96950749dfbf7b7fb6098cb182f9e69e998e7184ed0d67ed9fa2cb27b07e450e

Sharing

Copy URL Twitter E-mail

General

Target

96950749dfbf7b7fb6098cb182f9e69e998e7184ed0d67ed9fa2cb27b07e450e
Size

866KB
MD5

795fa5241b8a7254e68ceda4f3bd794b
SHA1

e076164eaac291a2f20125fe3ba63bae19882382
SHA256

96950749dfbf7b7fb6098cb182f9e69e998e7184ed0d67ed9fa2cb27b07e450e
SHA512

ad294c5180891b209e5c11724088473222fd1fc73b3536f92b57e20c35471b31a4a0ac70be6d7c54661e6e230d7bc373d178328a568dbc31796278c615ce3663
SSDEEP

24576:EIonCEo353vGzxu49uqYm3GwCvNHDB1em:ElnC/4w49ZkNj

Score

N/A

Malware Config

Signatures

Files

96950749dfbf7b7fb6098cb182f9e69e998e7184ed0d67ed9fa2cb27b07e450e
.exe windows x86

039f6ad1981aebc270c8d91d213c0f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ifsutil

?SetAutochkTimeOut@VOL_LIODPDRV@@SGEK@Z
?QueryChildren@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@EE@Z
?SendSonyMSInquiryCmd@DP_DRIVE@@QAEEPAUSONY_MS_INQUIRY_DATA@@@Z
??0DP_DRIVE@@QAE@XZ
??1DIGRAPH@@UAE@XZ
??0MOUNT_POINT_TUPLE@@QAE@XZ
??1SECRUN@@UAE@XZ
??0INTSTACK@@QAE@XZ
?Write@SECRUN@@UAEEXZ
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?QueryVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?Remove@NUMBER_SET@@QAEEPBV1@@Z
?InvalidateVolume@IO_DP_DRIVE@@QAEEXZ
?RemoveEdge@DIGRAPH@@QAEEKK@Z
?Push@INTSTACK@@QAEEVBIG_INT@@@Z
??1MOUNT_POINT_MAP@@UAE@XZ
?AddDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
??1SUPERAREA@@UAE@XZ
?Remove@NUMBER_SET@@QAEEVBIG_INT@@@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@0@Z
?Add@NUMBER_SET@@QAEEPBV1@@Z
?SendSonyMSModeSenseCmd@DP_DRIVE@@QAEEPAUSONY_MS_MODE_SENSE_DATA@@@Z
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?Format@VOL_LIODPDRV@@QAE?AW4FORMAT_ERROR_CODE@@PBVWSTRING@@PAVMESSAGE@@KKK@Z

cryptext

CryptExtAddCRL
CryptExtOpenSTRW
CryptExtOpenCAT
CryptExtAddCTLW
CryptExtAddSPCW
CryptExtAddCERW
CryptExtOpenCERW
CryptExtAddPFX
CryptExtAddP7R
CryptExtOpenCRLW
CryptExtOpenCRL
CryptExtOpenP7RW
CryptExtOpenPKCS7
CryptExtOpenCER
CryptExtOpenCATW
CryptExtAddCRLW
CryptExtAddCER
CryptExtOpenCTL
CryptExtAddSPC
CryptExtOpenPKCS7W
CryptExtOpenSTR
CryptExtOpenP7R
CryptExtAddCTL
DllGetClassObject
CryptExtAddP7RW
CryptExtAddPFXW
CryptExtOpenCTLW

kernel32

CommConfigDialogW
GetSystemTimeAsFileTime
SetComputerNameExA
EnumDateFormatsA
GetLocalTime
ActivateActCtx
RtlZeroMemory
GetProcessPriorityBoost
DosDateTimeToFileTime
DefineDosDeviceA
VirtualAlloc
GetTickCount
TlsFree
SystemTimeToTzSpecificLocalTime
GetConsoleCommandHistoryA
WriteConsoleA
GlobalAlloc
LZCloseFile
FindVolumeClose
GetLocaleInfoW
GetCurrentProcess
IsBadStringPtrA
LoadLibraryA
IsValidLocale
CreateDirectoryExW
PeekConsoleInputW
GetProcessHeap
GetNumberOfConsoleInputEvents
PostQueuedCompletionStatus
GlobalHandle
WriteConsoleOutputCharacterA
Thread32Next
SetConsoleFont
lstrcpyA
GetFileAttributesA
SetFileAttributesW
CreateTimerQueueTimer

wintrust

OfficeInitializePolicy
CryptCATEnumerateMember
CryptCATAdminAcquireContext
CryptCATAdminRemoveCatalog
CryptSIPCreateIndirectData
DriverInitializePolicy
WVTAsn1SpcIndirectDataContentEncode
CryptCATClose
SoftpubDllUnregisterServer
CryptCATPutCatAttrInfo
FindCertsByIssuer
TrustOpenStores
SoftpubDumpStructure
mssip32DllRegisterServer
WVTAsn1CatNameValueDecode
CryptCATOpen
GenericChainFinalProv
CryptCATCDFClose
SoftpubLoadDefUsageCallData
WTHelperGetFileName
CryptCATAdminAddCatalog
CryptCATPutAttrInfo
WVTAsn1SpcIndirectDataContentDecode
WTHelperProvDataFromStateData
WTHelperCertFindIssuerCertificate
OpenPersonalTrustDBDialog
CryptCATAdminPauseServiceForBackup
CryptCATCDFEnumMembersByCDFTag
WintrustCertificateTrust
CatalogCompactHashDatabase
DriverCleanupPolicy
WTHelperIsInRootStore
CryptCATAdminReleaseCatalogContext
WinVerifyTrustEx
WTHelperGetProvSignerFromChain
TrustFreeDecode
WintrustGetDefaultForUsage
CryptCATCatalogInfoFromContext
WTHelperGetAgencyInfo
WTHelperGetKnownUsages
mssip32DllUnregisterServer
OfficeCleanupPolicy

mprapi

MprAdminInterfaceSetCredentialsEx
MprAdminRegisterConnectionNotification
MprAdminInterfaceSetInfo
MprAdminUserWriteProfFlags
MprAdminInterfaceTransportGetInfo
MprGetUsrParams
MprConfigInterfaceCreate
MprConfigServerDisconnect
MprAdminPortClearStats
MprAdminUserReadProfFlags
MprAdminUserOpen
MprAdminInterfaceGetInfo
MprAdminInterfaceTransportAdd
MprAdminInterfaceGetCredentialsEx
MprConfigInterfaceTransportGetHandle
MprConfigInterfaceDelete
MprAdminMIBEntryGetNext
MprInfoBlockFind
MprAdminUserClose
MprAdminInterfaceDeviceSetInfo
MprAdminMIBEntryGet
MprAdminServerGetCredentials
MprConfigTransportSetInfo
MprAdminInterfaceGetHandle
MprInfoCreate
MprConfigServerRefresh
MprAdminPortGetInfo
MprAdminTransportCreate
MprConfigInterfaceEnum
MprDomainQueryRasServer
MprAdminServerDisconnect
MprAdminGetErrorString
MprConfigInterfaceGetHandle
MprAdminIsServiceRunning
MprInfoBlockAdd
MprAdminTransportSetInfo
MprAdminUserServerConnect
MprAdminInterfaceTransportRemove

sqlunirl

_GetVersionEx@4
_GetDiskFreeSpaceEx@16
_GetLogColorSpace_@12
_GetLogicalDriveStrings_@8
_CreateWindowEx@48
_LoadMenu@8
_CallNamedPipe_@28
_SearchPath_@24
_GetOutlineTextMetrics_@12
_NDdeShareGetInfo_@28
_GetProfileInt_@12
_NDdeShareDel_@12
_DeleteFile@4
_PrivilegedServiceAuditAlarm_@20
_DeviceCapabilities_@20
_CreateEnhMetaFile_@16
_CopyAcceleratorTable_@12
_GetVolumeInformation_@32
_CreateStatusWindow_@16
_NDdeSetTrustedShare_@12
_FindText_@4
_DrawState_@40
_OutputDebugString_@4
_EnumDependentServices_@24
_GetServiceDisplayName_@16
wsprintf_
_EnumResourceNames_@16
_OpenFile_@12
_RegEnumKey_@16
_OemToChar_@8
_CreatePropertySheetPage_@4
_GetProcAddress_@8
_GetWindowsDirectory_@8

wininet

IsUrlCacheEntryExpiredA
InternetSetStatusCallbackA
FtpPutFileA
InternetWriteFile
InternetGetCookieW
GopherGetLocatorTypeW
CreateUrlCacheGroup
InternetShowSecurityInfoByURL
InternetOpenW
InternetSetCookieExA
SetUrlCacheGroupAttributeA
FtpOpenFileW
FtpCommandA
InternetSetDialStateW
SetUrlCacheEntryGroupA
InternetOpenUrlA
FreeUrlCacheSpaceA
InternetGoOnlineW
InternetQueryFortezzaStatus
GetUrlCacheEntryInfoW
PrivacyGetZonePreferenceW
GopherGetAttributeW
SetUrlCacheEntryGroupW
InternetWriteFileExW
HttpSendRequestExA
CreateUrlCacheContainerW
ParseX509EncodedCertificateForListBoxEntry
GopherGetAttributeA
GopherOpenFileW
RetrieveUrlCacheEntryFileW
FtpGetFileEx
InternetConfirmZoneCrossing
FtpCreateDirectoryW

Sections

.text
Size: 318KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 231KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

039f6ad1981aebc270c8d91d213c0f82

Headers

DLL Characteristics

File Characteristics

Imports

ifsutil

cryptext

kernel32

wintrust

mprapi

sqlunirl

wininet

Sections

.text Size: 318KB - Virtual size: 318KB

.rdata Size: 313KB - Virtual size: 313KB

.data Size: 231KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 318KB - Virtual size: 318KB

.rdata
Size: 313KB - Virtual size: 313KB

.data
Size: 231KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B