cb073d659ac38285ff7e8a010c2a78f83c3b953b97df83c236e7c6726bea0c61

Sharing

Copy URL Twitter E-mail

General

Target

cb073d659ac38285ff7e8a010c2a78f83c3b953b97df83c236e7c6726bea0c61
Size

52KB
MD5

f4bfdd1fc6f4efc971910bcb26da690f
SHA1

954d53e33f7384efc3841690befa8623040c0aec
SHA256

cb073d659ac38285ff7e8a010c2a78f83c3b953b97df83c236e7c6726bea0c61
SHA512

eaeadbd47a951d305bc79aa61c77e19742e8be8a8346007ffd68e2bb2bff2600740a0a62a0a77525d336f5421580ec642bbcb770031ee1c70d7544b601b2b2eb
SSDEEP

768:wjOQKOiG/6qXzPGk0jhKKM11fWf4fKBdvHU/f0T9OOHq4tR7eo5Spk0QU:w/ikSyxGf4fKB2E9Lffok0QU

Score

N/A

Malware Config

Signatures

Files

cb073d659ac38285ff7e8a010c2a78f83c3b953b97df83c236e7c6726bea0c61
.exe windows x86

ef2b89d109ffc5b65493b93e8a953691

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

ZwPulseEvent
ZwOpenTimer
ZwCreateToken
DbgUiIssueRemoteBreakin
NtInitializeRegistry
NtQuerySystemEnvironmentValueEx
LdrVerifyImageMatchesChecksum
ZwTestAlert
NtWriteFile
RtlIsActivationContextActive
NtCreateSection
RtlCutoverTimeToSystemTime
NtGetWriteWatch
RtlRaiseStatus
ZwSetEvent
DbgPrompt
RtlEqualUnicodeString
RtlGUIDFromString
ZwSetInformationToken
ZwSetUuidSeed
RtlIntegerToUnicodeString
NtQuerySecurityObject
NtQueryIntervalProfile
RtlNewSecurityGrantedAccess
ZwCancelTimer
floor
ZwVdmControl

kernel32

EnumSystemCodePagesA
GetConsoleMode
GetLargestConsoleWindowSize
GetDateFormatW
FillConsoleOutputCharacterW
VirtualAlloc
ReleaseActCtx
BaseCleanupAppcompatCacheSupport
ExitProcess
lstrcatA
GetFileTime
GetProcessIoCounters
GetVolumeNameForVolumeMountPointA
WriteConsoleOutputW
GetCurrentDirectoryA
RemoveDirectoryW
ReadFileEx
lstrcmpiA
LocalFlags
GetQueuedCompletionStatus
GetModuleHandleA
GetConsoleAliasExesLengthW
BackupWrite
LoadLibraryA
CreateMutexA
AttachConsole
GetSystemTimeAsFileTime
GlobalSize
OutputDebugStringW
RemoveLocalAlternateComputerNameW
QueryPerformanceCounter
CmdBatNotification
CreateDirectoryW
GetConsoleCommandHistoryLengthA
SetLocalPrimaryComputerNameW
SetDefaultCommConfigW

cfgmgr32

CM_Free_Res_Des
CM_Query_Remove_SubTree
CM_Get_DevNode_Status
CM_Query_And_Remove_SubTree_ExA
CM_Set_DevNode_Problem_Ex
CM_Create_DevNodeA
CM_Get_Device_ID_Size
CM_Get_Hardware_Profile_Info_ExW
CM_Register_Device_InterfaceA
CM_Open_DevNode_Key_Ex
CM_Get_Class_Registry_PropertyA
CM_Disable_DevNode_Ex
CM_Free_Log_Conf
CM_Get_DevNode_Registry_PropertyW
CM_Enumerate_Classes_Ex
CM_Open_Class_KeyA
CM_Register_Device_InterfaceW
CM_Get_Class_Key_NameW
CM_Reenumerate_DevNode
CM_Move_DevNode
CM_Get_Class_Key_Name_ExW
CM_Add_Range
CMP_RegisterNotification
CM_Free_Res_Des_Ex
CM_Create_DevNodeW
CM_Get_Res_Des_Data_Size
CM_Get_Resource_Conflict_Count
CM_Get_Device_ID_Size_Ex

vssapi

?AreComponentsSelected@CVssWriter@@IBG_NXZ
?CreateVssExamineWriterMetadata@@YGJPAGPAPAVIVssExamineWriterMetadata@@@Z
?OnFreezeBegin@CVssJetWriter@@UAG_NXZ
?OnPostRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnThawBegin@CVssJetWriter@@UAG_NXZ
?OnPrepareBackupEnd@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@_N@Z
?IsPathAffected@CVssWriter@@IBG_NPBG@Z
?OnVSSApplicationStartup@CVssWriter@@UAG_NXZ
?OnPostRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPreRestore@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnIdentify@CVssJetWriter@@UAG_NPAVIVssCreateWriterMetadata@@@Z
?CreateVssSnapshotSetDescription@@YGJU_GUID@@JPAPAVIVssSnapshotSetDescription@@@Z
?OnPostSnapshot@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackupBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z
?OnBackupComplete@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?Unsubscribe@CVssWriter@@QAGJXZ
?OnPrepareSnapshotEnd@CVssJetWriter@@UAG_N_N@Z
?OnVSSShutdown@CVssWriter@@UAG_NXZ
?OnPreRestoreBegin@CVssJetWriter@@UAG_NPAVIVssWriterComponents@@@Z
?OnPrepareBackup@CVssWriter@@UAG_NPAVIVssWriterComponents@@@Z
?GetBackupType@CVssWriter@@IBG?AW4_VSS_BACKUP_TYPE@@XZ
?OnFreezeEnd@CVssJetWriter@@UAG_N_N@Z
?GetCurrentVolumeArray@CVssWriter@@IBGPAPBGXZ
?OnAbortBegin@CVssJetWriter@@UAGXXZ
?IsBootableSystemStateBackedUp@CVssWriter@@IBG_NXZ
?OnContinueIOOnVolume@CVssWriter@@UAG_NPAGU_GUID@@1@Z

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef2b89d109ffc5b65493b93e8a953691

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

cfgmgr32

vssapi

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 6KB