af8a53d779d933b4b356e404baf63086f71ca97f5fc97f41793f8786e221aa4f

Sharing

Copy URL Twitter E-mail

General

Target

af8a53d779d933b4b356e404baf63086f71ca97f5fc97f41793f8786e221aa4f
Size

45KB
MD5

3ce503509c014b67922c5b191fc7b6d3
SHA1

969f0ba1b76a855180a390022b1f4545ed9639d0
SHA256

af8a53d779d933b4b356e404baf63086f71ca97f5fc97f41793f8786e221aa4f
SHA512

d4e93d9535cd1bc14a2213cf1b45f065b7f5985a61eebdb85f8e08c05ead0b6aba963553f8a66714434903fcc093645341e441cf6a534c22a9f4cbda50b05630
SSDEEP

768:PfaC36L4nu04Gh+o68w3sX5KP0G8u/KTbcNehwQFB:Pfl3K4nuqvw8Xi0G8rbC4wyB

Score

N/A

Malware Config

Signatures

Files

af8a53d779d933b4b356e404baf63086f71ca97f5fc97f41793f8786e221aa4f
.exe windows x86

65094707f76c01da32776103d5a724c5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cfgmgr32

CM_Add_Res_Des
CM_Run_Detection
CM_Free_Log_Conf_Ex
CM_Get_Log_Conf_Priority_Ex
CM_Get_HW_Prof_Flags_ExW
CM_Get_Device_Interface_Alias_ExW
CM_Get_Hardware_Profile_Info_ExA
CM_Get_Device_Interface_List_Size_ExW
CM_Free_Resource_Conflict_Handle
CM_Add_Range
CM_Set_DevNode_Registry_Property_ExW
CM_Get_Class_NameW
CM_Get_Child
CM_Detect_Resource_Conflict
CM_Request_Eject_PC_Ex
CM_Get_Sibling_Ex
CM_Free_Log_Conf
CM_Get_Device_ID_List_SizeA
CM_Invert_Range_List
CM_Get_Class_Key_Name_ExW
CM_Get_Parent
CM_Uninstall_DevNode_Ex
CM_Get_DevNode_Registry_Property_ExW
CM_Get_Class_Name_ExW
CM_Get_Res_Des_Data_Size
CM_Remove_SubTree
CM_Dup_Range_List

wininet

InternetClearAllPerSiteCookieDecisions
InternetQueryFortezzaStatus
HttpAddRequestHeadersA
CreateUrlCacheEntryA
InternetGetCookieExA
FtpGetFileW
FtpRemoveDirectoryA
FindFirstUrlCacheEntryExA
InternetAutodialCallback
InternetCombineUrlA
InternetSetPerSiteCookieDecisionA
InternetSetCookieW
SetUrlCacheEntryGroup
InternetGetCookieA
DllInstall
FtpSetCurrentDirectoryA
InternetFindNextFileA
SetUrlCacheHeaderData
FindNextUrlCacheContainerA
DeleteUrlCacheEntryA
GopherOpenFileW
InternetCloseHandle
InternetCombineUrlW
InternetConfirmZoneCrossingA
InternetSetStatusCallback
UrlZonesDetach
IsUrlCacheEntryExpiredW
DeleteUrlCacheEntryW

dbghelp

SymEnumSymbols
SymSetOptions
SymGetTypeInfo
SymGetTypeFromName
SymGetSymFromAddr64
SymGetLinePrev
SymMatchString
SymGetSymNext
ImageDirectoryEntryToDataEx
SymEnumerateSymbolsW
SymEnumTypes
SymSetContext
SymGetModuleBase64
SymSetSearchPath
sym
SymGetLineNext
SymGetModuleInfoW
MakeSureDirectoryPathExists
EnumerateLoadedModules
SymInitialize
SymGetLineFromName
MapDebugInformation
SymGetLinePrev64
GetTimestampForLoadedLibrary
lmi
SymLoadModule
SymRegisterCallback64
SymUnloadModule
SymEnumerateModules
FindFileInPath
SymGetFileLineOffsets64
SymGetLineFromAddr64
SymMatchFileName
SymFindFileInPath

kernel32

ExitProcess
OpenFileMappingA
GetPrivateProfileIntW
lstrcpyW
Process32NextW
GetComputerNameA
DeleteVolumeMountPointW
GetStringTypeExA
SetCommMask
LCMapStringW
RegisterConsoleIME
DefineDosDeviceA
SetSystemPowerState
SetConsoleOS2OemFormat
VerifyVersionInfoW
GetFullPathNameA
NlsGetCacheUpdateCount
VirtualAlloc
SetConsoleCursorPosition
GetModuleHandleA
GetAtomNameA
GlobalLock
GetNumberOfConsoleMouseButtons
FindClose
SetHandleCount
GetConsoleScreenBufferInfo
EraseTape
GetSystemTimeAsFileTime
LoadLibraryA
QueryPerformanceCounter
IsSystemResumeAutomatic
LZInit
GetTempFileNameW
HeapSize
GetProfileIntW
GetCalendarInfoW
FindNextFileA
WriteFile
WTSGetActiveConsoleSessionId
SleepEx
SetHandleInformation

hhsetup

?GetSampleLocationW@CCollection@@QAEPBGXZ
?RemoveAll@CFIFOString@@QAEXXZ
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
??4CPointerList@@QAEAAV0@ABV0@@Z
?GetLanguage@CTitle@@QAEGXZ
?WriteFolders@CCollection@@AAEHPAPAVCFolder@@@Z
?SetPath@CLocation@@QAEXPBG@Z
?SetSampleLocation@CCollection@@QAEXPBD@Z
??4CFolder@@QAEAAV0@ABV0@@Z
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z
?RemoveAll@CPointerList@@QAEXXZ
?bIsVisable@CFolder@@QAEHXZ
?AddTitle@CCollection@@QAEPAVCTitle@@PBD0000GIPAVCLocation@@PAKH0@Z
?AddRef@CCollection@@QAEXXZ
?CheckTitleRef@CCollection@@AAEKPBDG@Z
?SetOrder@CFolder@@QAEXK@Z
?GetPath@CLocation@@QAEPADXZ
?GetSampleLocation@CCollection@@QAEPADXZ
?FindTitle@CCollection@@QAEPAVCTitle@@PBGG@Z
?SetTitle@CFolder@@QAEXPBG@Z
?GetNextTitle@CTitle@@QAEPAV1@XZ
?GetVolume@CLocation@@QAEPADXZ
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?SetId@CTitle@@QAEXPBD@Z
?SetExTitlePtr@CFolder@@QAEXPAVCExTitle@@@Z
?SetMasterCHM@CCollection@@QAEXPBGG@Z
?FindLocation@CCollection@@QAEPAVCLocation@@PBGPAI@Z
??4CFIFOString@@QAEAAV0@ABV0@@Z

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65094707f76c01da32776103d5a724c5

Headers

DLL Characteristics

File Characteristics

Imports

cfgmgr32

wininet

dbghelp

kernel32

hhsetup

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 5KB - Virtual size: 5KB