b7312bee18063989722663fb441543667436b363abe7e706121c9c51dfaaa77d

Sharing

Copy URL Twitter E-mail

General

Target

b7312bee18063989722663fb441543667436b363abe7e706121c9c51dfaaa77d
Size

137KB
MD5

333aa2b88c531ca85987a2a797087761
SHA1

84567211346d2d6e7c112bec98fc043dcb7a0488
SHA256

b7312bee18063989722663fb441543667436b363abe7e706121c9c51dfaaa77d
SHA512

91d72d86a2ae89743ff50762fa4dc70dc6038dc15efc45b1082b56f04751a9d76265ca584382fac39180f79fa85be36baab7b9ad92f8c80ca53c68161b850dec
SSDEEP

3072:ZIdZw+5L3184LB6jplrcXcBZqXH85e3Rg:ZIDw+B18MIt1dBZHAg

Score

N/A

Malware Config

Signatures

Files

b7312bee18063989722663fb441543667436b363abe7e706121c9c51dfaaa77d
.exe windows x86

995eb96937b56063704bd9f5332f48af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

vssapi

?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
??1CVssJetWriter@@UAE@XZ
IsVolumeSnapshotted
?Subscribe@CVssWriter@@QAGJK@Z
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?AreComponentsSelected@CVssWriter@@IBG_NXZ
??0CVssWriter@@QAE@XZ
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
??1CVssWriter@@UAE@XZ
?OnVSSShutdown@CVssWriter@@UAG_NXZ
??0CVssJetWriter@@QAE@XZ
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnThawBegin@CVssJetWriter@@UAG_NXZ
?OnBackupCompleteEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
VssFreeSnapshotProperties
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z

kernel32

FormatMessageA
RegisterWowBaseHandlers
_hwrite
GetEnvironmentVariableA
WritePrivateProfileStringW
GetConsoleAliasA
lstrcat
GetFileTime
HeapAlloc
RegisterConsoleIME
GetLocaleInfoW
ReleaseMutex
LeaveCriticalSection
GlobalUnWire
GetACP
CancelWaitableTimer
AddConsoleAliasA
GetCurrentThread
LocalLock
LocalFree
GetModuleHandleW
ReadConsoleInputExW
FindFirstVolumeW
LoadLibraryW
SetFileAttributesW
VerSetConditionMask
LocalFileTimeToFileTime

snmpapi

SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToUTF8
SnmpSvcAddrToSocket
SnmpUtilPrintOid
SnmpUtilVarBindCpy
SnmpUtilVarBindListCpy
SnmpUtilAsnAnyCpy
SnmpUtilOidCmp
SnmpTfxQuery
SnmpUtilVarBindFree
SnmpUtilMemFree
SnmpUtilOctetsCpy
SnmpSvcGetEnterpriseOID
SnmpUtilAsnAnyFree
SnmpSvcSetLogType
SnmpUtilMemReAlloc
SnmpUtilDbgPrint
SnmpUtilAnsiToUnicode
SnmpUtilOidFree
SnmpUtilVarBindListFree
SnmpSvcInitUptime
SnmpTfxClose
SnmpUtilOidNCmp

ws2_32

gethostbyaddr
getaddrinfo
htons
WSAInstallServiceClassA
WSAWaitForMultipleEvents
WSAAsyncGetProtoByNumber
__WSAFDIsSet
WSAGetServiceClassNameByClassIdA
WSAJoinLeaf
ntohl
WSAEnumNetworkEvents
WSAStringToAddressA
WSAAsyncGetServByPort
WSACancelBlockingCall
WSASetEvent
gethostname
WSAAddressToStringA
WSASend
WSAUnhookBlockingHook
WSCGetProviderPath
WSAAsyncGetProtoByName
WSAAsyncGetHostByName
WSASetServiceA
ntohs

winmm

midiStreamPosition
joySetCapture
waveOutGetNumDevs
mmioStringToFOURCCW
waveInGetID
midiStreamStop
mciSendStringA
WOW32ResolveMultiMediaHandle
timeGetTime
GetDriverModuleHandle
mciGetYieldProc
mmTaskYield
midiInGetErrorTextW
waveOutClose
midiInGetID
joyGetNumDevs
midiConnect
waveOutGetDevCapsW
mmioSetBuffer
waveInGetErrorTextW
midiOutLongMsg
joyGetPos
waveOutGetID
mciDriverNotify
mciGetErrorStringW
wod32Message
waveOutSetPlaybackRate
mxd32Message

user32

GetKeyboardLayoutNameW
DragObject
TabbedTextOutA
GetSubMenu
DdeNameService
DdeAccessData
WaitForInputIdle
CharToOemW
InSendMessage
SystemParametersInfoA
SendNotifyMessageW
GetDCEx
SetWindowContextHelpId
MapVirtualKeyW
GetWindowContextHelpId
SetPropA
GetGUIThreadInfo
AnimateWindow
IsDialogMessageW
LoadKeyboardLayoutEx

cryptext

CryptExtAddSPC
CryptExtAddP7RW
CryptExtOpenCRLW
CryptExtAddPFX
CryptExtOpenCATW
CryptExtOpenCERW
CryptExtOpenPKCS7W
CryptExtAddCTLW
CryptExtOpenP7R
DllUnregisterServer
CryptExtOpenSTR
CryptExtOpenSTRW
CryptExtOpenCRL
CryptExtAddCTL
CryptExtOpenCER
CryptExtOpenCAT
CryptExtAddCRL
CryptExtOpenCTLW
CryptExtOpenPKCS7
CryptExtOpenCTL
CryptExtAddCERW
CryptExtOpenP7RW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

995eb96937b56063704bd9f5332f48af

Headers

File Characteristics

Imports

vssapi

kernel32

snmpapi

ws2_32

winmm

user32

cryptext

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 27KB - Virtual size: 27KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 6KB - Virtual size: 5KB