cadedba5f1bd457c5c6b9a358ed9456c17b2e417662dc41313a30fcac868272a

Sharing

Copy URL Twitter E-mail

General

Target

cadedba5f1bd457c5c6b9a358ed9456c17b2e417662dc41313a30fcac868272a
Size

380KB
MD5

9779e707734d044a48cf989f195cc9df
SHA1

39dadd238695bf8abd2a05a972bcbe487acd9fa5
SHA256

cadedba5f1bd457c5c6b9a358ed9456c17b2e417662dc41313a30fcac868272a
SHA512

2f607f13b6d6f125caf4224883137c1f192666aa5606b2e68d3639ab96d0728f28370f7c52ee51d7d5018a079c409886e291826dcf1c6a09c52eb55e06fa1268
SSDEEP

6144:MYBFuqXiw2sBxkGPNpA33KAYyZyL5+OaXefRCdJz0ecwz/yY2++PEpusrFR4/mm:T6qXmjGPsHYyZyvqVzqY2fPEpusrFRf

Score

N/A

Malware Config

Signatures

Files

cadedba5f1bd457c5c6b9a358ed9456c17b2e417662dc41313a30fcac868272a
.exe windows x86

34009082645e5500e86663046f98bcb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

fscanf
remove
_mbctombb
_mbsnbset
_sleep
putchar
tanh
isspace
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_setsystime
_sys_nerr_dll
_mbsinc
_mbctohira
_spawnlpe
fsetpos
system
_getdrives
_wtol
towupper
abort
_sys_errlist
_osminor_dll
_ftol
_ismbbkalnum
strtod
_spawnl
_ismbchira
_abnormal_termination
_strnicmp
_mbstok
_control87
_execvpe
_wcsset
mblen
fmod
_popen
_mbbtype
_gcvt
_mbsspn

kernel32

GlobalFindAtomA
WaitForSingleObject
BaseFlushAppcompatCache
VerLanguageNameW
GetVolumeNameForVolumeMountPointA
FlushFileBuffers
GetDiskFreeSpaceExA
FindFirstFileA
GetHandleContext
FlushInstructionCache
VirtualAlloc
GetNamedPipeHandleStateW
SetFileAttributesW
DebugBreakProcess
VerifyConsoleIoHandle
HeapLock
IsDBCSLeadByteEx
GetACP
GetExitCodeThread
WriteProfileSectionW
WaitForMultipleObjects
GetModuleHandleExA
CreateFileMappingW
SetConsoleNumberOfCommandsW
GetTempPathW
SetConsoleMenuClose
EnumResourceNamesW
SetVolumeMountPointW
FindFirstFileExW
GetTapeStatus
lstrcmpW
Process32FirstW
IsValidCodePage
QueryDosDeviceA
GetSystemDefaultUILanguage
SetWaitableTimer
OpenFile
BackupRead
InitializeCriticalSection
EnumUILanguagesW
FindFirstVolumeW
Module32Next
VirtualQueryEx
TlsSetValue
ScrollConsoleScreenBufferW
VerifyVersionInfoA
LoadLibraryA
SetConsoleTitleA
CompareStringA
MoveFileExW
WriteConsoleOutputCharacterW
AddConsoleAliasW
GetNumaProcessorNode
FindNextVolumeMountPointW
FindVolumeClose
GetConsoleWindow
FatalExit
GetConsoleTitleW
SetCommConfig
TermsrvAppInstallMode
LZCopy
CreateSemaphoreW
lstrcmpiA
NlsGetCacheUpdateCount
lstrcpynA
Heap32ListFirst
LZStart
AttachConsole
GetStartupInfoA
GetFileType

sqlunirl

_PrintDlg_@4
_RegUnLoadKey_@8
_OpenMutex_@12
_FindResourceEx_@16
_EndUpdateResource_@8
_CreateWaitableTimer_@12
_GetGlyphOutline_@28
_FindWindowEx_@16
_GetBinaryType_@8
_CopyFileEx_@24
_PageSetupDlg_@4
_CreateMutex_@12
_EnumFontFamilies_@16
_CreateDirectory_@8
_PostMessage@16
_CreateStatusWindow_@16
_RemoveFontResource_@4
_SystemParametersInfo_@16
_RegSetValue_@20
_TextOut@20
_GetTextExtentPoint@16
_GetCharacterPlacement_@24
_DeleteFile@4
_DefMDIChildProc_@16
_SendMessageCallback_@24
_IsCharAlpha_@4
_WinHelp@16
_DlgDirList_@20
_tsystem
_GlobalAddAtom_@4
_NDdeTrustedShareEnum_@24
_FindNextFile_@8
_GetClassName_@12
_GetClassInfoEx_@12
_SHBrowseForFolder_@4
_DlgDirSelectComboBoxEx_@16
_NDdeIsValidAppTopicList_@4
_RegQueryValue_@16
_VerQueryValue_@16
_GetComputerName@8
_CharPrev_@8
_GetICMProfile_@12

ntdll

RtlIpv6AddressToStringW
RtlQueueApcWow64Thread
RtlCompareUnicodeString
wcstoul
NtReadFile
NtResumeThread
RtlNewSecurityObjectEx
RtlDeleteAce
RtlUpcaseUnicodeStringToAnsiString
RtlDeleteAtomFromAtomTable
CsrGetProcessId
RtlCreateEnvironment
RtlCreateTimerQueue
RtlEnumProcessHeaps
towlower
RtlInitString
RtlDestroyProcessParameters
NtQueryKey
ZwFlushBuffersFile
RtlComputePrivatizedDllName_U
ZwQuerySecurityObject
RtlExtendedIntegerMultiply
RtlQueryProcessLockInformation
KiUserApcDispatcher
strncat
NtQueryDefaultUILanguage
NtQueryBootOptions
RtlInsertElementGenericTableAvl
RtlDeleteCriticalSection
RtlQueryEnvironmentVariable_U
RtlCreateBootStatusDataFile
NtAllocateUuids
ZwDeleteKey
ZwSaveKeyEx
NtAddBootEntry
LdrLockLoaderLock
RtlGetSecurityDescriptorRMControl
ZwDebugActiveProcess
ZwQueryDirectoryFile

hhsetup

?SetParent@CFolder@@QAEXPAV1@@Z
?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?SetFindMergedCHMS@CCollection@@QAEXH@Z
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?SetLanguage@CTitle@@QAEXG@Z
?First@CPointerList@@QAEPAUListItem@@XZ
??1CFolder@@QAE@XZ
?RemoveCollection@CCollection@@QAEKH@Z
?SetNextFolder@CFolder@@QAEXPAV1@@Z
?AddLocation@CCollection@@QAEPAVCLocation@@PBD000PAK@Z
?GetTitle@CFolder@@QAEPADXZ
?GetTitleW@CLocation@@QAEPBGXZ
??0CFIFOString@@QAE@XZ
?AddLocation@CCollection@@QAEPAVCLocation@@PBG000PAK@Z
??4CFIFOString@@QAEAAV0@ABV0@@Z
?SetVolume@CLocation@@QAEXPBG@Z
?SetTitle@CFolder@@QAEXPBG@Z
??1CPointerList@@QAE@XZ
?DecrementRefTitleCount@CCollection@@QAEXXZ
?GetParent@CFolder@@QAEPAV1@XZ
?IsDirty@CCollection@@QAEHXZ
?GetId@CLocation@@QBEPADXZ
?AddTitle@CCollection@@QAEPAVCTitle@@PBG0000GIPAVCLocation@@PAKH0@Z
?GetLocation@CTitle@@QAEPAULocationHistory@@K@Z
?DeleteFolders@CCollection@@AAEXPAPAVCFolder@@@Z
?SetNextLocation@CLocation@@QAEXPAV1@@Z
?GetNextLocation@CLocation@@QAEPAV1@XZ
??0CTitle@@QAE@XZ
?SetSampleLocation@CCollection@@QAEXPBG@Z
?AddChildFolder@CFolder@@QAEPAV1@PBDKPAKG@Z
??4CCollection@@QAEAAV0@ABV0@@Z
?SetOrder@CFolder@@QAEXK@Z
?GetPathW@CLocation@@QAEPBGXZ
?ParseFile@CCollection@@AAEKPBD@Z
?RemoveAll@CFIFOString@@QAEXXZ
?CheckTitleRef@CCollection@@AAEKPBGG@Z
?GetFindMergedCHMS@CCollection@@QAEHXZ
??4CLocation@@QAEAAV0@ABV0@@Z
?AddFolder@CCollection@@QAEPAVCFolder@@PBDKPAKG@Z
?SetId@CLocation@@QAEXPBD@Z
?GetPath@CLocation@@QAEPADXZ
?GetLanguage@CTitle@@QAEGXZ
?Release@CCollection@@AAEKXZ

shsvcs

HardwareDetectionServiceMain
CreateHardwareEventMoniker

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 169KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34009082645e5500e86663046f98bcb9

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

kernel32

sqlunirl

ntdll

hhsetup

shsvcs

Sections

.text Size: 104KB - Virtual size: 104KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 169KB - Virtual size: 636KB

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 104KB - Virtual size: 104KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 169KB - Virtual size: 636KB

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 1024B - Virtual size: 1024B