98b4f163843e1895d5b764860dfd52caacc2ec1acf57f4fe7da5ea02a4cb536a

Sharing

Copy URL Twitter E-mail

General

Target

98b4f163843e1895d5b764860dfd52caacc2ec1acf57f4fe7da5ea02a4cb536a
Size

370KB
MD5

93b8f9b383db07ee715007061c2d9735
SHA1

eeb6ec04bd2831ccccf48aedc95381130225edbf
SHA256

98b4f163843e1895d5b764860dfd52caacc2ec1acf57f4fe7da5ea02a4cb536a
SHA512

bd09a45d34e3cf7abb519e41d5630d534d6f197df6d078fac893089f849b74221148e6a6a15fd84c375c804027bedb7857f2a4223cb327d89f43545e2b5fd0ab
SSDEEP

6144:hkWclBM7JHVyYQOVKR73Ou4gr59KU+BokHUyfQ5MapjR:h9RHV47bvr9gB1UyfQ5ME

Score

N/A

Malware Config

Signatures

Files

98b4f163843e1895d5b764860dfd52caacc2ec1acf57f4fe7da5ea02a4cb536a
.exe windows x86

578b9bc8b1c33bc3c517b908b0672881

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

powrprof

IsPwrHibernateAllowed
SetActivePwrScheme
ReadPwrScheme
WriteProcessorPwrScheme
IsPwrShutdownAllowed
DeletePwrScheme
ReadProcessorPwrScheme
CallNtPowerInformation
MergeLegacyPwrScheme
SetSuspendState
IsAdminOverrideActive
LoadCurrentPwrScheme
WriteGlobalPwrPolicy
IsPwrSuspendAllowed
GetActivePwrScheme
CanUserWritePwrScheme
GetCurrentPowerPolicies
GetPwrCapabilities
WritePwrScheme
ValidatePowerPolicies
GetPwrDiskSpindownRange
ReadGlobalPwrPolicy
EnumPwrSchemes

kernel32

RemoveDirectoryW
RegisterConsoleOS2
ReadConsoleInputExA
GetSystemDirectoryA
FlushInstructionCache
MulDiv
LocalAlloc
EnumResourceTypesW
SetLocalPrimaryComputerNameW
UpdateResourceW
CreateMailslotW
HeapCompact
GetCPInfoExW
WTSGetActiveConsoleSessionId
DebugActiveProcessStop
OpenSemaphoreA
WaitForMultipleObjectsEx
LZRead
VirtualAlloc
ReadConsoleOutputW
GetEnvironmentStringsW
SetConsoleCP
EnumResourceLanguagesA
FlushFileBuffers
SetComputerNameW
GetTapeParameters
TermsrvAppInstallMode
LZStart
FatalExit
CreateNamedPipeW
InterlockedPopEntrySList
DeleteFileA
FindVolumeMountPointClose
FindFirstVolumeW
SetComputerNameA
LoadLibraryA
ResumeThread
VirtualUnlock
GetACP
GetCommModemStatus
GetCurrentThread
SystemTimeToFileTime
QueryPerformanceCounter
WaitCommEvent
GetProfileIntW
RtlCaptureContext
GetConsoleFontSize

mprapi

MprInfoBlockRemove
MprAdminServerGetCredentials
MprAdminInterfaceCreate
MprAdminInterfaceTransportAdd
MprAdminInterfaceUpdateRoutes
MprAdminConnectionGetInfo
MprAdminMIBEntryGet
MprAdminUserWriteProfFlags
MprAdminTransportSetInfo
MprAdminMIBEntryDelete
MprAdminMIBEntryGetFirst
MprInfoCreate
MprAdminUpgradeUsers
MprAdminTransportGetInfo
MprAdminInterfaceGetInfo
MprAdminInterfaceDeviceGetInfo
MprConfigTransportDelete
MprAdminInterfaceUpdatePhonebookInfo
MprAdminIsServiceRunning
MprAdminGetErrorString
MprAdminPortEnum
MprConfigServerRestore
MprAdminMIBEntrySet
MprConfigBufferFree
MprConfigInterfaceTransportEnum
MprAdminInterfaceGetHandle
MprInfoBlockAdd
MprAdminServerGetInfo
MprConfigInterfaceGetHandle
MprAdminUserRead
MprAdminEstablishDomainRasServer
MprConfigServerGetInfo
MprInfoBlockQuerySize
MprAdminPortReset
MprAdminServerConnect
MprAdminInterfaceSetCredentialsEx
MprInfoDuplicate
MprConfigInterfaceDelete
MprAdminIsDomainRasServer
MprAdminBufferFree
MprConfigInterfaceEnum
MprAdminInterfaceSetCredentials
MprAdminInterfaceEnum
MprAdminPortDisconnect
MprConfigTransportEnum
MprAdminPortGetInfo
MprInfoBlockFind
MprConfigInterfaceGetInfo
MprConfigInterfaceTransportRemove
MprAdminMIBBufferFree
MprPortSetUsage
MprAdminUserClose
MprAdminInterfaceTransportRemove
MprAdminInterfaceDeviceSetInfo
MprConfigInterfaceTransportSetInfo
MprAdminMIBServerConnect
MprAdminTransportCreate
MprInfoDelete
MprConfigInterfaceTransportGetHandle
MprAdminUserWrite
MprConfigInterfaceSetInfo
MprConfigServerBackup
MprConfigTransportCreate
MprAdminDeviceEnum
MprAdminUserServerDisconnect
MprAdminInterfaceQueryUpdateResult
MprAdminInterfaceDisconnect
MprConfigServerConnect
MprAdminInterfaceGetCredentials
MprAdminConnectionEnum
MprAdminUserServerConnect

rasman

RasRegisterRedialCallback
RasPortSetProtocolCompression
RasPortGetBundle
RasGetPortUserData
RasPortDisconnect
RasInitialize
RasActivateRoute
RasFreeBuffer
RasDoIke
RasConnectionEnum
RasGetHConnFromEntry
RasGetCalledIdInfo
RasRpcPortEnum
RasInitializeNoWait
RasSetDialParams
RasGetConnectionUserData
RasProtocolEnum
RasPortGetBundledPort
RasDeviceSetInfo
RasRpcSetUserPreferences
RasServerPortClose
RasRpcDisconnect
RasPortSetInfo
RasPortGetFramingEx
RasPortSend
RasLinkGetStatistics
RasPortReceiveEx
RasRpcRemoteRasDeleteEntry
RasRpcConnectServer
RasIsTrustedCustomDll

mmcbase

?LastRefReleased@CMMCStrongReferences@@SG_NXZ
?HrFromSc@@YGJABVSC@mmcerror@@@Z
?GetHWnd@SC@mmcerror@@SGPAUHWND__@@XZ
?Throw@SC@mmcerror@@QAEXXZ
?InternalAddRef@CMMCStrongReferences@@AAEKXZ
??1?$CEventLock@UAppEvents@@@@QAE@XZ
??4CEventBuffer@@QAEAAV0@ABV0@@Z
?IsLocked@CEventBuffer@@QAE_NXZ
?SetHWnd@SC@mmcerror@@SGXPAUHWND__@@@Z
?Lock@CEventBuffer@@QAEXXZ
?FormatErrorIds@@YGXIVSC@mmcerror@@IPAG@Z
??8SC@mmcerror@@QBE_NABV01@@Z
?GetHinst@SC@mmcerror@@SGPAUHINSTANCE__@@XZ
?s_hInst@SC@mmcerror@@0PAUHINSTANCE__@@A
?GetMainThreadID@SC@mmcerror@@SGKXZ
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
?GetHelpID@SC@mmcerror@@QAEKXZ
?MMCErrorBox@@YGHII@Z
?AddRef@CMMCStrongReferences@@SGKXZ
?s_pDispatcher@CConsoleEventDispatcherProvider@@0PAVCConsoleEventDispatcher@@A
?GetHelpFile@SC@mmcerror@@SGPBGXZ
??0CMMCStrongReferences@@AAE@XZ
??7SC@mmcerror@@QBEHXZ
??0CEventBuffer@@QAE@ABV0@@Z
?MMCErrorBox@@YGHIVSC@mmcerror@@I@Z
??4?$CEventLock@UAppEvents@@@@QAEAAV0@ABV0@@Z
??0SC@mmcerror@@QAE@J@Z
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
?FatalError@SC@mmcerror@@QBEXXZ
?ScFromMMC@@YG?AVSC@mmcerror@@J@Z
??0CEventBuffer@@QAE@XZ
?GetStringModule@@YGPAUHINSTANCE__@@XZ
?GetSingletonObject@CMMCStrongReferences@@CGAAV1@XZ
?Unlock@CEventBuffer@@QAEXXZ
?Trace_@SC@mmcerror@@QBEXXZ
?s_dwMainThreadID@SC@mmcerror@@0KA
?GetEventBuffer@@YGAAVCEventBuffer@@XZ

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

578b9bc8b1c33bc3c517b908b0672881

Headers

File Characteristics

Imports

powrprof

kernel32

mprapi

rasman

mmcbase

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 1024B - Virtual size: 512KB

.rsrc Size: 183KB - Virtual size: 183KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 1024B - Virtual size: 512KB

.rsrc
Size: 183KB - Virtual size: 183KB

.reloc
Size: 1024B - Virtual size: 1024B