d295a28b36eb19274cfd2c330968b857aa97c3f5e8da586d0d701cd7af75ecb7

Sharing

Copy URL Twitter E-mail

General

Target

d295a28b36eb19274cfd2c330968b857aa97c3f5e8da586d0d701cd7af75ecb7
Size

151KB
MD5

cc82403c4a93f5068f37a28875c77c04
SHA1

2c9f3f7723c1c40ab11f9bf9fecb47f3f0b01353
SHA256

d295a28b36eb19274cfd2c330968b857aa97c3f5e8da586d0d701cd7af75ecb7
SHA512

13d80362c1e1f5d6d663b7cc011d825c571f115f635f0487ccd5246cd1f160d0348f942086360fa12a042f3709045f9e3985bf41054ff8cfeb85a594abda0b09
SSDEEP

1536:FVYAicbmUhuqywLFnQmf64mCDmiXc1wW7KcAV5GCgqgO9gu4o23njqYKtvcpiVV6:FiCSiywCmfXmvi9WuczQgu4o10Yrhk

Score

N/A

Malware Config

Signatures

Files

d295a28b36eb19274cfd2c330968b857aa97c3f5e8da586d0d701cd7af75ecb7
.exe windows x86

628269da54abfb83f3bf2e632149c843

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcEpUnregister
RpcEpRegisterNoReplaceA
I_RpcGetBuffer
RpcMgmtStopServerListening
RpcServerUseProtseqEpA
RpcServerRegisterIf
RpcBindingVectorFree
RpcServerUnregisterIf
RpcServerListen
RpcRaiseException
NdrConvert
NdrServerInitializeNew
NdrConformantStringUnmarshall
NdrConformantArrayMarshall
NdrConformantArrayBufferSize
NdrConformantArrayUnmarshall
RpcServerInqBindings

aswcmnos

dep_memCreateSharedMemory
dep_osGetID
dep_memCloseSharedMemory
dep_osIsBasedOnNT

ashbase

_basGetProfileInt@12
_basGetLanguagePath@0
_basGetLanguage@0
_basLoadLanguage@4
_basPlaySound@4
_basGetProcAddress@8
_basErrorMessage@24
_basInitThreadLocale@0
_licValidateKey@12
_basProductInfo@0
_basIsOtherAVInstalled@4
_basEmptyAvastTempFolder@8
_basIsCurrCodePageRTL@0
_basGetNetUser@0
_basWriteProfileStringA@12
_basCreatePath@16
_basExecuteAndWait@8
_basLogEvent@24

aswcmnb

fsGetAvastDataPath
cmnbInit
cmnbFree
fsGetAvastProgramPath

ashtask

_ARConstructListFromString@8
_tskLaunchSyncer@16

kernel32

InterlockedExchange
RaiseException
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
LocalAlloc
GetModuleFileNameA
GetDriveTypeA
GetVolumeInformationA
GetDiskFreeSpaceA
WaitForSingleObject
GetExitCodeProcess
GetLastError
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GetCurrentProcessId
CreateThread
GetLogicalDrives
SetProcessWorkingSetSize
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime

user32

LoadMenuA
LoadIconA
DefWindowProcA
GetSubMenu
RemoveMenu
GetMenuStringA
SetMenuItemInfoA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
DestroyMenu
LoadStringA
SetTimer
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
KillTimer
MessageBoxA
PostMessageA
LoadStringW
GetKeyState
CheckMenuRadioItem
CheckMenuItem
DestroyWindow
RegisterWindowMessageA
DestroyIcon

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
RegSetValueExA
RegCreateKeyExA

shell32

Shell_NotifyIconA
ShellExecuteExA

ole32

CoInitialize
CoUninitialize

aavm4h

MyAavmGuiProviderChange
AavmPwdCheck
AavmGetVpsInfo
AavmInfoMessageCreate
AavmProviderCallGui
AavmShowMessage
AavmDecreaseDispInitCount
AavmIncreaseDispInitCount
AavmStart
InitAavmGui
AavmSetDataRefreshRate
DeinitAavmGui
AavmStop

msvcp71

?_Nomemory@std@@YAXXZ

msvcr71

_ismbblead
_except_handler3
_mbschr
_mbsdec
??3@YAXPAX@Z
malloc
free
memmove
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
sprintf
_XcptFilter
_exit
_c_exit
__security_error_handler
_callnewh
wcschr
wcslen
strncpy
strncat
_snprintf

aswcmns

DSA_FileVerify

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.prdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

628269da54abfb83f3bf2e632149c843

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

aswcmnos

ashbase

aswcmnb

ashtask

kernel32

user32

advapi32

shell32

ole32

aavm4h

msvcp71

msvcr71

aswcmns

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 28KB - Virtual size: 26KB

.prdata Size: 72KB - Virtual size: 72KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 26KB

.prdata
Size: 72KB - Virtual size: 72KB