock
GetDevicePowerState
CreateFileW
DeleteVolumeMountPointW
GetTempFileNameW
FreeUserPhysicalPages
SetConsoleFont
GlobalAddAtomA
WriteFileGather
ConsoleMenuControl
CompareStringW
EnumCalendarInfoExW
BackupSeek
GetTimeFormatA
CreateConsoleScreenBuffer
VirtualAlloc
GetConsoleMode
LoadModule
DeleteFileW
WriteConsoleOutputCharacterA
RegisterWaitForSingleObject
GlobalSize
RaiseException
RtlMoveMemory
IsValidCodePage
FindFirstVolumeA
CreatePipe
lstrlen
GetCommandLineW

msrating

RatingAccessDeniedDialog2
RatingCheckUserAccess
RatingSetupUI
RatingCustomAddRatingSystem
RatingCustomRemoveRatingHelper
RatingCustomSetDefaultBureau
RatingCustomCrackData
RatingAccessDeniedDialog
RatingEnabledQuery
RatingCustomAddRatingHelper
RatingAddPropertyPages
RatingEnable
RatingObtainQuery
RatingInit
ClickedOnPRF
ChangeSupervisorPassword
VerifySupervisorPassword
RatingCustomInit
RatingFreeDetails
RatingCustomSetUserOptions
RatingCustomDeleteCrackedData
RatingObtainCancel
ClickedOnRAT

olecli32

MfSaveToStream
OleGetData
PbGetData
OleObjectConvert
LeSetData
GenGetData
OleCreateFromFile
LeObjectConvert
OleSetData
PbDraw
LeCopyFromLink
OleSaveToStream
DibChangeData
DefCreateFromFile
DefCreateLinkFromFile
OleUnlockServer
OleQueryCreateFromClip
OleQueryName
MfDraw
LeCreateInvisible
OleGetLinkUpdateOptions
OleCreateLinkFromClip
LeQueryBounds
ErrReconnect
OleQueryReleaseMethod
ObjQueryType
BmChangeData
OleSetColorScheme
OleCreateFromClip
SrvrWndProc
DibDraw
CheckNetDrive
BmQueryBounds
MfGetData
OleSetBounds
BmSaveToStream

wsnmp32

SnmpFreePdu
SnmpCleanup
SnmpCreatePdu
SnmpStrToEntity
SnmpStartup
SnmpGetVb
SnmpSendMsg
SnmpSetTranslateMode
SnmpCreateVbl
SnmpListen
SnmpClose
SnmpSetTimeout
SnmpOidCopy
SnmpFreeDescriptor
SnmpGetRetry
SnmpOidToStr
SnmpDuplicateVbl
SnmpFreeVbl
SnmpSetRetransmitMode
SnmpRecvMsg
SnmpSetRetry
_SnmpSetAgentAddress@4
SnmpFreeEntity
SnmpCancelMsg

mtxoci

ofetch
obndrn
olog
ocof
oexn
ocon
MTxolog
oexec
odessp
oflng
oopen
ocom
ologof
obreak
MTxOciGetVersion
Enlist
oclose
ocan
oermsg
obndrv
oparse
ofen
oerhms
DllRegisterServer
orol

cryptdlg

EncodeRecipientID
CertSelectCertificateW
DllUnregisterServer
CertTrustCertPolicy
DllRegisterServer
GetFriendlyNameOfCertW
CertTrustFinalPolicy
GetFriendlyNameOfCertA
CertViewPropertiesW
CertModifyCertificatesToTrust
DecodeAttrSequence
CertSelectCertificateA
CertConfigureTrustA
CertTrustInit
FormatVerisignExtension
CertViewPropertiesA
EncodeAttrSequence
CertConfigureTrustW
DecodeRecipientID
FormatPKIXEmailProtection
CertTrustCleanup

user32

DdeClientTransaction
CopyAcceleratorTableA
CascadeChildWindows
SetCaretPos
ScreenToClient
GetPropA
GetAppCompatFlags
SetThreadDesktop
GetKeyboardLayout
LookupIconIdFromDirectory
GetTitleBarInfo
GetWindowRgn
DdeGetQualityOfService
SetMessageExtraInfo
SetWindowLongW
LoadAcceleratorsW
SetCursorPos
DeleteMenu
SetDoubleClickTime
GetWindowModuleFileName
OpenClipboard
DlgDirSelectExA
EnumWindows
DdeEnableCallback
InsertMenuA
UpdatePerUserSystemParameters
SendMessageCallbackW
LoadCursorW
KillTimer
EndDialog
CharToOemW
VkKeyScanW
ChangeDisplaySettingsExA
CharUpperBuffW
GetCaretPos
CreateMDIWindowA
CharNextW
DlgDirSelectComboBoxExA
DdeDisconnect

shdocvw

HlinkFrameNavigateNHL
URLQualifyW
DoFileDownload
DllCanUnloadNow
DoFileDownloadEx
HlinkFrameNavigate
DoAddToFavDlgW
ImportPrivacySettings
HlinkFindFrame
DllRegisterWindowClasses
DoAddToFavDlg
SHGetIDispatchForFolder
AddUrlToFavorites
DoOrganizeFavDlgW
DllGetVersion
SHAddSubscribeFavorite
DoOrganizeFavDlg
URLQualifyA
OpenURL
SetShellOfflineState
SetQueryNetSessionCount
DoPrivacyDlg
DllGetClassObject
SoftwareUpdateMessageBox

cfgmgr32

CM_Unregister_Device_InterfaceA
CM_Register_Device_Interface_ExA
CM_Add_Res_Des_Ex
CM_Get_Class_Key_NameA
CM_Set_HW_Prof
CM_Get_Global_State_Ex
CM_Uninstall_DevNode_Ex
CM_Get_First_Log_Conf
CM_Get_Device_IDA
CM_Set_HW_Prof_Flags_ExA
CM_Free_Log_Conf_Ex
CM_Find_Range
CM_Get_Resource_Conflict_Count
CM_Get_HW_Prof_Flags_ExA
CM_Get_Device_Interface_List_ExA
CM_Add_ID_ExA
CM_Setup_DevNode_Ex
CM_Unregister_Device_InterfaceW
CM_Delete_Class_Key
CM_Query_And_Remove_SubTreeA
CM_Open_DevNode_Key_Ex
CM_Get_DevNode_Status
CM_Open_DevNode_Key
CM_Connect_MachineA
CM_Query_And_Remove_SubTree_ExA
CM_Get_Class_Key_Name_ExW

xolehlp

DtcGetTransactionManagerExA
DtcGetTransactionManagerC
DtcGetTransactionManagerExW
DtcGetTransactionManager
GetDtcLocaleResourceHandle
DtcGetTransactionManagerEx

hid

HidD_GetSerialNumberString
HidD_FreePreparsedData
HidP_GetUsageValueArray
HidP_GetData
HidD_FlushQueue
HidD_SetNumInputBuffers
HidP_UsageListDifference
HidD_Hello
HidP_GetButtonCaps
HidP_GetUsages
HidD_SetConfiguration
HidP_SetScaledUsageValue
HidP_GetValueCaps
HidP_GetUsagesEx
HidD_GetConfiguration
HidD_GetAttributes
HidP_GetSpecificValueCaps
HidP_GetUsageValue
HidD_GetManufacturerString
HidD_GetPreparsedData
HidD_GetNumInputBuffers
HidP_GetExtendedAttributes
HidP_MaxDataListLength
HidP_SetUsageValueArray
HidP_GetCaps
HidP_SetData
HidD_GetIndexedString
HidP_GetLinkCollectionNodes

rtutils

RouterLogEventDataA
RouterLogRegisterW
RouterLogRegisterA
RouterLogEventW
TraceDumpExA
RouterLogDeregisterW
MprSetupProtocolFree
TraceDeregisterW
TraceVprintfExA
RouterLogDeregisterA
LogEventA
TraceDeregisterExA
MprSetupProtocolEnum
RouterLogEventValistExW
TraceGetConsoleA
TracePrintfExW
RouterLogEventExW
TraceDeregisterA
RouterLogEventStringA
TracePutsExW
TracePrintfExA
RouterAssert
RouterGetErrorStringA
LogErrorA
RouterGetErrorStringW
TraceGetConsoleW
TraceDeregisterExW
TracePrintfW
LogErrorW
LogEventW
RouterLogEventStringW
TraceVprintfExW
TraceDumpExW

mapi32

MNLS_lstrcpyW@8
SzFindLastCh@8
CreateTable@36
ScBinFromHexBounded@12
cmc_send_documents
HrComposeEID@28
MAPISaveMail
HrDispatchNotifications@4
InstallFilterHook@4
cmc_act_on
MAPIGetDefaultMalloc@0
MAPIOpenLocalFormContainer
BMAPIReadMail
MNLS_WideCharToMultiByte@32
SwapPlong@8
HrAllocAdviseSink@12
FtNegFt@8
HrSzFromEntryID@12
FBadRglpNameID@8
ScRelocProps@20
MAPIFindNext
MAPIResolveName
CreateIProp@24
ScCreateConversationIndex@16
EncodeID@12
HrDecomposeMsgID@24
UNKOBJ_ScCOAllocate@12
FEqualNames@8
PRProviderInit
cmc_free
BuildDisplayTable@40
MapStorageSCode@4
BMAPISendMail
MAPIInitIdle@4
UlPropSize@4
MAPILogonEx
RTFSync@12
MAPISendMail
UNKOBJ_FreeRows@8
UNKOBJ_ScAllocate@12

untfs

?Initialize@NTFS_UPCASE_TABLE@@QAEEPAVNTFS_ATTRIBUTE@@@Z
??0NTFS_BOOT_FILE@@QAE@XZ
??1NTFS_ATTRIBUTE@@UAE@XZ
?QueryLcnFromVcn@NTFS_EXTENT_LIST@@QBEEVBIG_INT@@PAV2@1@Z
?ComputeFileNameSignature@NTFS_MFT_INFO@@CGXKPAU_FILE_NAME@@QAE@Z
?QueryDefaultClustersPerIndexBuffer@NTFS_SA@@SGKPBVDP_DRIVE@@K@Z
?QueryClusterFactor@NTFS_SA@@QBEEXZ
?Flush@NTFS_MFT_FILE@@QAEEXZ
?QueryFlags@NTFS_MFT_INFO@@SGEPAXG@Z
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
??1NTFS_FILE_RECORD_SEGMENT@@UAE@XZ
?Initialize@NTFS_REFLECTED_MASTER_FILE_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?QueryFileReference@NTFS_INDEX_TREE@@QAEEKPAXKPAU_MFT_SEGMENT_REFERENCE@@PAE@Z
??1NTFS_FRS_STRUCTURE@@UAE@XZ
?Resize@NTFS_ATTRIBUTE@@UAEEVBIG_INT@@PAVNTFS_BITMAP@@@Z
??1NTFS_UPCASE_FILE@@UAE@XZ
?AddSecurityDescriptorData@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAXPAPAU_SECURITY_ENTRY@@KW4_CANNED_SECURITY_TYPE@@PAVNTFS_BITMAP@@E@Z
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
??1NTFS_SA@@UAE@XZ
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Write@NTFS_BITMAP@@QAEEPAVNTFS_ATTRIBUTE@@PAV1@@Z
??1NTFS_BAD_CLUSTER_FILE@@UAE@XZ
ChkdskEx
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?Write@NTFS_FILE_RECORD_SEGMENT@@UAEEXZ
??0NTFS_ATTRIBUTE@@QAE@XZ
?Initialize@NTFS_BOOT_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_EXTENT_LIST@@QAEEVBIG_INT@@0@Z

mapistub

LAUNCHWIZARD
UlAddRef@4
UNKOBJ_ScAllocate@12
UlRelease@4
DllCanUnloadNow
DeinitMapiUtil@0
ScCountNotifications@12
PpropFindProp@12
HrValidateParameters@8
FEqualNames@8
cmc_send_documents
cmc_send
MNLS_lstrcmpW@8
CreateIProp@24
cmc_logon
MAPILogoff
__CPPValidateParameters@8
ScRelocProps@20
cmc_act_on
MAPIDeinitIdle@0
MAPIReadMail
HexFromBin@12
MNLS_lstrcpyW@8
MapStorageSCode@4
BMAPIReadMail

Sections

.data
Size: 1024B - Virtual size: 720B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f1a2f3ac299cb200cc0a86af9c100c78

Headers

File Characteristics

Imports

ieakeng

kernel32

msrating

olecli32

wsnmp32

mtxoci

cryptdlg

user32

shdocvw

cfgmgr32

xolehlp

hid

rtutils

mapi32

untfs

mapistub

Sections

.data Size: 1024B - Virtual size: 720B

.rsrc Size: 76KB - Virtual size: 76KB

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 720B

.rsrc
Size: 76KB - Virtual size: 76KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 13KB - Virtual size: 13KB