e0fcdaf5fb85092d929ce4a3f1ee4e844c586d934411a673dda564a275e5115d

Sharing

Copy URL Twitter E-mail

General

Target

e0fcdaf5fb85092d929ce4a3f1ee4e844c586d934411a673dda564a275e5115d
Size

142KB
MD5

52184bf95d203ff4f528af8c54e6f872
SHA1

aa61ef3e75d039fc10381a685fd252ab8b31016e
SHA256

e0fcdaf5fb85092d929ce4a3f1ee4e844c586d934411a673dda564a275e5115d
SHA512

1c3e85bf7b10e0fb37c37d5d0abde506b293f37bab89155d4e6f94fbf004b76d21138dbd66272c35cc050504664b675e8e8ac383d4241936d50b68782608bf30
SSDEEP

3072:n3PFwWZX3L433Sdz4bojnE/yndNvUx26OQHamwzOWFOY3RFb:3PiYESdz4botfQ26OQ9wPzb

Score

N/A

Malware Config

Signatures

Files

e0fcdaf5fb85092d929ce4a3f1ee4e844c586d934411a673dda564a275e5115d
.exe windows x86

3f32a93e3f701443d90a485b76497da2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyn
GetCPInfo
_hread
OpenJobObjectW
GetTimeZoneInformation
GetModuleHandleA
GetProcessAffinityMask
GetModuleHandleW
GetCalendarInfoA
IsDBCSLeadByteEx
VDMOperationStarted
GetLocaleInfoA
LoadLibraryW
GetMailslotInfo
FindFirstFileA
CloseConsoleHandle
CreateSemaphoreA
GlobalGetAtomNameA
GetProfileIntA
CloseHandle
GetCurrentThread
BackupSeek
QueueUserWorkItem
UpdateResourceW
DisconnectNamedPipe
Heap32ListNext
GetThreadPriorityBoost
MapUserPhysicalPages

usp10

ScriptGetGlyphABCWidth
UspAllocTemp
ScriptShape
ScriptStringCPtoX
ScriptGetFontProperties
ScriptStringOut
ScriptStringGetOrder
UspAllocCache
ScriptLayout
LpkPresent
UspFreeMem
ScriptJustify
ScriptCacheGetHeight
ScriptStringXtoCP
ScriptStringFree
ScriptStringValidate
ScriptString_pcOutChars

snmpapi

SnmpUtilUnicodeToUTF8
SnmpUtilOidToA
SnmpUtilOctetsFree
SnmpUtilPrintOid
SnmpUtilOidCmp
SnmpUtilVarBindListCpy
SnmpTfxQuery
SnmpUtilOidCpy
SnmpUtilOidFree
SnmpUtilVarBindFree
SnmpUtilAsnAnyFree
SnmpUtilPrintAsnAny
SnmpUtilOctetsNCmp
SnmpUtilOctetsCpy
SnmpUtilMemAlloc
SnmpUtilAnsiToUnicode
SnmpSvcGetEnterpriseOID
SnmpSvcInitUptime
SnmpUtilOidAppend
SnmpSvcAddrToSocket
SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToAnsi
SnmpSvcAddrIsIpx

shell32

SHGetFolderLocation
StrRChrW
ShellHookProc
DragQueryFileW
RealShellExecuteExA
StrRChrA
SHEnableServiceObject
StrRStrIA
PrintersGetCommand_RunDLL
StrChrIW
DllUnregisterServer
StrStrA
ShellExec_RunDLLW
StrRChrIA
RealShellExecuteExW
SHCreateShellItem

ifsutil

?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
??1VOL_LIODPDRV@@UAE@XZ
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@E@Z
??0SECRUN@@QAE@XZ
?Write@SECRUN@@UAEEXZ
?AddEdge@DIGRAPH@@QAEEKK@Z
??0TLINK@@QAE@XZ
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?CheckAndRemove@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z

mciseq

DriverProc

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f32a93e3f701443d90a485b76497da2

Headers

File Characteristics

Imports

kernel32

usp10

snmpapi

shell32

ifsutil

mciseq

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 280B

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 280B

.rsrc
Size: 9KB - Virtual size: 8KB