f5eb5e2f1ac885c8d57c4985061e0d00c35ae6418e391225affc901bd569253d

Sharing

Copy URL Twitter E-mail

General

Target

f5eb5e2f1ac885c8d57c4985061e0d00c35ae6418e391225affc901bd569253d
Size

196KB
MD5

51b6b8fb3f0f1363132b6583ac87e9cd
SHA1

74a4ee044430802140d7c0f062dc46c5fd0071df
SHA256

f5eb5e2f1ac885c8d57c4985061e0d00c35ae6418e391225affc901bd569253d
SHA512

e524cd768bef0cf9e066cae827b3a6474544e264708a6840e3b2342430d807d79ed22be52b7c2250eae1c6e8d0f8521be152879fb75796dfe3e5b86a68dfb2b5
SSDEEP

6144:zISRy9jDVEUu2cSZ6cXLiGQAuemrxYokP8mvr4FR:t89j+UulSZ6wuecx0jr4FR

Score

N/A

Malware Config

Signatures

Files

f5eb5e2f1ac885c8d57c4985061e0d00c35ae6418e391225affc901bd569253d
.exe windows x86

e3ab923cebdd44a0676c2832c9fcd98d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dssenh

CPSignHash
DllRegisterServer
CPImportKey
CPSetKeyParam
CPDestroyKey
CPGenRandom
CPDuplicateHash
CPReleaseContext
CPEncrypt
CPHashData
CPHashSessionKey
CPDestroyHash
CPDeriveKey
DllUnregisterServer
CPDecrypt
CPGetKeyParam
CPCreateHash
CPExportKey
CPDuplicateKey

dbghelp

SymGetLineFromName
SymFunctionTableAccess
SymGetSymFromName
StackWalk
FindExecutableImage
SymEnumerateModules
SymGetSymNext64
SymFindFileInPath
ImageRvaToVa
MiniDumpWriteDump
SymEnumSym
GetTimestampForLoadedLibrary
SymEnumerateSymbolsW

activeds

AdsFreeAdsValues
PropVariantToAdsType2
FreeADsMem
ADsGetLastError
SecurityDescriptorToBinarySD
ADsEncodeBinaryData
ADsEnumerateNext
ADsGetObject
AdsTypeToPropVariant
ReallocADsStr
PropVariantToAdsType
BinarySDToSecurityDescriptor
DllCanUnloadNow
ConvertSecDescriptorToVariant
ADsOpenObject
ReallocADsMem
ADsFreeEnumerator
ADsBuildVarArrayStr
ADsBuildVarArrayInt
AllocADsStr
DllGetClassObject
ADsBuildEnumerator
ADsSetLastError
AdsTypeToPropVariant2
FreeADsStr
AllocADsMem
ConvertSecurityDescriptorToSecDes
ADsDecodeBinaryData

mfcsubs

?GetBufferSetLength@CString@@QAEPAGH@Z
?UnlockBuffer@CString@@QAEXXZ
??1CMapStringToPtr@@UAE@XZ
??0CString@@QAE@PBD@Z
?MakeUpper@CString@@QAEXXZ
??O@YG_NPBGABVCString@@@Z
??_7CMapStringToPtr@@6B@
?Right@CString@@QBE?AV1@H@Z
?FormatV@CString@@IAEXPBGPAD@Z
??4CString@@QAEABV0@G@Z
?Empty@CString@@QAEXXZ
??H@YG?AVCString@@DABV0@@Z
??4CPlex@@QAEAAU0@ABU0@@Z
?RemoveKey@CMapStringToPtr@@QAEHPBG@Z
?RemoveAt@CStringArray@@QAEXHH@Z
??0CMapStringToPtr@@QAE@H@Z
?LookupKey@CMapStringToPtr@@QBEHPBGAAPBG@Z
?Mid@CString@@QBE?AV1@H@Z
?MakeReverse@CString@@QAEXXZ
??_7CObject@@6B@
??0CCriticalSection@@QAE@XZ
?Format@CString@@QAAXPBGZZ
?AssignCopy@CString@@IAEXHPBG@Z
?AllocBeforeWrite@CString@@IAEXH@Z
?TrimLeft@CString@@QAEXXZ
?GetAt@CStringArray@@QBE?AVCString@@H@Z
?Lock@CCriticalSection@@UAEHK@Z

kernel32

OpenFileMappingA
GetLogicalDrives
GetConsoleOutputCP
SetProcessAffinityMask
GetOEMCP
RemoveDirectoryA
LZCloseFile
lstrcpyA
GetExpandedNameA
DefineDosDeviceA
GetModuleHandleA
LoadLibraryW

d3d8thk

OsThunkDdGetDxHandle
OsThunkDdAlphaBlt
OsThunkDdGetInternalMoCompInfo
OsThunkDdResetVisrgn
OsThunkD3dValidateTextureStageState
OsThunkDdCreateD3DBuffer
OsThunkDdBeginMoCompFrame
OsThunkDdGetMoCompGuids
OsThunkD3dContextDestroy
OsThunkDdGetBltStatus
OsThunkDdReenableDirectDrawObject
OsThunkD3dContextDestroyAll
OsThunkDdUpdateOverlay
OsThunkDdGetDC
OsThunkDdDeleteDirectDrawObject
OsThunkDdDestroySurface
OsThunkDdColorControl
OsThunkD3dDrawPrimitives2
OsThunkDdUnattachSurface
OsThunkDdCanCreateSurface
OsThunkDdGetDriverInfo
OsThunkDdGetFlipStatus
OsThunkDdQueryMoCompStatus
OsThunkDdRenderMoComp
OsThunkDdFlipToGDISurface
OsThunkDdReleaseDC
OsThunkDdLockD3D
OsThunkDdGetAvailDriverMemory

mmcbase

?Throw@SC@mmcerror@@QAEXJ@Z
??4CMMCStrongReferences@@QAEAAV0@ABV0@@Z
?FatalError@SC@mmcerror@@QBEXXZ
?InternalRelease@CMMCStrongReferences@@AAEKXZ
?SetMainThreadID@SC@mmcerror@@SGXK@Z
?Throw@SC@mmcerror@@QAEXXZ
?InternalAddRef@CMMCStrongReferences@@AAEKXZ
?FromMMC@SC@mmcerror@@QAEAAV12@J@Z
?Release@CMMCStrongReferences@@SGKXZ
??7SC@mmcerror@@QBEHXZ
?GetFacility@SC@mmcerror@@ABE?AW4facility_type@12@XZ
?TraceAndClear@SC@mmcerror@@QAEXXZ
?HrFromSc@@YGJABVSC@mmcerror@@@Z
?GetHWnd@SC@mmcerror@@SGPAUHWND__@@XZ
?GetHelpFile@SC@mmcerror@@SGPBGXZ
?FromLastError@SC@mmcerror@@QAEAAV12@XZ
?MMCErrorBox@@YGHPBGVSC@mmcerror@@I@Z
??4SC@mmcerror@@QAEAAV01@ABV01@@Z
?SetHWnd@SC@mmcerror@@SGXPAUHWND__@@@Z
?GetStringModule@@YGPAUHINSTANCE__@@XZ
??_FSC@mmcerror@@QAEXXZ
?ScFromMMC@@YG?AVSC@mmcerror@@J@Z

d3dim

D3DRealloc
Direct3DCreateTexture
D3DFree
SurfaceFlipNotify
PaletteAssociateNotify
Direct3DCreateDevice
Direct3DCreate
PaletteUpdateNotify
FlushD3DDevices2
D3DMalloc
Direct3DGetSWRastZPixFmts
FlushD3DDevices

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e3ab923cebdd44a0676c2832c9fcd98d

Headers

File Characteristics

Imports

dssenh

dbghelp

activeds

mfcsubs

kernel32

d3d8thk

mmcbase

d3dim

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 5KB - Virtual size: 40KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 5KB - Virtual size: 40KB

.rsrc
Size: 4KB - Virtual size: 4KB