7900cd8b8f624c78b837022a809bcf9f53c464028bcea078540f08a8e0bc0af0

Sharing

Copy URL

Twitter E-mail

General

Target

7900cd8b8f624c78b837022a809bcf9f53c464028bcea078540f08a8e0bc0af0
Size

242KB
MD5

1e716b93ed39bff5bf07b89d0af23eb0
SHA1

74e25af4346e38bf6e855dbfac2f229fd5a70cb2
SHA256

7900cd8b8f624c78b837022a809bcf9f53c464028bcea078540f08a8e0bc0af0
SHA512

591e2ce0e5e6630e211eaefa812119a454cf937c25a91aee4736500c37efeedf5280804e4ff9b25e45ba9a1cff94c7c8f03436b8e745d1e37f172fc32098a5bb
SSDEEP

6144:dFB2fiDv6glRq2QtRwuQ7S4+QCDmDraBNHGU54dqhs/dHk/:dFBDv6glJQ8S4+QCKDrINmUehdE/

Score

N/A

Malware Config

Signatures

Files

7900cd8b8f624c78b837022a809bcf9f53c464028bcea078540f08a8e0bc0af0
.exe windows x86

f3102c53bd74c83ba94e2d17174f7390

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

traffic

TcOpenInterfaceW
TcDeregisterClient
TcModifyFlow
TcEnumerateInterfaces
TcSetFlowW
TcSetInterface
TcAddFlow
TcQueryFlowA
TcGetFlowNameA
TcCloseInterface
TcOpenInterfaceA
TcQueryFlowW
TcQueryInterface
TcGetFlowNameW
TcRegisterClient
TcDeleteFlow
TcDeleteFilter
TcEnumerateFlows
TcAddFilter

mprapi

MprAdminMIBBufferFree
MprConfigInterfaceGetInfo
MprConfigGetFriendlyName
MprConfigTransportDelete
MprAdminIsDomainRasServer
MprConfigInterfaceTransportGetInfo
MprAdminDeviceEnum
RasPrivilegeAndCallBackNumber
MprConfigServerDisconnect
MprAdminServerGetCredentials
MprConfigServerConnect
MprConfigServerRestore
MprConfigInterfaceEnum
MprAdminUserClose
MprAdminInterfaceConnect
MprAdminMIBEntryGetFirst
MprConfigInterfaceTransportEnum
MprAdminInterfaceDeviceSetInfo
MprAdminInterfaceGetCredentials
MprConfigTransportCreate
MprInfoBlockFind
MprAdminInterfaceSetCredentialsEx

dbghelp

MiniDumpReadDumpStream
SymEnumerateSymbols64
ImageRvaToSection
SymLoadModule64
SymSetSearchPath
SymEnumSourceFiles
FindExecutableImageEx
SymUnloadModule64
SymGetLineFromName64
MapDebugInformation
omap
SymGetLineFromName
ImagehlpApiVersion
SearchTreeForFile
ExtensionApiVersion
SymEnumerateSymbolsW
UnDecorateSymbolName
SymGetLineFromAddr64
SymSetOptions
SymFromName
SymMatchString
MiniDumpWriteDump
SymGetTypeFromName
SymFromAddr
SymGetSymFromAddr64
SymGetLineNext
SymMatchFileName
MakeSureDirectoryPathExists

kernel32

ReadFileEx
GetConsoleTitleW
Module32FirstW
GetFileAttributesA
FlushConsoleInputBuffer
SetConsoleScreenBufferSize
LZRead
CreateJobObjectW
CompareFileTime
OpenFileMappingW
RegisterConsoleIME
GetStartupInfoW
DeleteTimerQueueEx
InterlockedExchange
SetProcessPriorityBoost
GlobalAlloc
GetConsoleHardwareState
GetLocalTime
GetProfileStringW
GetStartupInfoA
lstrcpynA
GlobalLock
CreateFileW
LoadLibraryW
GetModuleHandleW
GetVolumeInformationA
GetNumberOfConsoleFonts
AreFileApisANSI
OpenSemaphoreA
SetFileApisToOEM
GetFileSize

mfcsubs

??H@YG?AVCString@@DABV0@@Z
?SpanIncluding@CString@@QBE?AV1@PBG@Z
?Lock@CCriticalSection@@UAEHK@Z
?Format@CString@@QAAXIZZ
??4CString@@QAEABV0@PBE@Z
?InitHashTable@CMapStringToPtr@@QAEXIH@Z
??1CMapStringToPtr@@UAE@XZ
??1CCriticalSection@@UAE@XZ
??8@YG_NPBGABVCString@@@Z
?GetNextAssoc@CMapStringToPtr@@QBEXAAPAU__POSITION@@AAVCString@@AAPAX@Z
?AfxExtractSubString@@YGHAAVCString@@PBGHG@Z
?Collate@CString@@QBEHPBG@Z
??0CString@@QAE@PBG@Z
?SetAt@CString@@QAEXHG@Z
??0CMapStringToPtr@@QAE@H@Z
?IsEmpty@CString@@QBEHXZ
??O@YG_NPBGABVCString@@@Z
?TrimLeft@CString@@QAEXXZ
?data@CPlex@@QAEPAXXZ
?RemoveAt@CStringArray@@QAEXHH@Z
??0CObject@@IAE@XZ
?Append@CStringArray@@QAEHABV1@@Z
??ACStringArray@@QAEAAVCString@@H@Z
?UnlockBuffer@CString@@QAEXXZ
??YCString@@QAEABV0@PBG@Z
??H@YG?AVCString@@ABV0@PBG@Z
?Mid@CString@@QBE?AV1@H@Z
?GetStartPosition@CMapStringToPtr@@QBEPAU__POSITION@@XZ

wldap32

ber_free
ber_bvfree
ldap_extended_operation_sW
ldap_delete_sA
ldap_control_free
ldap_simple_bindW
ldap_parse_sort_controlA
ldap_free_controlsW
ldap_get_values_lenW
LdapUnicodeToUTF8
ldap_simple_bind_s
ldap_count_valuesA
ldap_delete_ext_sW
ldap_search_st
ldap_parse_resultW
ldap_parse_result
ldap_initA
ldap_parse_sort_controlW
ldap_modrdn_sA
ldap_escape_filter_elementA
ldap_dn2ufnW
ldap_value_free
ldap_get_option
ldap_err2string

hhsetup

?AddLocation@CCollection@@QAEPAVCLocation@@PBG000PAK@Z
??4CLocation@@QAEAAV0@ABV0@@Z
?AddRef@CCollection@@QAEXXZ
?HandleCollectionEntry@CCollection@@AAEKPAVCParseXML@@PAD@Z
?GetVolume@CLocation@@QAEPADXZ
?DeleteFolder@CCollection@@QAEKPAVCFolder@@@Z
?SetId@CLocation@@QAEXPBG@Z
?Open@CCollection@@QAEKPBG@Z
??0CPointerList@@QAE@XZ
?GetRefTitleCount@CCollection@@QAEKXZ
?GetColNo@CCollection@@QAEKXZ
?DeleteChildren@CCollection@@AAEXPAPAVCFolder@@@Z
?SetPath@CLocation@@QAEXPBD@Z
?GetTail@CFIFOString@@QAEKPAPAD@Z
?AllocCopyValue@CCollection@@AAEKPAVCParseXML@@PADPAPAD@Z
?MergeKeywords@CCollection@@QAEHPAD@Z
?GetTitleW@CFolder@@QAEPBGXZ
?SetId@CTitle@@QAEXPBD@Z
??4CCollection@@QAEAAV0@ABV0@@Z
?SetOrder@CFolder@@QAEXK@Z
?GetSampleLocationW@CCollection@@QAEPBGXZ
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
??4CFIFOString@@QAEAAV0@ABV0@@Z
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z
?SetTitle@CFolder@@QAEXPBD@Z
?Save@CCollection@@QAEKXZ
?bIsVisable@CFolder@@QAEHXZ
?AddLocationHistory@CTitle@@QAEKKPBG00PBVCLocation@@00H@Z

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3102c53bd74c83ba94e2d17174f7390

Headers

File Characteristics

Imports

traffic

mprapi

dbghelp

kernel32

mfcsubs

wldap32

hhsetup

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 65KB - Virtual size: 64KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 65KB - Virtual size: 64KB

.rsrc
Size: 1KB - Virtual size: 1KB