d05f8e85c61517109454d7e74b331d96a3e061a528022ef11e4828ed6a68114d

Sharing

Copy URL Twitter E-mail

General

Target

d05f8e85c61517109454d7e74b331d96a3e061a528022ef11e4828ed6a68114d
Size

175KB
MD5

c39a99122b89f23fff8a04a0a6b6a13f
SHA1

dcbb778102f18689cadf2fb365a8239dc53baeba
SHA256

d05f8e85c61517109454d7e74b331d96a3e061a528022ef11e4828ed6a68114d
SHA512

583c44f5a00f3e1f62ac08192f449df07d87425e271e439060e5c4c6e1ac894bc2fc7235e3cfb8cbd2e63266cc7bdd40a4a806f8490af1e159c3c249c1a00b38
SSDEEP

3072:yDebcGPOaJdOWlAaNur/dtLhKycxjEudDISmzAj83FERNU0ajAjr00mbopuqkNSp:yKIfa+WlAnr/dt8jEADI9Ek0qAjERqkE

Score

N/A

Malware Config

Signatures

Files

d05f8e85c61517109454d7e74b331d96a3e061a528022ef11e4828ed6a68114d
.exe windows x86

1c61da2d37cba3d33e5ad228ab20c54c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

ICInstall
GetSaveFileNamePreviewA
ICSeqCompressFrameStart
DrawDibProfileDisplay
ICSendMessage
ICOpenFunction
DrawDibSetPalette
VideoForWindowsVersion
ICImageDecompress
DrawDibStart
ICImageCompress
ICDrawBegin
DrawDibEnd
DrawDibChangePalette
DrawDibOpen
ICGetDisplayFormat
ICCompressorFree
ICOpen
ICCompressorChoose
MCIWndCreateW
DrawDibBegin
ICClose
ICInfo
StretchDIB
ICSeqCompressFrame
DrawDibTime
ICLocate
ICGetInfo
MCIWndCreateA
DrawDibRealize
DrawDibGetBuffer
MCIWndCreate
ICSeqCompressFrameEnd
GetOpenFileNamePreview
ICDraw
MCIWndRegisterClass

kernel32

LockFile
GetThreadPriorityBoost
ContinueDebugEvent
DelayLoadFailureHook
GetStartupInfoA
WaitNamedPipeW
ResetEvent
ReleaseActCtx
TlsAlloc
SignalObjectAndWait
SetConsoleOutputCP
GlobalAddAtomW
EnumerateLocalComputerNamesW
BeginUpdateResourceW
GetCPInfoExA
GetConsoleCursorMode
GetConsoleKeyboardLayoutNameA
DosPathToSessionPathA
CloseProfileUserMapping
GlobalCompact
InitializeCriticalSection
GetStartupInfoW
WriteProfileStringW
InvalidateConsoleDIBits
lstrlen
_lwrite
SetThreadUILanguage
FindFirstFileExW
SetConsoleInputExeNameA
GetAtomNameW
SetLocalPrimaryComputerNameW
EnumDateFormatsA
FindResourceExA
EnumCalendarInfoExW
SetComPlusPackageInstallStatus
GetSystemWindowsDirectoryA
CopyFileExW
FillConsoleOutputAttribute
lstrcat
ProcessIdToSessionId
GetThreadSelectorEntry
GetNextVDMCommand
OpenWaitableTimerW
GetModuleFileNameA
RtlZeroMemory
DeleteTimerQueue
GetConsoleInputWaitHandle
GetCompressedFileSizeA
GlobalDeleteAtom
_lread
OpenFileMappingW
GetTapeParameters
SetFilePointer
SetCommState
QueueUserWorkItem
CreateTimerQueue
GetVolumePathNamesForVolumeNameA
SetProcessWorkingSetSize
LZSeek
GetUserDefaultLCID
GetLogicalDriveStringsW
VDMConsoleOperation
SetErrorMode
InterlockedFlushSList
TlsGetValue
ZombifyActCtx
DebugActiveProcess
GetVersionExA
SetFirmwareEnvironmentVariableA
SearchPathW
LocalLock
GetConsoleAliasesA
Heap32ListNext
SetVolumeMountPointW
GetCurrentProcessId
GetNativeSystemInfo
Heap32Next
GetProcessTimes
LCMapStringA
GetVersionExW
GetSystemDefaultLCID
OpenThread
EnumCalendarInfoExA
RtlFillMemory
RemoveDirectoryW
IsDBCSLeadByteEx
VirtualAlloc
LoadModule
GetMailslotInfo
GetProfileStringW
lstrlenW
GetCurrentConsoleFont
RegisterWowBaseHandlers
EnumCalendarInfoW
IsValidCodePage
UnlockFileEx
CopyLZFile
lstrcmp
VerLanguageNameW
GetSystemDefaultLangID
MulDiv
GetDriveTypeW
RegisterConsoleOS2
LoadLibraryA

untfs

??0NTFS_EXTENT_LIST@@QAE@XZ
??0NTFS_SA@@QAE@XZ
?ReadList@NTFS_ATTRIBUTE_LIST@@QAEEXZ
?Relocate@NTFS_CLUSTER_RUN@@QAEXVBIG_INT@@@Z
?GetNextAttributeRecord@NTFS_FRS_STRUCTURE@@QAEPAXPBXPAVMESSAGE@@PAE@Z
?ReadAgain@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?Write@NTFS_FILE_RECORD_SEGMENT@@UAEEXZ
?Initialize@NTFS_SA@@QAEEPAVLOG_IO_DP_DRIVE@@PAVMESSAGE@@VBIG_INT@@2@Z
?QueryFlags@NTFS_MFT_INFO@@SGEPAXG@Z
??1NTFS_ATTRIBUTE_LIST@@UAE@XZ
??0NTFS_MFT_FILE@@QAE@XZ
?AddSecurityDescriptor@NTFS_FILE_RECORD_SEGMENT@@QAEEW4_CANNED_SECURITY_TYPE@@PAVNTFS_BITMAP@@@Z
??1NTFS_BOOT_FILE@@UAE@XZ
?Flush@NTFS_MFT_FILE@@QAEEXZ
?Read@NTFS_SA@@QAEEPAVMESSAGE@@@Z
?QuerySegmentReference@NTFS_MFT_INFO@@SG?AU_MFT_SEGMENT_REFERENCE@@PAX@Z
?QueryAttributeByOrdinal@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAEKK@Z
?QueryVolumeFlagsAndLabel@NTFS_SA@@QAEGPAE00PAVWSTRING@@@Z
?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?Initialize@NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@E@Z
?SetVolumeFlag@NTFS_SA@@QAEEGPAE@Z
?Initialize@NTFS_CLUSTER_RUN@@QAEEPAVMEM@@PAVLOG_IO_DP_DRIVE@@VBIG_INT@@KK@Z
??1NTFS_BAD_CLUSTER_FILE@@UAE@XZ
?Write@NTFS_BITMAP@@QAEEPAVNTFS_ATTRIBUTE@@PAV1@@Z
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
?CompareDupInfo@NTFS_MFT_INFO@@SGEPAXPAU_FILE_NAME@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
?GetNext@NTFS_INDEX_TREE@@QAEPBU_INDEX_ENTRY@@PAKPAEE@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MASTER_FILE_TABLE@@@Z
?AllocateFileRecordSegment@NTFS_MASTER_FILE_TABLE@@QAEEPAVBIG_INT@@E@Z
?NtfsUpcaseCompare@@YGJPBGK0KPBVNTFS_UPCASE_TABLE@@E@Z
?IsFree@NTFS_BITMAP@@QBEEVBIG_INT@@0@Z
??1NTFS_LOG_FILE@@UAE@XZ
?Initialize@NTFS_MFT_INFO@@QAEEXZ
??0NTFS_ATTRIBUTE@@QAE@XZ
??0NTFS_MFT_INFO@@QAE@XZ
?Initialize@NTFS_REFLECTED_MASTER_FILE_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?MakeNonresident@NTFS_ATTRIBUTE@@UAEEPAVNTFS_BITMAP@@@Z
ChkdskEx
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
?QueryClusterFactor@NTFS_SA@@QBEEXZ
?Resize@NTFS_ATTRIBUTE@@UAEEVBIG_INT@@PAVNTFS_BITMAP@@@Z
Chkdsk
??0NTFS_INDEX_TREE@@QAE@XZ

query

?UnMarshall@CDbByGuid@@QAEHAAVPDeSerStream@@@Z
?Release@CEmptyPropertyList@@UAGKXZ
??0CSvcQuery@@QAE@PBGPAUIDBProperties@@@Z
?SetBSTR@CStorageVariant@@QAEXPAGI@Z
?Skip@CEnumWorkid@@UAGJK@Z
?Recognize@CDFA@@QAEEPBG@Z
??1SStorageObject@@QAE@XZ
?Marshall@CDbByGuid@@QBEXAAVPSerStream@@@Z
?BuildRegistryPropertiesKey@@YGXAAV?$XArray@G@@PBG@Z
?Close@CPipeClient@@IAEXXZ
??1CDbProp@@QAE@XZ
?SetExclude@CScopeAdmin@@QAEXH@Z
?DoIt@CCopyRcovObject@@QAEJXZ
?Marshall@CDbContentVector@@QBEXAAVPSerStream@@@Z
?Add@CKeyArray@@QAEHHABVCKey@@@Z
?GetPhysicalPath@CWebServer@@QAEKPBGPAGKK@Z
?ReportEventW@CEventLog@@QAEXAAVCEventItem@@@Z
?SetCatalog@CCatState@@QAEXPBG@Z
?IsWriteProtected@CDriveInfo@@QAEHXZ
?GetOleError@@YGJAAVCException@@@Z
??1CNatLanguageRestriction@@QAE@XZ
?_pGlobalPropListFile@CLocalGlobalPropertyList@@0PAVCPropListFile@@A
??0CAllocStorageVariant@@QAE@W4VARENUM@@KAAVPMemoryAllocator@@@Z
CiSvcMain
?Get@CWin32RegAccess@@QAEHPBGAAK@Z
?GetString@CMemDeSerStream@@UAEPADXZ
?FPSToPROPID@CPidConverter@@UAEJABVCFullPropSpec@@AAK@Z
?Rewind@CMmStreamConsecBuf@@QAEXXZ
?EnumerateProperty@CPidLookupTable@@QAEHAAVCFullPropSpec@@AAI@Z
?Clone@CDbCmdTreeNode@@QBEPAV1@H@Z
?Commit@CRcovStrmAppendTrans@@QAEXXZ
??1CProcess@@QAE@XZ
?GetR8@CAllocStorageVariant@@QBENI@Z
?GetFileSystem@CDriveInfo@@QAE?AW4eFileSystem@1@H@Z
?InitIterator@CCombinedPropertyList@@UAEXXZ
?WritePrimaryProperty@CPropStoreManager@@QAEJKKABVCStorageVariant@@@Z
?Shrink@CDynStream@@QAEXAAVPStorage@@K@Z
?AcqPath@CQueryScanner@@QAEPAGXZ
?NewStemmer@CCiOle@@SGPAUIStemmer@@ABU_GUID@@@Z
??0CDbColId@@QAE@XZ
?Marshall@CDbPropSet@@QBEXAAVPSerStream@@@Z
??1CWorkManager@@QAE@XZ
?GetLong@CMemDeSerStream@@UAEJXZ
?AddRef@CDbProperties@@UAGKXZ
?Release@CEnumString@@UAGKXZ

msvcrt40

_rmdir
??0streambuf@@IAE@XZ
?is_open@filebuf@@QBEHXZ
_fmode
_ismbbkpunct
wcstod
??1stdiobuf@@UAE@XZ
_cputs
__p__pgmptr
?xsputn@streambuf@@UAEHPBDH@Z
strcoll
_umask
_strnicoll
_fstati64
_heapset
__STRINGTOLD
??4Iostream_init@@QAEAAV0@ABV0@@Z
_ltow
labs
_wcsnicmp
??_7iostream@@6B@
rename
strtok
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
perror
?x_statebuf@ios@@0PAJA
_ismbclower
_chdrive
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
?base@streambuf@@IBEPADXZ
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ

gdi32

DdEntry50
SetBitmapAttributes
DdEntry11
Ellipse
GdiConvertPalette
GdiEntry16
DPtoLP
EnumFontFamiliesExA
DdEntry1
GdiGetPageHandle
GetCharWidthInfo
CreateFontW
EngAcquireSemaphore
GdiQueryFonts
PolyBezierTo
EngStrokeAndFillPath
EngCreateBitmap
GetPath
DdEntry15
CopyEnhMetaFileA
CreateMetaFileW
ExtEscape
DdEntry34
OffsetClipRgn
EngLineTo
SetDIBitsToDevice
SelectFontLocal
SetDCPenColor
SetPixel
AddFontMemResourceEx
GetLayout
TextOutA
GetGlyphOutlineWow
GdiEntry3
SetMiterLimit
GetSystemPaletteEntries
EngAssociateSurface
BRUSHOBJ_hGetColorTransform
STROBJ_bGetAdvanceWidths
DrawEscape
EngWideCharToMultiByte
CloseEnhMetaFile
EngGetPrinterDataFileName
CreateDiscardableBitmap
SetFontEnumeration

crtdll

vsprintf
_getw
_getdrive
_getdiskfree
_open_osfhandle
_ismbblead
_winver_dll
setlocale
towlower
_ismbbgraph
wcsstr
_eof
_pclose
__argv_dll
_y1
__GetMainArgs
_mbspbrk
getc
wcstombs
atof
strncat
_spawnv
fopen
_getcwd
_j0
_spawnl
_ismbcl1
__toascii
_strdup
_baseversion_dll

cmdial32

RasCustomDeleteEntryNotify
CmReConnect
RasCustomEntryDlg
_InetDialHandler@16
RasCustomHangUp
CmCustomDialDlg
RasCustomDialDlg
CmCustomHangUp
_AutoDialFunc@16
InetDialHandler
RasCustomDial
AutoDialFunc

odbc32gt

Dispatch2
Dispatch

Sections

.tixt
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c61da2d37cba3d33e5ad228ab20c54c

Headers

DLL Characteristics

File Characteristics

Imports

msvfw32

kernel32

untfs

query

msvcrt40

gdi32

crtdll

cmdial32

odbc32gt

Sections

.tixt Size: 87KB - Virtual size: 87KB

.rdata Size: 39KB - Virtual size: 39KB

.data Size: 43KB - Virtual size: 207KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 87KB - Virtual size: 87KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 43KB - Virtual size: 207KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B