98ad4d9c222b35c1e19df79fdc4b42c0f899534f5f1a4c697c70e25bb216ba9c

Sharing

Copy URL Twitter E-mail

General

Target

98ad4d9c222b35c1e19df79fdc4b42c0f899534f5f1a4c697c70e25bb216ba9c
Size

142KB
MD5

4de03a57c722d33c7be5817ba1e29989
SHA1

61479b1ee03dcd34d297a95b2e69233218718b78
SHA256

98ad4d9c222b35c1e19df79fdc4b42c0f899534f5f1a4c697c70e25bb216ba9c
SHA512

5d1249edc6d64fe1584704c62edc81c6ae72c7c941966967b207c53da729d86e71fbf3cc8e0b1ce6dc94f67c79e88fe1a792dde4933a76016f79820e47541390
SSDEEP

3072:n3PFwWZX3L433Sdz4bojnE/yndNvUx26OQHamwzOWFOY3RFU:3PiYESdz4botfQ26OQ9wPzU

Score

N/A

Malware Config

Signatures

Files

98ad4d9c222b35c1e19df79fdc4b42c0f899534f5f1a4c697c70e25bb216ba9c
.exe windows x86

3f32a93e3f701443d90a485b76497da2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyn
GetCPInfo
_hread
OpenJobObjectW
GetTimeZoneInformation
GetModuleHandleA
GetProcessAffinityMask
GetModuleHandleW
GetCalendarInfoA
IsDBCSLeadByteEx
VDMOperationStarted
GetLocaleInfoA
LoadLibraryW
GetMailslotInfo
FindFirstFileA
CloseConsoleHandle
CreateSemaphoreA
GlobalGetAtomNameA
GetProfileIntA
CloseHandle
GetCurrentThread
BackupSeek
QueueUserWorkItem
UpdateResourceW
DisconnectNamedPipe
Heap32ListNext
GetThreadPriorityBoost
MapUserPhysicalPages

usp10

ScriptGetGlyphABCWidth
UspAllocTemp
ScriptShape
ScriptStringCPtoX
ScriptGetFontProperties
ScriptStringOut
ScriptStringGetOrder
UspAllocCache
ScriptLayout
LpkPresent
UspFreeMem
ScriptJustify
ScriptCacheGetHeight
ScriptStringXtoCP
ScriptStringFree
ScriptStringValidate
ScriptString_pcOutChars

snmpapi

SnmpUtilUnicodeToUTF8
SnmpUtilOidToA
SnmpUtilOctetsFree
SnmpUtilPrintOid
SnmpUtilOidCmp
SnmpUtilVarBindListCpy
SnmpTfxQuery
SnmpUtilOidCpy
SnmpUtilOidFree
SnmpUtilVarBindFree
SnmpUtilAsnAnyFree
SnmpUtilPrintAsnAny
SnmpUtilOctetsNCmp
SnmpUtilOctetsCpy
SnmpUtilMemAlloc
SnmpUtilAnsiToUnicode
SnmpSvcGetEnterpriseOID
SnmpSvcInitUptime
SnmpUtilOidAppend
SnmpSvcAddrToSocket
SnmpUtilUTF8ToUnicode
SnmpUtilUnicodeToAnsi
SnmpSvcAddrIsIpx

shell32

SHGetFolderLocation
StrRChrW
ShellHookProc
DragQueryFileW
RealShellExecuteExA
StrRChrA
SHEnableServiceObject
StrRStrIA
PrintersGetCommand_RunDLL
StrChrIW
DllUnregisterServer
StrStrA
ShellExec_RunDLLW
StrRChrIA
RealShellExecuteExW
SHCreateShellItem

ifsutil

?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
??1VOL_LIODPDRV@@UAE@XZ
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@E@Z
??0SECRUN@@QAE@XZ
?Write@SECRUN@@UAEEXZ
?AddEdge@DIGRAPH@@QAEEKK@Z
??0TLINK@@QAE@XZ
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Write@LOG_IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?CheckAndRemove@SPARSE_SET@@QAEEVBIG_INT@@PAE@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z

mciseq

DriverProc

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f32a93e3f701443d90a485b76497da2

Headers

File Characteristics

Imports

kernel32

usp10

snmpapi

shell32

ifsutil

mciseq

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 512B - Virtual size: 280B

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 512B - Virtual size: 280B

.rsrc
Size: 9KB - Virtual size: 8KB