cbcace4684e3d9111bbbff589dbc3d22cdc3d2306a29745dc735e39a55d505e9

Sharing

Copy URL Twitter E-mail

General

Target

cbcace4684e3d9111bbbff589dbc3d22cdc3d2306a29745dc735e39a55d505e9
Size

824KB
MD5

fadecf3c9a6d9937e27a849d188d440c
SHA1

29f43c4b7faac217969ebd7cbcb38dbae9c13ad0
SHA256

cbcace4684e3d9111bbbff589dbc3d22cdc3d2306a29745dc735e39a55d505e9
SHA512

02427c6675f610fa31a7831322f52ec3c31eb300ab63165ecfc5b6b12a1e911a8814883c1417fdd231913131ae167954e08033eff9b39bf68affe4a57399ba31
SSDEEP

24576:I2zgVtgpTo34ZoawtuyF52OX84NAKmM3:I2Usp03aw1KYAM

Score

N/A

Malware Config

Signatures

Files

cbcace4684e3d9111bbbff589dbc3d22cdc3d2306a29745dc735e39a55d505e9
.exe windows x86

43bea9d3f5b222e519b6fb1ded0319e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

MNLS_IsBadStringPtrW@8
UNKOBJ_ScSzFromIdsAlloc@20
MAPIAdminProfiles@8
cmc_list
FBadRowSet@4
MAPIUninitialize
PRProviderInit
FBadRglpszA@8
FtMulDwDw@8
FBadEntryList@4
ScCountNotifications@12
HrValidateIPMSubtree@20
MNLS_MultiByteToWideChar@24

kernel32

lstrcmpiW
GetLocaleInfoA
SetComputerNameA
SuspendThread
OpenProfileUserMapping
OpenJobObjectW
GetTempPathA
WaitForDebugEvent
CreateProcessInternalA
GetCPInfoExW
GetCurrentActCtx
RegisterConsoleIME
GetConsoleKeyboardLayoutNameA
GetProcessId
GlobalUnfix
LoadLibraryW
lstrlen
QueryMemoryResourceNotification
GetConsoleDisplayMode
GetEnvironmentStringsA
VirtualUnlock
InvalidateConsoleDIBits
WaitForMultipleObjectsEx
QueryDepthSList
GetDriveTypeW
TransactNamedPipe
PrivCopyFileExW
ScrollConsoleScreenBufferA
FindFirstVolumeMountPointW
UnregisterWait
GetConsoleNlsMode
GetCurrentProcess
CreateRemoteThread
GetThreadSelectorEntry
QueryInformationJobObject
GetVersion
Beep
GetTickCount
GetMailslotInfo
FillConsoleOutputAttribute
DosDateTimeToFileTime

ifsutil

?Pop@INTSTACK@@QAEXK@Z
?QueryContainingRange@NUMBER_SET@@QBEEVBIG_INT@@PAV2@1@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EEG@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?FileSetAttributes@IFS_SYSTEM@@SGEPBVWSTRING@@KPAK@Z
?DismountVolume@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?AddEdge@DIGRAPH@@QAEEKK@Z
?Initialize@SECRUN@@QAEEPAVMEM@@PAVIO_DP_DRIVE@@VBIG_INT@@K@Z
??1DP_DRIVE@@UAE@XZ

ntdll

RtlCheckRegistryKey
fabs
LdrFindEntryForAddress
NtLockFile
_allmul
ZwQueryInformationAtom
RtlInitializeGenericTableAvl
ZwOpenTimer
RtlEqualPrefixSid
NtCreateSymbolicLinkObject
NtCreateFile
RtlQueryProcessBackTraceInformation
RtlEnumerateGenericTableWithoutSplayingAvl
NtGetDevicePowerState
ZwCreateMutant

wmadmod

CreateInstance

Sections

.text
Size: 393KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43bea9d3f5b222e519b6fb1ded0319e8

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

kernel32

ifsutil

ntdll

wmadmod

Sections

.text Size: 393KB - Virtual size: 392KB

.rdata Size: 152KB - Virtual size: 152KB

.data Size: 189KB - Virtual size: 1.6MB

.rsrc Size: 87KB - Virtual size: 87KB

.reloc Size: 1024B - Virtual size: 880B

.text
Size: 393KB - Virtual size: 392KB

.rdata
Size: 152KB - Virtual size: 152KB

.data
Size: 189KB - Virtual size: 1.6MB

.rsrc
Size: 87KB - Virtual size: 87KB

.reloc
Size: 1024B - Virtual size: 880B