af6209a23d1e61145832a83eba43d7e81ecd8094a768ad80db52058958bd7741

Sharing

Copy URL Twitter E-mail

General

Target

af6209a23d1e61145832a83eba43d7e81ecd8094a768ad80db52058958bd7741
Size

828KB
MD5

6b5efc05c6e3b22c31de76013643e1d8
SHA1

1aded25533274eee9b5c4c0dbaadde3a9bd77e10
SHA256

af6209a23d1e61145832a83eba43d7e81ecd8094a768ad80db52058958bd7741
SHA512

bd5d92b48002e7c41bfeafa060b15fbc1f2ec4d67dfbc5ba6275ea13e870ce864cb68609cdfdf8d56a1429c1a3673e311f210c1d9dac1b0211c00abc896de3f0
SSDEEP

24576:3LOP2Whhdnn1CwUkW3aiHhmkElyXUBUa2:7ObnLijHQkElh

Score

N/A

Malware Config

Signatures

Files

af6209a23d1e61145832a83eba43d7e81ecd8094a768ad80db52058958bd7741
.exe windows x86

cdb87a82cc0bc398fd706dc33d9bf963

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ifsutil

?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?QueryDisjointRange@NUMBER_SET@@QBEXKPAVBIG_INT@@0@Z
?Read@SECRUN@@UAEEXZ
?RestoreThreadExecutionState@@YGXJK@Z
??0DIGRAPH_EDGE@@QAE@XZ
?SetCache@IO_DP_DRIVE@@QAEXPAVDRIVE_CACHE@@@Z
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?EnableFileSystem@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?IsFileSystemEnabled@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?RemoveEdge@DIGRAPH@@QAEEKK@Z
?DiskCopyMainLoop@@YGHPBVWSTRING@@000EPAVMESSAGE@@1@Z
?DismountVolume@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EG@Z
?Initialize@TLINK@@QAEEG@Z
?AddEntry@AUTOREG@@SGEPBVWSTRING@@@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@E@Z
?QueryDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z
?Initialize@NUMBER_SET@@QAEEXZ
??1MOUNT_POINT_MAP@@UAE@XZ
??0LOG_IO_DP_DRIVE@@QAE@XZ
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
?QuerySectorSize@DP_DRIVE@@UBEKXZ
?Set@BIG_INT@@QAEXEPBE@Z
??0SUPERAREA@@IAE@XZ
??1SPARSE_SET@@UAE@XZ
?AddEdge@DIGRAPH@@QAEEKK@Z

kernel32

GetFileAttributesExW
GetCommState
ClearCommBreak
GetConsoleHardwareState
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetHandleContext
OpenThread
GetLogicalDriveStringsW
GetConsoleAliasesLengthA
GetNumaHighestNodeNumber
EnumUILanguagesW
IsDBCSLeadByteEx
FillConsoleOutputAttribute
SetTermsrvAppInstallMode
LoadLibraryA
CancelDeviceWakeupRequest
ShowConsoleCursor
Process32FirstW
RemoveDirectoryW
GetTimeFormatW
FindFirstFileExA
VirtualAlloc
AddVectoredExceptionHandler
GetModuleHandleA
GetDevicePowerState
ReadConsoleA
TermsrvAppInstallMode
ExitProcess
SetProcessAffinityMask
GetPrivateProfileStringA
_lread
GetDiskFreeSpaceW
VerSetConditionMask
GetLargestConsoleWindowSize

crypt32

CryptVerifyMessageSignatureWithKey
CryptSetOIDFunctionValue
CertEnumSubjectInSortedCTL
I_CryptDetachTls
CryptGetMessageSignerCount
I_CryptGetAsn1Encoder
CryptMemRealloc
CryptGetOIDFunctionValue
CertSaveStore
CryptSignHashU
I_CertProtectFunction
CertAlgIdToOID
RegOpenHKCUKeyExU
CryptMemAlloc
CertOpenStore
CryptMsgControl
CryptFindOIDInfo
CryptRegisterOIDInfo
CertAddCRLLinkToStore
I_CryptFreeLruCache
I_CryptTouchLruEntry
CertCompareIntegerBlob
I_CryptAddSmartCardCertToStore
CryptInstallDefaultContext
CryptRegisterOIDFunction
I_CryptEnumMatchingLruEntries
CryptMsgCalculateEncodedLength
CertEnumCRLsInStore
CertVerifyValidityNesting

apphelp

SdbOpenDatabase
SdbReleaseDatabase
ApphelpGetNTVDMInfo
SdbTagToString
SdbReadBinaryTag
ApphelpCheckIME
ApphelpCheckShellObject
SdbGetDatabaseID
SdbFindNextTag
SdbFindFirstTagRef
SdbGrabMatchingInfoEx
SdbInitDatabase
ApphelpUpdateCacheEntry
ShimFlushCache
SdbGetFirstChild
SdbFindFirstMsiPackage_Str
AllowPermLayer
SdbGrabMatchingInfo
SdbDeletePermLayerKeys
SdbReadStringTagRef
SdbReadQWORDTag
SdbResolveDatabase
SdbReadDWORDTag
SdbEnumMsiTransforms
SdbQueryApphelpInformation
SdbGetTagDataSize
SdbFindNextMsiPackage
SdbGetDatabaseMatch

msorcl32

SQLFreeEnv
SQLPutData
SQLNativeSql
SQLSetPos
SQLRowCount
SQLMoreResults
SQLBindParameter
SQLGetStmtOption
SQLForeignKeys
LoadByOrdinal
SQLColAttributes
ConfigDSN
SQLDescribeCol
SQLSetCursorName
SQLAllocStmt
SQLExecDirect
SQLTables
SQLDisconnect
SQLConnect
SQLGetConnectOption
SQLAllocEnv
SQLFetch
SQLFreeConnect
SQLFreeStmt
SQLSetScrollOptions
SQLGetTypeInfo
SQLTransact

version

VerInstallFileW
VerInstallFileA
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueW
VerFindFileA
VerLanguageNameW
VerLanguageNameA
GetFileVersionInfoSizeW
VerFindFileW
GetFileVersionInfoA

Sections

.text
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cdb87a82cc0bc398fd706dc33d9bf963

Headers

DLL Characteristics

File Characteristics

Imports

ifsutil

kernel32

crypt32

apphelp

msorcl32

version

Sections

.text Size: 379KB - Virtual size: 378KB

.rdata Size: 146KB - Virtual size: 146KB

.data Size: 188KB - Virtual size: 1.5MB

.rsrc Size: 113KB - Virtual size: 112KB

.reloc Size: 1024B - Virtual size: 912B

.text
Size: 379KB - Virtual size: 378KB

.rdata
Size: 146KB - Virtual size: 146KB

.data
Size: 188KB - Virtual size: 1.5MB

.rsrc
Size: 113KB - Virtual size: 112KB

.reloc
Size: 1024B - Virtual size: 912B