fa2134651848a2f7c36433ec1fc5feba88ec9b344b51a936f09004ba932cd1db

Sharing

Copy URL Twitter E-mail

General

Target

fa2134651848a2f7c36433ec1fc5feba88ec9b344b51a936f09004ba932cd1db
Size

239KB
MD5

0571d06a439ab3b739920ea032a57f10
SHA1

49498e3be81ec12aee68ada2d55f8ec93881fcf4
SHA256

fa2134651848a2f7c36433ec1fc5feba88ec9b344b51a936f09004ba932cd1db
SHA512

08a55acaad721c96d8a47a7df69bb583b550bfde296326097312c2e49d3c0dd695367aaa662bfc1f70ec9e36de19d8bb8c170ee4a9b4e4aabfe23d20403cb44d
SSDEEP

6144:lAZXgxFlFqyWNEz0P/G4+iAyhChc2kjeV:lARg5YyWNNnxXRhsYj4

Score

N/A

Malware Config

Signatures

Files

fa2134651848a2f7c36433ec1fc5feba88ec9b344b51a936f09004ba932cd1db
.exe windows x86

ad7435e127dc2b6bc8a0bdf9a9408662

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetGroupAdd
NetReplGetInfo
RxNetAccessGetUserPerms
I_NetServerAuthenticate
I_NetServerAuthenticate3
DsValidateSubnetNameW
NlBindingAddServerToCache
NetDfsSetClientInfo
NetReplExportDirAdd
NetpIsRemote
NetpwNameCompare
DsGetDcSiteCoverageW
DsGetDcNameA
NetpNetBiosReset

wininet

GetUrlCacheEntryInfoExA
RegisterUrlCacheNotification
CommitUrlCacheEntryW
InternetTimeFromSystemTimeW
GetUrlCacheGroupAttributeW
ParseX509EncodedCertificateForListBoxEntry
FindNextUrlCacheEntryExW
GopherOpenFileW
GetUrlCacheConfigInfoA
FindNextUrlCacheEntryW
InternetQueryOptionW
InternetEnumPerSiteCookieDecisionW
GetUrlCacheEntryInfoA
InternetAlgIdToStringW
RetrieveUrlCacheEntryStreamW
FtpSetCurrentDirectoryW
InternetGetPerSiteCookieDecisionW
InternetUnlockRequestFile

mpr

WNetGetNetworkInformationA
WNetFormatNetworkNameA
WNetCloseEnum
WNetCancelConnectionW
WNetOpenEnumA
WNetSupportGlobalEnum
WNetGetUserA
WNetGetConnection2W
WNetSetConnectionW
WNetGetUniversalNameA
WNetGetProviderNameA
WNetConnectionDialog1W
WNetDisconnectDialog
WNetGetResourceInformationA
WNetGetConnection2A
WNetGetResourceParentA
WNetGetHomeDirectoryW
WNetAddConnectionW

kernel32

GetModuleHandleW
GetPrivateProfileSectionA
GetWindowsDirectoryW
GlobalUnWire
LoadLibraryW
_lopen
GetPrivateProfileIntW
FindNextVolumeW
TerminateThread
LoadResource
GetComPlusPackageInstallStatus
MultiByteToWideChar
InterlockedFlushSList
GetStartupInfoW
WriteFileGather
GetProfileSectionA
VirtualAllocEx
GlobalAlloc
SetStdHandle
UpdateResourceA
Heap32ListNext

mapistub

HrValidateParameters@8
DllCanUnloadNow
cmc_act_on
HrDispatchNotifications@4
ScMAPIXFromCMC
RTFSync
FtgRegisterIdleRoutine@20
MNLS_WideCharToMultiByte@32
MapStorageSCode@4
MAPIAllocateBuffer@8
EnableIdleRoutine@8
HrComposeMsgID@24
ScInitMapiUtil@4
SzFindLastCh@8
__ValidateParameters@8
HrAddColumnsEx@20
BMAPISendMail
UlPropSize@4
BMAPIReadMail
cmc_logon
FPropContainsProp@12
FtAdcFt@20
OpenStreamOnFile@24
MAPIDeleteMail
MAPILogon
UFromSz@4
MAPIAdminProfiles
PropCopyMore@16

oleaut32

SafeArrayGetElement
VarCyMul
VarI4FromI2
VarBoolFromUI1
VarR4CmpR8
LoadTypeLibEx
VarDecFromR8
VarI1FromCy
VarCyRound
VarI4FromI1
VarBstrFromUI8
VarI2FromUI8
VarUI8FromUI2
VarI2FromUI1
VarR8FromUI2
DllCanUnloadNow
VarR4FromI2
VarDecDiv
VariantCopy
VarUI4FromI4
VarUI2FromDisp
VarUI1FromR8
VarUI8FromDec

mapi32

MAPIOpenFormMgr@8
WrapCompressedRTFStream@12
UNKOBJ_COFree@8
HrSetOmiProvidersFlagsInvalid
GetTnefStreamCodepage@12
GetAttribIMsgOnIStg@12
DllCanUnloadNow
FtDivFtBogus@20
cmc_send_documents

msdart

?Push@CLockedSingleList@@QAEXQAVCSingleListEntry@@@Z
?SetDefaultSpinCount@CCritSec@@SGXG@Z
?ReadLock@CSpinLock@@QAEXXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?sm_dblDfltSpinAdjFctr@CCritSec@@1NA
??1CDoubleList@@QAE@XZ
?sm_wDefaultSpinCount@CReaderWriterLock2@@1GA
?_TryLock@CSpinLock@@AAE_NXZ
?ReadOrWriteUnlock@CSpinLock@@QAEX_N@Z
?IsReadUnlocked@CReaderWriterLock@@QBE_NXZ
?_Contract@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@XZ
?_ReadLockSpin@CReaderWriterLock@@AAEXXZ
?SetDefaultSpinAdjustmentFactor@CCritSec@@SGXN@Z
?ReadLock@CLKRLinearHashTable@@QBEXXZ
?HeadNode@CLockedDoubleList@@QBEQBVCListEntry@@XZ
?_FindRecord@CLKRLinearHashTable@@ABE?AW4LK_RETCODE@@PBXK@Z
?SetSpinCount@CFakeLock@@QAE_NG@Z
?_IsLocked@CSpinLock@@ABE_NXZ
FXMemDetach
?GetStatistics@CLKRHashTable@@QBE?AVCLKRHashTableStats@@XZ
?Pop@CSingleList@@QAEQAVCSingleListEntry@@XZ
?sm_wDefaultSpinCount@CCritSec@@1GA
?ConvertSharedToExclusive@CLKRLinearHashTable@@QBEXXZ
?sm_wDefaultSpinCount@CReaderWriterLock@@1GA

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ad7435e127dc2b6bc8a0bdf9a9408662

Headers

File Characteristics

Imports

netapi32

wininet

mpr

kernel32

mapistub

oleaut32

mapi32

msdart

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 70KB - Virtual size: 69KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 70KB - Virtual size: 69KB

.rsrc
Size: 1KB - Virtual size: 1KB