9aaf3f0e111dc970cd16b6d0d02e7c7f65812b916f6eb6e69018524ca58a6f89

Sharing

Copy URL Twitter E-mail

General

Target

9aaf3f0e111dc970cd16b6d0d02e7c7f65812b916f6eb6e69018524ca58a6f89
Size

164KB
MD5

a88534edca593c6bed3e352f19ed1987
SHA1

81f5ec1aeca257e5fb5a3b4a909f85764db06c2b
SHA256

9aaf3f0e111dc970cd16b6d0d02e7c7f65812b916f6eb6e69018524ca58a6f89
SHA512

352999aa0c331ddec7ebe23347513841ae875e2af5f1aea8ac82428acf2bad377e1a7426a455dabea04f14628efa1fa130614c188f24d494d681be6ccfec7ccf
SSDEEP

3072:/K38gi+iw5gPin3LlVCh9uibuChdVh9xXT+HJFs2DjNJQeCYBKIa1J+zCzFt:/K3YCYi3LlVChjaCXr2DjHQPUa1JL

Score

N/A

Malware Config

Signatures

Files

9aaf3f0e111dc970cd16b6d0d02e7c7f65812b916f6eb6e69018524ca58a6f89
.exe windows x86

f2e67d3c56c896f295c4ea6f2ff9fb71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetEnvironmentStringsW
SetFileShortNameW
GetExitCodeProcess
SetCalendarInfoA
ReadFileEx
ReadConsoleInputA
SetComputerNameExW
ResetEvent
RtlCaptureStackBackTrace
SetThreadUILanguage
GetNextVDMCommand
SetSystemPowerState
IsValidCodePage
FindFirstChangeNotificationW
AttachConsole
LoadLibraryA
SetProcessAffinityMask
GetConsoleWindow
FindNextVolumeMountPointA
OpenSemaphoreW
UTUnRegister
GetModuleHandleExA
EnumCalendarInfoA
GetNumaNodeProcessorMask
DeleteFiber
GetStartupInfoA
GlobalReAlloc
SystemTimeToFileTime
GetTapeStatus
GetTimeFormatW
ExpandEnvironmentStringsW
GetVolumePathNamesForVolumeNameA
GetDateFormatA
SetConsoleMode
SuspendThread
LocalHandle
VirtualFreeEx
FindCloseChangeNotification
WriteProcessMemory
SetThreadContext
GetComputerNameW
WritePrivateProfileStringW
GlobalFix
GetUserDefaultLangID
ScrollConsoleScreenBufferW
VerLanguageNameA
GlobalGetAtomNameA
GetStartupInfoW
GetOEMCP
GetThreadPriority
RequestWakeupLatency
CreateNamedPipeA
CreateToolhelp32Snapshot
UnhandledExceptionFilter
QueueUserWorkItem
LZCopy
ReadFileScatter
GetVersionExW
GetUserGeoID
GetNumaProcessorNode
VirtualAlloc
SetConsoleCursorInfo
HeapCreate
GetCommMask
SetLocaleInfoW
EnumerateLocalComputerNamesW
HeapDestroy

wintrust

HTTPSCertificateTrust
WVTAsn1SpcMinimalCriteriaInfoDecode
WVTAsn1SpcFinancialCriteriaInfoEncode
MsCatConstructHashTag
CryptSIPPutSignedDataMsg
WVTAsn1SpcStatementTypeDecode
WTHelperGetAgencyInfo
CryptCATEnumerateCatAttr
OfficeCleanupPolicy
WintrustGetRegPolicyFlags
CryptCATHandleFromStore
GenericChainCertificateTrust
OpenPersonalTrustDBDialog
OfficeInitializePolicy
CryptCATPutAttrInfo
WTHelperGetProvSignerFromChain
WVTAsn1CatNameValueEncode
CryptCATAdminCalcHashFromFileHandle
WintrustRemoveActionID
FindCertsByIssuer
WTHelperGetProvCertFromChain
CryptCATAdminAcquireContext
CryptCATAdminReleaseContext
GenericChainFinalProv
CryptCATClose
WVTAsn1SpcLinkEncode
CryptCATGetCatAttrInfo
CryptSIPRemoveSignedDataMsg
SoftpubDumpStructure
SoftpubLoadDefUsageCallData
WinVerifyTrustEx
WVTAsn1SpcMinimalCriteriaInfoEncode
CryptCATCDFEnumAttributesWithCDFTag
TrustFindIssuerCertificate
WTHelperGetFileName
CryptSIPVerifyIndirectData
CryptCATAdminResolveCatalogPath
SoftpubLoadSignature
CryptCATCDFEnumMembersByCDFTagEx
MsCatFreeHashTag
CryptCATAdminRemoveCatalog

ntdll

DbgBreakPoint
RtlMoveMemory
RtlTraceDatabaseCreate
NtResetEvent
NtQueryEaFile
ZwCompactKeys
NtCreateFile
NtSetSystemEnvironmentValueEx
RtlLargeIntegerAdd
ZwReleaseKeyedEvent
vDbgPrintEx
NtConnectPort
RtlApplyRXactNoFlush
RtlCreateActivationContext
ZwQueryDirectoryFile
RtlFindLeastSignificantBit
NtFlushKey
ZwCreateIoCompletion
NtOpenThreadToken
RtlGetElementGenericTable
NtTraceEvent
RtlIpv6StringToAddressW
NtQueryKey
ZwSetQuotaInformationFile
NtDeleteValueKey
NtCompareTokens
NtQueueApcThread
RtlDnsHostNameToComputerName
RtlInterlockedPushListSList
ZwReleaseMutant
ZwCreateNamedPipeFile
RtlCopyLuid
strpbrk
RtlValidateUnicodeString
LdrLoadDll
memcmp

olecli32

OleCopyFromLink
OleReconnect
CheckNetDrive
MfEnumFormat
PbGetData
LeSetHostNames
PbCreateFromFile
GenEnumFormat
OleSetColorScheme
LeQueryBounds
OleEnumObjects
LeGetUpdateOptions
OleClose
ErrCopyFromLink
LeSetData
DefCreateFromClip
GenRelease
GetTaskVisibleWindow
MfQueryBounds
OleCreateFromClip
BmCopy
ErrQueryOpen
OleQueryReleaseMethod
OleLockServer
DefCreateFromFile

crtdll

_ltow
_setsystime
iswdigit
_XcptFilter
strtod
_unlink
difftime
rewind
fflush
_strupr
atan2
memcmp
strpbrk
rand
_flushall
fwrite
_mbsstr
_osmode_dll
_ismbbgraph
_execle
_stat
_kbhit
ldiv
_mbctombb
fseek
iswlower
_strdup
__threadid
_spawnle
_heapmin
_mbschr
asctime
_tell
setbuf
sprintf
strxfrm
_eof
_rmdir
_open_osfhandle

msi

MsiDatabaseGenerateTransformA
MsiGetFileVersionW
MsiSummaryInfoSetPropertyA
MsiConfigureProductA
MsiGetFileVersionA
MsiAdvertiseProductExA
MsiSourceListForceResolutionW
MsiSequenceW
MsiSummaryInfoSetPropertyW
Migrate10CachedPackagesA
MsiGetLastErrorRecord
MsiReinstallFeatureFromDescriptorW
MsiGetFeatureStateA
MsiDeleteUserDataW
MsiProvideComponentFromDescriptorW
MsiEnumComponentQualifiersA
MsiEnumRelatedProductsW
MsiGetActiveDatabase
MsiGetDatabaseState
MsiViewGetColumnInfo
MsiLocateComponentW
MsiSetFeatureAttributesA
MsiDatabaseOpenViewA
MsiSetFeatureStateW
MsiGetProductCodeFromPackageCodeW
MsiQueryFeatureStateW
MsiViewGetErrorW
MsiGetSourcePathA
MsiReinstallFeatureW
MsiGetSummaryInformationA
MsiApplyPatchA
MsiGetFeatureCostW
MsiDatabaseApplyTransformA
MsiConfigureFeatureFromDescriptorA
MsiSetExternalUIW
MsiViewExecute
MsiRecordReadStream
MsiConfigureProductExA

msvcrt40

_mbccpy
_findfirst
??0strstreambuf@@QAE@H@Z
pow
getchar
iswspace
_futime
_CIlog10
_chgsign
ctime
getwc
??5istream@@QAEAAV0@PAC@Z
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
??_8stdiostream@@7Bostream@@@
_mbsnbset
_pwctype
?sbumpc@streambuf@@QAEHXZ
$I10_OUTPUT
realloc
strrchr
_mbspbrk
??0ifstream@@QAE@ABV0@@Z
_wspawnvpe
?put@ostream@@QAEAAV1@D@Z
fwscanf
_mbbtombc
?sync@filebuf@@UAEHXZ
_memccpy
_cgets
?sputc@streambuf@@QAEHH@Z
??_Distream@@QAEXXZ
_ismbcsymbol
fflush
_close
_mbsncoll
??_8ostrstream@@7B@
_mbsnextc
_mtlock
_mbctoupper
_logb
_wfullpath
??4ostrstream@@QAEAAV0@ABV0@@Z
??_7iostream@@6B@
localtime
??_Diostream@@QAEXXZ
??_Eios@@UAEPAXI@Z
?setmode@filebuf@@QAEHH@Z
_wcsnset
_ismbbkpunct
_ftime
asin
__p__mbctype
??_Estdiostream@@UAEPAXI@Z
fclose
_heapwalk
__p__pgmptr
?open@ofstream@@QAEXPBDHH@Z
__lconv_init
_sopen
_fmode
_CIsqrt
??_7__non_rtti_object@@6B@
__p___argv
tan
_ismbcprint
_pgmptr
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?bad@ios@@QBEHXZ
?name@type_info@@QBEPBDXZ
??_Estrstreambuf@@UAEPAXI@Z
?eatwhite@istream@@QAEXXZ

gdi32

EnumFontFamiliesW
GetFontResourceInfoW
GetDeviceCaps
RemoveFontResourceTracking
Rectangle
DdEntry56
EngStrokePath
GdiPlayEMF
GdiFullscreenControl
EngCreateBitmap
GetEnhMetaFileDescriptionA
GdiResetDCEMF
GdiAddGlsRecord
GdiEntry3
SetFontEnumeration
GetGlyphOutline
EngPlgBlt
BeginPath
GetTextFaceAliasW
FONTOBJ_pQueryGlyphAttrs
GdiConvertBrush
GdiPlayJournal
GdiSetPixelFormat
DdEntry45
SetColorSpace
CancelDC
CreatePalette
Escape
SetBkMode
DeleteEnhMetaFile
CreateFontA
CreateFontW
ExtSelectClipRgn
GdiEntry13
MaskBlt
SetMetaFileBitsEx
GetMetaFileBitsEx
GetEnhMetaFileHeader
BRUSHOBJ_pvAllocRbrush
DdEntry39
EngEraseSurface
GetCharABCWidthsFloatA
CreateICA
GetViewportExtEx
DeleteObject

perfnet

CloseNetSvcsObject
OpenNetSvcsObject
CollectNetSvcsObjectData

wmdmps

GetProxyDllInfo
DllGetClassObject

Sections

.tixt
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2e67d3c56c896f295c4ea6f2ff9fb71

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wintrust

ntdll

olecli32

crtdll

msi

msvcrt40

gdi32

perfnet

wmdmps

Sections

.tixt Size: 74KB - Virtual size: 74KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 49KB - Virtual size: 271KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.tixt
Size: 74KB - Virtual size: 74KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 49KB - Virtual size: 271KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B