c28d9b69d54ed81e377b550fa65c0659ba98d8dea9b3c509d8d175450e4cd69d

Sharing

Copy URL Twitter E-mail

General

Target

c28d9b69d54ed81e377b550fa65c0659ba98d8dea9b3c509d8d175450e4cd69d
Size

454KB
MD5

4afd4ee1defae38b08ad7ed1f68df0df
SHA1

90211b58f83e9c1fca8f42fd89497ea84551f75c
SHA256

c28d9b69d54ed81e377b550fa65c0659ba98d8dea9b3c509d8d175450e4cd69d
SHA512

93b17cc1b2be4f1f72c5c14fd62ad1374561fb0294c89f5ded0df52352bf096642dfc145392502152184a8d4b612593196d298c9f0f65d59833b30182a2ffaa3
SSDEEP

12288:6ShR5cEPyTrYuPmPdylPi/QjUilln2ASn6MMnMMMMMU8ISxe0SAY9:6S2yyTcBVylPi/cUillnPS6MMnMMMMM6

Score

N/A

Malware Config

Signatures

Files

c28d9b69d54ed81e377b550fa65c0659ba98d8dea9b3c509d8d175450e4cd69d
.lzh
pusk.exe.bin
.exe windows x86

e53f44912dcccdf38f74282e0b901b2a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rtm

RtmDequeueRouteChangeMessage
RtmEnumerateGetNextRoute
RtmCreateEnumerationHandle
RtmDeregisterClient
RtmCloseEnumerationHandle
RtmBlockDeleteRoutes
RtmRegisterClient
RtmGetFirstRoute
RtmAddRoute
RtmDeleteRoute
RtmIsRoute

ntdll

RtlQueryRegistryValues
RtlUnwind
RtlQueueWorkItem
wcscpy
wcslen

msi

MsiDatabaseExportW

cfgmgr32

CM_Get_Version
CM_Next_Range

rtutils

TraceRegisterExA
TraceVprintfExA
RouterLogRegisterA
RouterLogEventA
RouterLogEventDataW
TraceDeregisterA
RouterLogDeregisterA

kernel32

InterlockedIncrement
GetTickCount
GlobalFree
ExitProcess
GetLastError
Sleep
FileTimeToSystemTime
LeaveCriticalSection
GetModuleFileNameA
GlobalAlloc
CloseHandle
InterlockedDecrement
CreateThread
HeapDestroy
LoadLibraryA
EnterCriticalSection
FreeLibraryAndExitThread
HeapCreate
SetEvent
VirtualAlloc
DeleteCriticalSection
WaitForMultipleObjects
CreateEventA
BindIoCompletionCallback

shlwapi

StrCatBuffW

wmi

WmiNotificationRegistrationW

user32

CallMsgFilterA

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 287KB - Virtual size: 287KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 77KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e53f44912dcccdf38f74282e0b901b2a

Headers

DLL Characteristics

File Characteristics

Imports

rtm

ntdll

msi

cfgmgr32

rtutils

kernel32

shlwapi

wmi

user32

Sections

.text Size: 5KB - Virtual size: 5KB

.rsrc Size: 287KB - Virtual size: 287KB

.idata Size: 2KB - Virtual size: 1KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 77KB - Virtual size: 1.8MB

.reloc Size: 512B - Virtual size: 36B

.text
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 287KB - Virtual size: 287KB

.idata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 77KB - Virtual size: 1.8MB

.reloc
Size: 512B - Virtual size: 36B