d6e2faf84a1ca01cd12610aa15092f4ea29e4cf01b4f7d88fb880c48bb4163c8

Sharing

Copy URL Twitter E-mail

General

Target

d6e2faf84a1ca01cd12610aa15092f4ea29e4cf01b4f7d88fb880c48bb4163c8
Size

828KB
MD5

81ca5ae70362e046bd3d00285669bcd1
SHA1

b9000cb7692f110ab53dec5dcbb6685d1ad4f03b
SHA256

d6e2faf84a1ca01cd12610aa15092f4ea29e4cf01b4f7d88fb880c48bb4163c8
SHA512

0911f68359b533ff6c821a175fb697023aa8df4297ae6049d20c7bbc303448ec789fa767e3a2fdfc4cfe6bbead9611d00b71d7823dc0c20136d153e24730ff3f
SSDEEP

12288:I8WOwW3R80kRKMDOh4eMBhviAMsXEnjgZ4Vpjpr+g5rTPAVZqd9:AOpR80aKMDOhBcXpXQg6r++N

Score

N/A

Malware Config

Signatures

Files

d6e2faf84a1ca01cd12610aa15092f4ea29e4cf01b4f7d88fb880c48bb4163c8
.exe windows x86

0b3bae092eb90a28c0eb2fe1311c48d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

UrlGetLocationA
SHOpenRegStreamA
PathGetArgsW
ColorHLSToRGB
SHDeleteValueA
DllGetVersion
UrlCreateFromPathW
SHRegQueryUSValueW
PathRemoveBackslashA
ChrCmpIA
SHRegQueryUSValueA
StrCatW
SHCreateStreamOnFileEx
PathIsRootA
PathIsLFNFileSpecA
PathFindExtensionA
PathIsNetworkPathW
StrCatBuffA
PathRelativePathToW
UrlCombineA
PathSetDlgItemPathA

dbnetlib

TermSession
ConnectionErrorW
InitSession
ConnectionClose
ConnectionOpenW
ConnectionServerEnum
ConnectionWrite
ConnectionRead
ConnectionVer
ConnectionFlushCache
GenClientContext
GetNextEnumeration
ConnectionOpen
ConnectionServerEnumW
CloseEnumServers
ConnectionGetSvrUser
ConnectionTransact
TermSSPIPackage
ConnectionError
ConnectionSqlVer
ConnectionStatus
InitSSPIPackage
ConnectionWriteOOB
ConnectionObjectSize
ConnectionMode
ConnectionOption
ConnectionCheckForData
InitEnumServers

ifsutil

?IsThisNtfs@IFS_SYSTEM@@SGEVBIG_INT@@KPAX@Z
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?Write@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?SendSonyMSInquiryCmd@DP_DRIVE@@QAEEPAUSONY_MS_INQUIRY_DATA@@@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
??1LOG_IO_DP_DRIVE@@UAE@XZ
?Initialize@INTSTACK@@QAEEXZ
?AddStart@NUMBER_SET@@QAEEVBIG_INT@@@Z
?RemoveAll@NUMBER_SET@@QAEEXZ
?SetSystemId@LOG_IO_DP_DRIVE@@QAEEE@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
??1SECRUN@@UAE@XZ
?GetNextDataSlot@TLINK@@QAEAAVBIG_INT@@XZ
?SetCache@IO_DP_DRIVE@@QAEXPAVDRIVE_CACHE@@@Z
?GetFirst@TLINK@@QAEPAXXZ
?GetSortedNext@TLINK@@QAEPAXPAX@Z
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z

shell32

ExtractIconW
SHGetFolderPathW
ShellAboutA
RealShellExecuteW
SHOpenFolderAndSelectItems
SHQueryRecycleBinW
DllCanUnloadNow
SHGetIconOverlayIndexA
Shell_NotifyIconW
StrStrIA
ShellExecuteExA
Options_RunDLLW
SHSetUnreadMailCountW
PrintersGetCommand_RunDLL
SHPathPrepareForWriteW
SHGetFileInfo
SHBrowseForFolderA
SHGetFileInfoW
StrRChrIA
SHEnumerateUnreadMailAccountsW
DragQueryFileA
Options_RunDLLA
DuplicateIcon
StrCmpNW
SHChangeNotifySuspendResume
StrCmpNIW
RealShellExecuteA

kernel32

_hwrite
SetUserGeoID
lstrcatA
GetTickCount
FindAtomA
WaitForMultipleObjects
LocalLock
DebugBreak
TlsSetValue
MoveFileWithProgressW
GetUserDefaultLCID
LoadLibraryW
SetLastError
IsBadStringPtrW
RemoveVectoredExceptionHandler
InterlockedPopEntrySList
GetCompressedFileSizeA
WriteConsoleInputVDMW
CreateMailslotA

msdart

?ReadUnlock@CLKRLinearHashTable@@QBEXXZ
?IsWin98orLater@CMdVersionInfo@@SAHXZ
?IsReadUnlocked@CReaderWriterLock3@@QBE_NXZ
?CheckTable@CLKRLinearHashTable@@QBEHXZ
?FindRecord@CLKRLinearHashTable@@QBE?AW4LK_RETCODE@@PBX@Z
?WriteUnlock@CSpinLock@@QAEXXZ
?IsEmpty@CLockedSingleList@@QBE_NXZ
?SetDefaultSpinCount@CReaderWriterLock3@@SGXG@Z
?InsertHead@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?IsReadLocked@CReaderWriterLock2@@QBE_NXZ
?Lock@CLockedSingleList@@QAEXXZ

dhcpsapi

DhcpRemoveMScopeElement
DhcpEnumMScopes
DhcpScanDatabase
DhcpAuditLogGetParams
DhcpServerRestoreDatabase
DhcpSetSubnetInfo
DhcpSetServerBindingInfo
DhcpDsCleanup
DhcpGetAllOptions
DhcpCreateOption
DhcpGetSuperScopeInfoV4
DhcpDeleteSuperScopeV4
DhcpSetMScopeInfo
DhcpGetOptionInfo
DhcpRemoveOptionValue
DhcpServerSetConfigV4
DhcpEnumSubnetElementsV5
DhcpEnumSubnetClientsV4
DhcpEnumOptions
DhcpAddServer
DhcpServerGetConfigV4
DhcpCreateSubnet
DhcpCreateClientInfoV4
DhcpAddSubnetElement
DhcpGetClientInfoV4
DhcpServerQueryAttribute

adsldpc

LdapSearchExtS
ADsSetLastError
LdapOpenObject2
LdapReadAttribute2
LdapValueFreeLen
ADsGetNextRow
LdapMakeSchemaCacheObsolete
GetSyntaxOfAttribute
LdapMemFree
LdapTypeFreeLdapObjects

Sections

.text
Size: 402KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b3bae092eb90a28c0eb2fe1311c48d8

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

dbnetlib

ifsutil

shell32

kernel32

msdart

dhcpsapi

adsldpc

Sections

.text Size: 402KB - Virtual size: 401KB

.rdata Size: 136KB - Virtual size: 136KB

.data Size: 181KB - Virtual size: 1.5MB

.rsrc Size: 107KB - Virtual size: 106KB

.reloc Size: 1024B - Virtual size: 908B

.text
Size: 402KB - Virtual size: 401KB

.rdata
Size: 136KB - Virtual size: 136KB

.data
Size: 181KB - Virtual size: 1.5MB

.rsrc
Size: 107KB - Virtual size: 106KB

.reloc
Size: 1024B - Virtual size: 908B