157f641f878caab81794a036f06acd635543007ab4811e5e33ef111309547289

Sharing

Copy URL Twitter E-mail

General

Target

157f641f878caab81794a036f06acd635543007ab4811e5e33ef111309547289
Size

841KB
MD5

228d551ff4c64fcbdd5ad7aab0defec3
SHA1

961bff20ef17dbd81854462fbdf0d089ab8caa59
SHA256

157f641f878caab81794a036f06acd635543007ab4811e5e33ef111309547289
SHA512

25c2c76739792b2f10ff1321cf00b3accd19324d657f821925f30a58db2307ab3a159232c5779190c18e54da81f2a56caf39940c798a5d4438f58856c9d5f5a6
SSDEEP

24576:7dZctnFENOZ2HUfTgo465NaRACpHcGL37c9Juh0gwm:7Pct6NOWIxfaRARELGMh/H

Score

N/A

Malware Config

Signatures

Files

157f641f878caab81794a036f06acd635543007ab4811e5e33ef111309547289
.exe windows x86

d70e8fd50b63e9ee589e453166ea0db5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryDosDeviceA
WriteConsoleOutputAttribute
GetOEMCP
CreateSocketHandle
WriteProfileSectionW
SetDefaultCommConfigA
QueryActCtxW
OpenWaitableTimerA
HeapCreate
GetLongPathNameA
GetDefaultCommConfigW
SetConsoleDisplayMode
EnumSystemGeoID
MoveFileExA
LoadLibraryW
CloseConsoleHandle
GlobalMemoryStatus
RemoveDirectoryW
CreatePipe
EnumResourceNamesA
Thread32First
PrepareTape
ResumeThread
InitializeCriticalSection

msoert2

CreateStreamOnHFileW
UlStripWhitespaceW
PszScanToWhiteA
DeleteTempFile
HrIndexOfWeek
StrToUintW
HrStreamSeekCur
ChConvertFromHex
CrackNotificationPackage
CryptAllocFunc

msvcirt

?cout@@3Vostream_withassign@@A
??_7ostream@@6B@
??0strstreambuf@@QAE@ABV0@@Z
??4logic_error@@QAEAAV0@ABV0@@Z
?gcount@istream@@QBEHXZ
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
?basefield@ios@@2JB
?clrlock@ios@@QAAXXZ
??_Gostream_withassign@@UAEPAXI@Z
??4stdiostream@@QAEAAV0@AAV0@@Z
??4istrstream@@QAEAAV0@ABV0@@Z

catsrvut

??_7CComPlusComponent@@6B@
SysprepComplus2
??4CComPlusObject@@QAEAAV0@ABV0@@Z
FindAssemblyModulesW
DllUnregisterServer
RegDBBackup
??0CComPlusMethod@@QAE@ABV0@@Z
ManagedRequestW
DllCanUnloadNow
RunMTSToCom
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
CGMIsAdministrator
SysprepComplus
RegDBRestore
COMPlusUninstallActionW
DllGetClassObject
StartMTSTOCOM
DllRegisterServer
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
??1CComPlusComponent@@UAE@XZ
??0CComPlusObject@@QAE@ABV0@@Z

ntdll

ZwRequestWaitReplyPort
ZwSetInformationObject
NtNotifyChangeKey
RtlAbortRXact
RtlLookupElementGenericTableAvl
sqrt
RtlUnhandledExceptionFilter
RtlComputePrivatizedDllName_U
NtReplyWaitReceivePortEx
DbgPrompt
ZwMapUserPhysicalPagesScatter
RtlZeroMemory
ZwSaveKey
NtReadFileScatter
NtOpenThreadToken
_wtol
ZwConnectPort
NtAlertThread
ZwCreateProfile
ZwQueryInformationFile
RtlRaiseStatus

hhsetup

?AddTitle@CCollection@@QAEPAVCTitle@@PBG0000GIPAVCLocation@@PAKH0@Z
?Open@CCollection@@QAEKPBD@Z
?NewLocationHistory@CTitle@@QAEPAULocationHistory@@XZ
?SetLanguage@CTitle@@QAEXG@Z
?RemoveAll@CPointerList@@QAEXXZ
?SetTitle@CFolder@@QAEXPBD@Z
?WriteFolder@CCollection@@AAEHPAPAVCFolder@@@Z
?AddFolder@CCollection@@QAEPAVCFolder@@PBGKPAKG@Z
?GetLocation@CTitle@@QAEPAULocationHistory@@K@Z
?GetId@CTitle@@QAEPADXZ
?GetOrder@CFolder@@QAEKXZ
?GetCollectionFileNameW@CCollection@@QAEPBGXZ
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?AddRefedTitle@CCollection@@AAEKPAVCFolder@@@Z
?GetRootFolder@CCollection@@QAEPAVCFolder@@XZ
?GetTitle@CLocation@@QAEPADXZ
?GetLangId@CCollection@@QAEGPBD@Z
?First@CPointerList@@QAEPAUListItem@@XZ
?GetSampleLocationW@CCollection@@QAEPBGXZ
?SetVolume@CLocation@@QAEXPBG@Z
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z
?SetTitle@CLocation@@QAEXPBD@Z
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ

gdi32

ExtCreatePen
GdiConvertBrush
GdiGetLocalBrush
EndFormPage
GetCurrentObject
PolyPolygon
DdEntry1
GetViewportOrgEx
OffsetRgn
DdEntry55
GdiSwapBuffers
CreateFontW
AnimatePalette
XLATEOBJ_piVector
EngAlphaBlend
XLATEOBJ_iXlate
GetETM

Sections

.text
Size: 378KB - Virtual size: 378KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d70e8fd50b63e9ee589e453166ea0db5

Headers

File Characteristics

Imports

kernel32

msoert2

msvcirt

catsrvut

ntdll

hhsetup

gdi32

Sections

.text Size: 378KB - Virtual size: 378KB

.rdata Size: 123KB - Virtual size: 122KB

.data Size: 197KB - Virtual size: 1.6MB

.rsrc Size: 122KB - Virtual size: 122KB

.reloc Size: 19KB - Virtual size: 21KB

.text
Size: 378KB - Virtual size: 378KB

.rdata
Size: 123KB - Virtual size: 122KB

.data
Size: 197KB - Virtual size: 1.6MB

.rsrc
Size: 122KB - Virtual size: 122KB

.reloc
Size: 19KB - Virtual size: 21KB