ee7fccc0a261bb67997c68a0357140b30cd692cbf5fd045859db6722ae603dfe

Sharing

Copy URL Twitter E-mail

General

Target

ee7fccc0a261bb67997c68a0357140b30cd692cbf5fd045859db6722ae603dfe
Size

826KB
MD5

980d8aa82c1f17be9aa9e61b911d02d7
SHA1

ad5a633fcc190ebe4b87eec0757f444186a3bcec
SHA256

ee7fccc0a261bb67997c68a0357140b30cd692cbf5fd045859db6722ae603dfe
SHA512

b304aef0640d1e9a4e7124f7e2ced0bfdaa497cf6fb1cae114afeedc1ac686e7a25ca34f27855bf3fb9c83072faf56cc9d68afa7e766264d96c963b3d378e12e
SSDEEP

24576:DuatCBIPlTTq1cxquT/TDG/eZaEz5PVouYY54oA2bp:DuyCBIQ1cxNTrmev1C254o9b

Score

N/A

Malware Config

Signatures

Files

ee7fccc0a261bb67997c68a0357140b30cd692cbf5fd045859db6722ae603dfe
.exe windows x86

20b3d04ae0f2337abb6fcab2f37a68f3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwSetContextThread
RtlGenerate8dot3Name
RtlRemoteCall
RtlIntegerToUnicodeString
NtUnloadDriver
ZwSetInformationToken
PfxFindPrefix
NtSetDefaultLocale
RtlApplyRXactNoFlush
RtlFormatMessage
wcscmp
ZwAdjustPrivilegesToken
RtlApplicationVerifierStop
wcsrchr
_strupr
RtlDeleteAtomFromAtomTable
RtlEnumerateGenericTableAvl
wcsncmp
ZwWriteFile
ZwCreateMutant
NtCancelTimer
wcsspn
NtUnmapViewOfSection
NtRequestPort
NtModifyBootEntry
_aullshr

winmm

waveOutGetErrorTextW
mixerGetLineInfoA
waveOutPause
waveOutGetPitch
waveInUnprepareHeader
mmioRead
mciGetDeviceIDFromElementIDW
mmioOpenW
mmioGetInfo
mod32Message
joyConfigChanged
waveInAddBuffer
midiInGetNumDevs
timeKillEvent
mmioSeek
midiInClose
waveInPrepareHeader
tid32Message
waveOutBreakLoop

mapistub

FBinFromHex@8
cmc_look_up
ScRelocNotifications@20
MAPIResolveName
EnableIdleRoutine@8
FBadRglpszA@8
FBadProp@4
HrDecomposeEID@28
ScGenerateMuid@4
DeinitMapiUtil@0
MAPIOpenLocalFormContainer@4

crtdll

_chmod
wcstol
_strinc
_ismbbgraph
_utime
_CItan
_vsnwprintf
vswprintf
mbstowcs

kernel32

UpdateResourceW
GetHandleContext
GetModuleHandleW
ScrollConsoleScreenBufferW
GetLocaleInfoA
GlobalAddAtomW
OpenMutexW
FlushViewOfFile
InterlockedExchange
GetCurrentThread
GetConsoleScreenBufferInfo
OpenEventW
FindNextVolumeA
SetComPlusPackageInstallStatus
Process32Next
EnumUILanguagesW
CreateWaitableTimerW
lstrcpyW
GetShortPathNameW
GetConsoleDisplayMode
AddRefActCtx
SetConsoleCursor
LoadLibraryW
Beep
FindResourceW

netapi32

NetApiBufferFree
NetReplExportDirAdd
DsRoleCancel
NetLocalGroupGetMembers
I_BrowserDebugCall
NetGroupDelUser
I_NetServerReqChallenge
NetStatisticsGet
NlBindingAddServerToCache
DsGetDcNameWithAccountW
I_NetDfsIsThisADomainName
DsRoleDcAsDc
NetErrorLogRead
NetEnumerateComputerNames
RxNetAccessGetInfo
NetDfsManagerInitialize
NetMessageNameGetInfo
NetpGetConfigDword

Sections

.text
Size: 389KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20b3d04ae0f2337abb6fcab2f37a68f3

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

winmm

mapistub

crtdll

kernel32

netapi32

Sections

.text Size: 389KB - Virtual size: 388KB

.rdata Size: 129KB - Virtual size: 129KB

.data Size: 189KB - Virtual size: 1.6MB

.rsrc Size: 117KB - Virtual size: 116KB

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 389KB - Virtual size: 388KB

.rdata
Size: 129KB - Virtual size: 129KB

.data
Size: 189KB - Virtual size: 1.6MB

.rsrc
Size: 117KB - Virtual size: 116KB

.reloc
Size: 1024B - Virtual size: 852B