d68e4ff01a4115fa451800c1202b13251679a106e9e32581e49023ed0d612b65

Sharing

Copy URL Twitter E-mail

General

Target

d68e4ff01a4115fa451800c1202b13251679a106e9e32581e49023ed0d612b65
Size

137KB
MD5

16d4201e3e76fc609a6c10d91e171686
SHA1

b1c4a62343741071d5b74312645af4ac512203d1
SHA256

d68e4ff01a4115fa451800c1202b13251679a106e9e32581e49023ed0d612b65
SHA512

dce3b7159dfc4f7381d9bfeccf2a18eb2a409f0dcd6a2c4e11246e18e7a600f39c5b32bbb522881ecbafc335e4ec291046a52bb1b53b86948d8bfcb7e94c09a8
SSDEEP

1536:U4ZGdZw4R5nLJpTxF5GQgZE84Lxj6j5rJ6xEPyntScpCkEJWXGKXgqXjrgRvJXeT:ZIdZw+5L3184LB6jplrcXcBZqXH85e3D

Score

N/A

Malware Config

Signatures

Files

d68e4ff01a4115fa451800c1202b13251679a106e9e32581e49023ed0d612b65
.exe windows x86

995eb96937b56063704bd9f5332f48af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

vssapi

?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
??1CVssJetWriter@@UAE@XZ
IsVolumeSnapshotted
?Subscribe@CVssWriter@@QAGJK@Z
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?AreComponentsSelected@CVssWriter@@IBG_NXZ
??0CVssWriter@@QAE@XZ
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?IsPartialFileSupportEnabled@CVssWriter@@IBG_NXZ
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
??1CVssWriter@@UAE@XZ
?OnVSSShutdown@CVssWriter@@UAG_NXZ
??0CVssJetWriter@@QAE@XZ
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPostRestoreEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnThawBegin@CVssJetWriter@@UAG_NXZ
?OnBackupCompleteEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?OnBackupCompleteBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
VssFreeSnapshotProperties
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?OnPostSnapshot@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z

kernel32

FormatMessageA
RegisterWowBaseHandlers
_hwrite
GetEnvironmentVariableA
WritePrivateProfileStringW
GetConsoleAliasA
lstrcat
GetFileTime
HeapAlloc
RegisterConsoleIME
GetLocaleInfoW
ReleaseMutex
LeaveCriticalSection
GlobalUnWire
GetACP
CancelWaitableTimer
AddConsoleAliasA
GetCurrentThread
LocalLock
LocalFree
GetModuleHandleW
ReadConsoleInputExW
FindFirstVolumeW
LoadLibraryW
SetFileAttributesW
VerSetConditionMask
LocalFileTimeToFileTime

snmpapi

SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToUTF8
SnmpSvcAddrToSocket
SnmpUtilPrintOid
SnmpUtilVarBindCpy
SnmpUtilVarBindListCpy
SnmpUtilAsnAnyCpy
SnmpUtilOidCmp
SnmpTfxQuery
SnmpUtilVarBindFree
SnmpUtilMemFree
SnmpUtilOctetsCpy
SnmpSvcGetEnterpriseOID
SnmpUtilAsnAnyFree
SnmpSvcSetLogType
SnmpUtilMemReAlloc
SnmpUtilDbgPrint
SnmpUtilAnsiToUnicode
SnmpUtilOidFree
SnmpUtilVarBindListFree
SnmpSvcInitUptime
SnmpTfxClose
SnmpUtilOidNCmp

ws2_32

gethostbyaddr
getaddrinfo
htons
WSAInstallServiceClassA
WSAWaitForMultipleEvents
WSAAsyncGetProtoByNumber
__WSAFDIsSet
WSAGetServiceClassNameByClassIdA
WSAJoinLeaf
ntohl
WSAEnumNetworkEvents
WSAStringToAddressA
WSAAsyncGetServByPort
WSACancelBlockingCall
WSASetEvent
gethostname
WSAAddressToStringA
WSASend
WSAUnhookBlockingHook
WSCGetProviderPath
WSAAsyncGetProtoByName
WSAAsyncGetHostByName
WSASetServiceA
ntohs

winmm

midiStreamPosition
joySetCapture
waveOutGetNumDevs
mmioStringToFOURCCW
waveInGetID
midiStreamStop
mciSendStringA
WOW32ResolveMultiMediaHandle
timeGetTime
GetDriverModuleHandle
mciGetYieldProc
mmTaskYield
midiInGetErrorTextW
waveOutClose
midiInGetID
joyGetNumDevs
midiConnect
waveOutGetDevCapsW
mmioSetBuffer
waveInGetErrorTextW
midiOutLongMsg
joyGetPos
waveOutGetID
mciDriverNotify
mciGetErrorStringW
wod32Message
waveOutSetPlaybackRate
mxd32Message

user32

GetKeyboardLayoutNameW
DragObject
TabbedTextOutA
GetSubMenu
DdeNameService
DdeAccessData
WaitForInputIdle
CharToOemW
InSendMessage
SystemParametersInfoA
SendNotifyMessageW
GetDCEx
SetWindowContextHelpId
MapVirtualKeyW
GetWindowContextHelpId
SetPropA
GetGUIThreadInfo
AnimateWindow
IsDialogMessageW
LoadKeyboardLayoutEx

cryptext

CryptExtAddSPC
CryptExtAddP7RW
CryptExtOpenCRLW
CryptExtAddPFX
CryptExtOpenCATW
CryptExtOpenCERW
CryptExtOpenPKCS7W
CryptExtAddCTLW
CryptExtOpenP7R
DllUnregisterServer
CryptExtOpenSTR
CryptExtOpenSTRW
CryptExtOpenCRL
CryptExtAddCTL
CryptExtOpenCER
CryptExtOpenCAT
CryptExtAddCRL
CryptExtOpenCTLW
CryptExtOpenPKCS7
CryptExtOpenCTL
CryptExtAddCERW
CryptExtOpenP7RW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

995eb96937b56063704bd9f5332f48af

Headers

File Characteristics

Imports

vssapi

kernel32

snmpapi

ws2_32

winmm

user32

cryptext

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 27KB - Virtual size: 27KB

.rsrc Size: 6KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 27KB - Virtual size: 27KB

.rsrc
Size: 6KB - Virtual size: 5KB