ec55d4baa7dc47a907ea3ea3c9f32b50dcb262be1bf9d4ec33d8b8b7f806bd6b

Sharing

Copy URL Twitter E-mail

General

Target

ec55d4baa7dc47a907ea3ea3c9f32b50dcb262be1bf9d4ec33d8b8b7f806bd6b
Size

864KB
MD5

fe5e75a9b34f7bde8faf0aa94251482e
SHA1

eed0640ece8b2d559b316a9f81b2307c7ab2ad83
SHA256

ec55d4baa7dc47a907ea3ea3c9f32b50dcb262be1bf9d4ec33d8b8b7f806bd6b
SHA512

6cbc993ea70e7a01f4efb688592519993f3c1418d935d23631b5f83ce037ca7e5851b97d39b18af8975d6331ba86a9e02db856a424ef0cb230637c0356e30cb3
SSDEEP

12288:BvmfPgT3FRfG/+FUcOgqM6in+J1aoo5tAKAYHCB4RtVagDI8r+kPTi0R4K/q5Wvz:1w4jvtOgfh+J9W3HltVxDI8CkPOa/qn

Score

N/A

Malware Config

Signatures

Files

ec55d4baa7dc47a907ea3ea3c9f32b50dcb262be1bf9d4ec33d8b8b7f806bd6b
.exe windows x86

8bcafbcad78f17f18b8e7abf2c968321

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceNamesA
CreateThread
GlobalFix
LoadLibraryA
NlsGetCacheUpdateCount
CreateSemaphoreW
CreateWaitableTimerW
WriteConsoleInputA
GetOEMCP
GetNumberFormatW
GetLogicalDriveStringsA
GetUserDefaultUILanguage
GetFileSizeEx
VirtualAlloc
SetDefaultCommConfigW
SetConsoleCursorMode
SetProcessWorkingSetSize
ReadConsoleInputA
FlushFileBuffers
EnumSystemLocalesA
GetConsoleNlsMode
GetLogicalDriveStringsW
SetConsoleWindowInfo
UnregisterWait
Process32FirstW
GetProfileIntA
QueryPerformanceCounter
SetCommConfig
GetNumberOfConsoleInputEvents
LZCreateFileW
GetAtomNameW
ClearCommBreak
InterlockedFlushSList
GetVersionExA
GetNamedPipeHandleStateW
SetFileShortNameW
FreeEnvironmentStringsA
SetConsoleMode
GetSystemDefaultLCID
WaitForSingleObject
SetFileTime

ifsutil

?QueryDisjointRangeAndAssignBuffer@TLINK@@QAEPAXPAVBIG_INT@@PAG1PAXK2@Z
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@E@Z
??1SUPERAREA@@UAE@XZ
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?Initialize@SPARSE_SET@@QAEEXZ
?Set@BIG_INT@@QAEXEPBE@Z
??0SPARSE_SET@@QAE@XZ
?GetCannedSecurity@IFS_SYSTEM@@SGPAVCANNED_SECURITY@@XZ
?RestoreThreadExecutionState@@YGXJK@Z
??0READ_CACHE@@QAE@XZ
?NtDriveNameToDosDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?Remove@NUMBER_SET@@QAEEPBV1@@Z
?SetVolumeLabelAndPrintFormatReport@VOL_LIODPDRV@@QAEEPBVWSTRING@@PAVMESSAGE@@@Z
?Lock@IO_DP_DRIVE@@QAEEXZ
??0SECRUN@@QAE@XZ
?GetData@TLINK@@QAEAAVBIG_INT@@PAX@Z
?QueryMediaByte@DP_DRIVE@@QBEEXZ
?Add@NUMBER_SET@@QAEEVBIG_INT@@0@Z
?GetMessageW@SUPERAREA@@QAEPAVMESSAGE@@XZ
??0MOUNT_POINT_MAP@@QAE@XZ
?Initialize@INTSTACK@@QAEEXZ
??0DP_DRIVE@@QAE@XZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
?Add@NUMBER_SET@@QAEEVBIG_INT@@@Z
?GetDrive@SECRUN@@QAEPAVIO_DP_DRIVE@@XZ
?IsFrontEndPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?Initialize@SUPERAREA@@IAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@KPAVMESSAGE@@@Z
?EnableVolumeUpgrade@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Initialize@VOL_LIODPDRV@@IAEEPBVWSTRING@@0PAVSUPERAREA@@PAVMESSAGE@@E@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@E@Z
?AddVolumeName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
?WriteToFile@IFS_SYSTEM@@SGEPBVWSTRING@@PAXKE@Z
?Initialize@READ_WRITE_CACHE@@QAEEPAVIO_DP_DRIVE@@K@Z

crtdll

signal
abs
_mbsstr
_write
tmpfile
putc
_CIlog
_getdllprocaddr
_except_handler2
_mbclen
wcscoll
fread
tanh
wcspbrk
_getch
??2@YAPAXI@Z
strncpy
_fcloseall
_osmode_dll
iswctype
_strset
_fgetchar
_wtol
_scalb
_strcmpi
_locking
fscanf
_mbsnbcpy

esent

JetTerm2
JetDeleteColumn2
JetOpenTempTable3
JetCommitTransaction@8
JetRestore
JetGetIndexInfo
JetRenameTable
JetEndExternalBackup
JetSnapshotStart
JetGetInstanceInfo
JetRenameColumn
JetStopBackup
JetBeginTransaction2
JetRollback@8
JetCloseDatabase@12
JetGotoBookmark
JetSetCurrentIndex
JetGetTruncateLogInfoInstance
JetMove
JetOpenTempTable
JetInit
JetGetAttachInfo
JetCloseFileInstance
JetOpenDatabase
JetGetLogInfoInstance2
JetDupCursor
JetCreateDatabase2
JetCloseTable
JetMove@16
JetTerm
JetGetVersion
JetDupSession
JetSetColumn@28
JetCreateInstance2
JetMakeKey
JetUpdate@20
JetCreateInstance
JetCreateDatabaseWithStreaming
JetIntersectIndexes
JetCreateIndex2
JetSeek
JetGetLS
JetSnapshotStop
JetGrowDatabase

msvcrt40

getchar
??0ostream_withassign@@QAE@PAVstreambuf@@@Z
_mbbtype
_fputchar
_control87
localeconv
??6ostream@@QAEAAV0@PBE@Z
vswprintf
?setmode@ofstream@@QAEHH@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
_tzset
_getws
_mbsspn
wcsrchr
_getcwd
_sys_errlist
??6ostream@@QAEAAV0@PBC@Z
_mbsninc
_sopen
__p__amblksiz
_strupr
_mbsicoll
??6ostream@@QAEAAV0@O@Z
?getline@istream@@QAEAAV1@PACHD@Z
_wspawnlp
_filbuf
_mbsrchr
isxdigit
longjmp
ldexp
_getw
log
_wfindfirsti64
_ismbcpunct
__doserrno
_wasctime
is_wctype
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z

gdi32

GdiPlayPrivatePageEMF
GetMapMode
GetTextExtentExPointW
GetTextAlign
SelectBrushLocal
PtVisible
CloseMetaFile
GdiSetAttrs
GetTextExtentExPointWPri
SetWorldTransform
AddFontMemResourceEx
STROBJ_bEnum
GetGlyphOutlineA
GetCharABCWidthsA
GdiGetCodePage
DdEntry30
UpdateICMRegKeyA
SetWindowOrgEx
GetHFONT
GdiEntry13
EngGetPrinterDataFileName
GdiPlayEMF
GdiEntry14
GetObjectA
GetRgnBox

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bcafbcad78f17f18b8e7abf2c968321

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ifsutil

crtdll

esent

msvcrt40

gdi32

Sections

.text Size: 352KB - Virtual size: 352KB

.rdata Size: 377KB - Virtual size: 377KB

.data Size: 132KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 352KB - Virtual size: 352KB

.rdata
Size: 377KB - Virtual size: 377KB

.data
Size: 132KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B