a98a3c6cfa83bcbfd32018d111cc4a81fe39ad663bcddc2dc468945ef6596109

Sharing

Copy URL Twitter E-mail

General

Target

a98a3c6cfa83bcbfd32018d111cc4a81fe39ad663bcddc2dc468945ef6596109
Size

61KB
MD5

e0af910d950b804bd4a66ba1cdb81474
SHA1

10d7a4e35ff8e07528f9763eefef3fcfbd40f2b9
SHA256

a98a3c6cfa83bcbfd32018d111cc4a81fe39ad663bcddc2dc468945ef6596109
SHA512

7f8c6139a59534097d715a599811f505089149739bc68938411f7f809b6312a0084d6e9568828eac826b7d5b9aa8b61fcabb30f857a9f0a90f9dd22cee4e363a
SSDEEP

1536:iUqEzLt8oYotehjFt6O+fAjxT4Y0Yu0MgQEIb:iUjt8GY9FQLo+0YH

Score

N/A

Malware Config

Signatures

Files

a98a3c6cfa83bcbfd32018d111cc4a81fe39ad663bcddc2dc468945ef6596109
.exe windows x86

84d5083829555e4242a577c90adb5b87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

DefWindowProcW
RegisterClassW
PostQuitMessage

kernel32

EnumCalendarInfoW
GlobalAlloc
FreeLibraryAndExitThread
GetVersionExW
SetTermsrvAppInstallMode
IsBadCodePtr
SetLocalTime
GetFileAttributesExA
GetACP
GetPrivateProfileStringW
SetConsoleCursorInfo
OutputDebugStringA
FreeEnvironmentStringsA
QueueUserAPC
GetNamedPipeHandleStateW
LZStart
LoadLibraryA
GetTempFileNameW
SetComputerNameExW
AddConsoleAliasW
GetConsoleInputExeNameA
GetStartupInfoW
GlobalGetAtomNameW
IsValidLocale
SetConsoleCP
SetSystemPowerState
TransmitCommChar
RemoveDirectoryA
GetConsoleAliasesA
VirtualAlloc
FindNextVolumeMountPointA
ReadProcessMemory
FindActCtxSectionStringW
GetFileAttributesW
lstrcmpW
QueryActCtxW

oleaut32

VarR4FromUI8
SetVarConversionLocaleSetting
VarSub
VarCat
VarDecRound
VarR4FromI8
SafeArrayDestroyDescriptor
VarR4FromUI1
BstrFromVector
VarUI1FromI2
VarI8FromUI4
OleLoadPictureEx
OleIconToCursor
VarR8FromR4
SafeArrayUnaccessData
VARIANT_UserFree
SafeArrayGetLBound
VarDecMul
VarI8FromDisp
VarDecFromStr
SafeArrayCreateVectorEx
VarBoolFromDisp
SafeArrayRedim
VarUI2FromUI4
VarR4FromDisp
VarDecFromUI2
VarDecFromI4
CreateErrorInfo
SafeArrayGetUBound
VarBstrFromUI4
VarI8FromCy

polstore

IPSecDeleteISAKMPData
IPSecFreeMulNFAData
IPSecCopyISAKMPData
IPSecDeleteFilterData
IPSecFreeISAKMPData
IPSecSetISAKMPData
IPSecFreeNegPolData
IPSecSetPolicyData
IPSecCopyPolicyData
IPSecFreeMulPolicyData
IPSecDeleteNegPolData
IPSecCreateNegPolData
IPSecAllocPolMem
IPSecSetNegPolData
IPSecCreateFilterData
IPSecEnumPolicyData
IPSecEnumISAKMPData
IPSecCreateNFAData
IPSecCopyNFAData
IPSecFreeMulNegPolData
IPSecCreatePolicyData
IPSecCreateISAKMPData
IPSecFreeFilterData
IPSecEnumFilterData
IPSecOpenPolicyStore
IPSecFreePolStr
IPSecImportPolicies
IPSecSetNFAData
IPSecExportPolicies
IPSecUnassignPolicy

msvcrt

wcscoll
??_Eexception@@UAEPAXI@Z
_wstrtime
_fgetwchar
isprint
??0bad_cast@@AAE@PBQBD@Z
_mbcjistojms
atoi
_kbhit
calloc
__iscsymf
_isctype
_jn
_setmbcp
__set_app_type
_chkesp
bsearch
rename
atof
__doserrno
__p__commode
_ismbbkalnum
_findnext64
_getcwd
isalpha
_ismbbtrail
_adj_fdiv_m32
__argc
putc
_execlp
_CIsin
_mbsnbcpy
_CIacos
__lc_collate_cp
islower
_wcsupr
_strdate
__getmainargs
_wchmod
qsort
strtod
_snwprintf
_mbstok
_findfirst64
ungetwc
??_U@YAPAXI@Z
wcsncpy
memcpy
_ismbblead
??_7__non_rtti_object@@6B@
_lseeki64
fputws
sscanf
_putch
_wcsset
_wspawnvpe
fprintf
_mbsset
__p__wenviron
_execle
_CIlog
_getmbcp
_environ
_rotr
exit
_safe_fprem
_wsetlocale
_mkdir
??_Gbad_typeid@@UAEPAXI@Z
_local_unwind2
_mbcjmstojis
swprintf
__wargv

cmutil

?GetHInst@CIniA@@QBEPAUHINSTANCE__@@XZ
?GetLogFilePath@CmLogFile@@QAEPBGXZ
?GetRegPath@CIniW@@QBEPBGXZ
?WPPI@CIniW@@QAEXPBG0K@Z
?LoadSection@CIniA@@QBEPADPBD@Z
?Write@CmLogFile@@AAEJPAG@Z
?SetPrimaryRegPath@CIniA@@QAEXPBD@Z
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBG@Z
??1CIniA@@QAE@XZ
?LoadEntry@CIniA@@IBEPADPBD@Z
CmFmtMsgW
CmStrCpyAllocA
?GPPS@CIniW@@QBEPAGPBG00@Z
CmStrrchrA
?WPPI@CIniA@@QAEXPBD0K@Z
?GetHInst@CIniW@@QBEPAUHINSTANCE__@@XZ
WzToSz
?SetParams@CmLogFile@@QAEJHKPBG@Z
?SetFile@CIniA@@QAEXPBD@Z
CmStrtokW
??1CIniW@@QAE@XZ
?Init@CmLogFile@@QAEJPAUHINSTANCE__@@HPBD@Z
CmLoadStringW
?CIniW_GetEntryFromReg@CIniW@@IBEPAEPAUHKEY__@@PBG1KK@Z
CmStrTrimW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84d5083829555e4242a577c90adb5b87

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

oleaut32

polstore

msvcrt

cmutil

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 988B

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 988B

.rsrc
Size: 7KB - Virtual size: 7KB