821dc7d1580cfd93ce72e538804bbd7469c09c2358a3a1d30409d888a5b86d55

Sharing

Copy URL Twitter E-mail

General

Target

821dc7d1580cfd93ce72e538804bbd7469c09c2358a3a1d30409d888a5b86d55
Size

1.7MB
MD5

f8f05d9dd9ea02ae20a8b2a9aedd0309
SHA1

30ebcbca89b719562116ac0af73ee409db92d0a9
SHA256

821dc7d1580cfd93ce72e538804bbd7469c09c2358a3a1d30409d888a5b86d55
SHA512

c05e835972ce80ca2a517a58b91f116dee25ab6531a9039494817a9746791740c00c5d78fb950f28888bd643b137c25580d0a6c76f64bf169d7993cef59847d1
SSDEEP

49152:zjBiYwEqetD1khD/DmUBgWQSxc0J7RiC4PafPfEwp0NCFd4:zrJ6+UBgu60HiNvwp0NC4

Score

N/A

Malware Config

Signatures

Files

821dc7d1580cfd93ce72e538804bbd7469c09c2358a3a1d30409d888a5b86d55
.exe windows x86

2259aedd9ae0785fc7c852a3c2931940

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ifmon

InitHelperDll

perfctrs

CloseTcpIpPerformanceData
CollectTcpIpPerformanceData
CollectDhcpPerformanceData
CloseDhcpPerformanceData
CollectNWNBPerformanceData
OpenTcpIpPerformanceData

mswsock

SetServiceW
EnumProtocolsW
WSARecvEx
EnumProtocolsA
AcceptEx
GetServiceW
TransmitFile
SetServiceA
NPLoadNameSpaces
GetTypeByNameA
GetTypeByNameW
s_perror
GetNameByTypeA
dn_expand
GetAddressByNameA
GetAddressByNameW
GetNameByTypeW
MigrateWinsockConfiguration
GetServiceA
GetAcceptExSockaddrs

expsrv

rtcRightVar
rtcInputCount
rtcDatePart
__vbaRsetFixstrFree
__vbaVarLateMemSt
Zombie_QueryInterface
__vbaFPFix
__vbaGetOwner4
__vbaGetFxStr4
_adj_fdivr_m64
rtcIntVar

scrrun

DllGetClassObject
DllCanUnloadNow
DllUnregisterServer

kernel32

ResumeThread
GetEnvironmentStrings
SetConsoleNlsMode
WaitForDebugEvent
MoveFileWithProgressW
GetVolumeNameForVolumeMountPointA
Process32First
WriteFile
GetCommTimeouts
GetFileAttributesExA
UpdateResourceA
MapViewOfFile
CreateJobObjectW
InvalidateConsoleDIBits
TryEnterCriticalSection
WritePrivateProfileStructA
GetLastError
ClearCommBreak
ClearCommError
HeapUnlock
SetFileAttributesW
SignalObjectAndWait
VirtualAlloc
GetExitCodeThread
Process32Next
GetLargestConsoleWindowSize
LoadResource
SetCurrentDirectoryA
GetConsoleCP
Module32Next
GetCommandLineW
GetFileSize
EnumSystemLocalesA
UnlockFileEx
GetPrivateProfileStructW
RegisterConsoleIME
MoveFileExA
HeapSetInformation
GetTapePosition
GetUserDefaultLangID
SetComputerNameW
GetCPInfoExA
OpenProfileUserMapping
FormatMessageA
Thread32Next

qasf

DllRegisterServer
DllUnregisterServer
DllCanUnloadNow
DllGetClassObject

regapi

RegWinStationAccessCheck
RegWinStationEnumerateA
RegOpenServerA
RegPdCreateW
RegPdDeleteA
RegBuildNumberQuery
RegWinStationEnumerateW
RegCdDeleteW
RegUserConfigQuery
RegWdCreateW
RegWdEnumerateA
RegWinStationDeleteW

dssenh

CPGetProvParam
CPGetUserKey
CPSetProvParam
CPGetKeyParam
CPGenRandom
CPDuplicateKey
CPSetHashParam
CPSetKeyParam
CPExportKey
CPHashData
CPAcquireContext
CPGenKey
CPSignHash
CPDuplicateHash
CPDeriveKey
CPVerifySignature

msvcp60

_Toupper
_Wcrtomb

ddraw

DSoundHelp
D3DParseUnknownCommand
DirectDrawEnumerateExW
DirectDrawCreateClipper
DirectDrawCreate
GetSurfaceFromDC
DDInternalLock
DirectDrawEnumerateW
DirectDrawEnumerateExA
DllGetClassObject
GetDDSurfaceLocal
CompleteCreateSysmemSurface
GetOLEThunkData
DllCanUnloadNow
DirectDrawEnumerateA
ReleaseDDThreadLock
RegisterSpecialCase
DirectDrawCreateEx

inseng

GetICifRWFileFromFile
DllCanUnloadNow
GetICifFileFromFile
DownloadFile
CheckTrust
CheckTrustEx
DllGetClassObject
PurgeDownloadDirectory
CheckForVersionConflict

qmgrprxy

DllCanUnloadNow
DllGetClassObject
DllUnregisterServer
DllRegisterServer

mstext40

DllRegisterServer
DllUnregisterServer

synceng

RemoveTwinFromTwinList
CreateRecList
SaveBriefcase
AddAllTwinsToTwinList
RemoveAllTwinsFromTwinList
CountSourceFolderTwins
IsOrphanObjectTwin
DeleteTwin
DestroyFolderTwinList
CloseBriefcase
EndReconciliation
GetVolumeDescription
AnyTwins
AddFolderTwin
FindFirstBriefcase
ClearBriefcaseCache
FindNextBriefcase
DeleteBriefcase
OpenBriefcase
AddTwinToTwinList
IsPathOnVolume
GetOpenBriefcaseInfo
ReconcileItem
CreateFolderTwinList
CreateTwinList
DestroyRecList
BeginReconciliation
DestroyTwinList
CompareFileStamps
IsFolderTwin
FindBriefcaseClose
AddObjectTwin
GetFileStamp
GetObjectTwinHandle
ReleaseTwinHandle
GetFolderTwinStatus

Sections

.rsrc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 710KB - Virtual size: 709KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 14.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2259aedd9ae0785fc7c852a3c2931940

Headers

File Characteristics

Imports

ifmon

perfctrs

mswsock

expsrv

scrrun

kernel32

qasf

regapi

dssenh

msvcp60

ddraw

inseng

qmgrprxy

mstext40

synceng

Sections

.rsrc Size: 42KB - Virtual size: 41KB

.tls Size: 512B - Virtual size: 4KB

.text Size: 710KB - Virtual size: 709KB

.data Size: - Virtual size: 14.3MB

.rsrc
Size: 42KB - Virtual size: 41KB

.tls
Size: 512B - Virtual size: 4KB

.text
Size: 710KB - Virtual size: 709KB

.data
Size: - Virtual size: 14.3MB