dde6a107f83823ff4eebdedde1046958615aeec1c0abcaff9b302c74fe0cc1db

Sharing

Copy URL Twitter E-mail

General

Target

dde6a107f83823ff4eebdedde1046958615aeec1c0abcaff9b302c74fe0cc1db
Size

355KB
MD5

b4d8c91002d5edb94ec7c22ddcf6eb3b
SHA1

68603f210fafd802ba2679fe6f04e1f177538073
SHA256

dde6a107f83823ff4eebdedde1046958615aeec1c0abcaff9b302c74fe0cc1db
SHA512

7a33a1564145f8cac6ef62ecd7ef7b5ce7ebf6ea86860a1f9e1b2eb0f45fdf8137dd4837ad531ae3fbc9b84c7f81edfc19da2e0efc807b9f7ec13877197a591b
SSDEEP

6144:q6SAUTyIFFrX/NpCw2jOLeEQpx/24VVRzGtlZuZD3fnMd+9MfO0nAQ9R0yZhL6e:BSvTd/U2vAFQtlZmDvGB/AeKyZhL

Score

N/A

Malware Config

Signatures

Files

dde6a107f83823ff4eebdedde1046958615aeec1c0abcaff9b302c74fe0cc1db
.exe windows x86

ab203ea6ecca0589e6511a1a853befa8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

ntdll

_i64toa
RtlSetBits
strcat
ZwRenameKey
RtlSetControlSecurityDescriptor
RtlInitializeGenericTable
NtResumeThread
RtlDestroyProcessParameters
NlsMbOemCodePageTag
RtlAddAuditAccessObjectAce
RtlGetCompressionWorkSpaceSize
NtCreateDebugObject
ZwOpenProcess
RtlAppendUnicodeToString
ZwDeleteFile
NtLockRegistryKey
ZwSetSystemEnvironmentValue
RtlInitializeAtomPackage
NtModifyBootEntry
vDbgPrintEx
RtlTraceDatabaseDestroy
DbgPrintEx
NtCreateSection
ZwSetInformationThread
RtlSetProcessIsCritical
RtlDeactivateActivationContext
DbgBreakPoint
DbgUiRemoteBreakin
RtlAcquireResourceExclusive
RtlFirstFreeAce
RtlTryEnterCriticalSection
NtQueryTimer
ZwSetHighEventPair
NtQueryValueKey
CsrGetProcessId
RtlQueryTimeZoneInformation
ZwCreateDebugObject
RtlDllShutdownInProgress
LdrInitializeThunk
ispunct
RtlRealPredecessor
RtlFillMemory
NtMapViewOfSection
RtlEnumerateGenericTable
ZwSetDefaultHardErrorPort

msvcirt

?sbumpc@streambuf@@QAEHXZ
?rdstate@ios@@QBEHXZ
??1strstreambuf@@UAE@XZ
?open@filebuf@@QAEPAV1@PBDHH@Z
?open@fstream@@QAEXPBDHH@Z
??_8istream@@7B@
??_Eostream@@UAEPAXI@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?doallocate@streambuf@@MAEHXZ
??5istream@@QAEAAV0@PAE@Z
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
??_Eofstream@@UAEPAXI@Z
?read@istream@@QAEAAV1@PAEH@Z
??0ostream@@IAE@XZ
?tie@ios@@QAEPAVostream@@PAV2@@Z
?overflow@filebuf@@UAEHH@Z
?delbuf@ios@@QAEXH@Z
??_Dfstream@@QAEXXZ
?sh_none@filebuf@@2HB
?sputc@streambuf@@QAEHH@Z
_mtlock
?blen@streambuf@@IBEHXZ
??4ostrstream@@QAEAAV0@ABV0@@Z
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
?getdouble@istream@@AAEHPADH@Z
?tellp@ostream@@QAEJXZ
?put@ostream@@QAEAAV1@C@Z
?close@filebuf@@QAEPAV1@XZ
??1ostrstream@@UAE@XZ
??_Distream@@QAEXXZ
?unbuffered@streambuf@@IBEHXZ
?fail@ios@@QBEHXZ
?put@ostream@@QAEAAV1@E@Z
??5istream@@QAEAAV0@AAO@Z
?gcount@istream@@QBEHXZ
??_Gios@@UAEPAXI@Z
??0strstream@@QAE@XZ
??_7logic_error@@6B@
??1istream@@UAE@XZ
?pcount@ostrstream@@QBEHXZ
??0filebuf@@QAE@ABV0@@Z
?init@ios@@IAEXPAVstreambuf@@@Z
?fLockcInit@ios@@0HA

glu32

gluNewNurbsRenderer
gluErrorString
gluLoadSamplingMatrices
gluDeleteQuadric
gluTessNormal
gluPickMatrix
gluQuadricDrawStyle
gluTessEndPolygon
gluDeleteNurbsRenderer
gluBeginCurve
gluNurbsCallback
gluQuadricOrientation
gluBeginSurface
gluCylinder
gluBuild2DMipmaps
gluGetString
gluPerspective
gluTessEndContour
gluBeginPolygon
gluProject
gluNewTess
gluNextContour
gluScaleImage
gluNurbsSurface
gluQuadricNormals
gluTessBeginPolygon
gluSphere
gluDisk
gluNewQuadric
gluEndTrim
gluBuild1DMipmaps
gluDeleteTess
gluErrorUnicodeStringEXT
gluEndPolygon

sqlunirl

_GetKeyboardLayoutName_@4
_ObjectPrivilegeAuditAlarm_@24
_GetVersionEx@4
_WaitNamedPipe_@8
_DrawTextEx_@24
_GetWindowsDirectory_@8
_DefDlgProc_@16
_RegSetValue_@20
_NDdeGetTrustedShare_@20
_GetClassInfo@12
_SetCurrentDirectory_@4
_SetClassLong_@12
_LoadCursorFromFile_@4
_RegSaveKey_@12
_GetUserObjectInformation_@20
_BuildCommDCB_@8
_ObjectOpenAuditAlarm_@48
_QueryServiceConfig_@16
_CreateNamedPipe_@32
_LoadLibraryEx_@12
_CharUpperBuff_@8
_GetClassName_@12
_CreateService_@52
_CopyFileEx_@24
_ChooseColor_@4
_CreateMailslot_@16
_DrawText@20
wsprintf_
_FatalAppExit_@8
_CreateFontIndirect@4
_NDdeIsValidShareName_@4
_OpenService_@12
_RegQueryMultipleValues_@20
_CommDlg_OpenSave_GetFolderPath@12
_FindWindow_@8
_TranslateAccelerator@12
_MessageBoxIndirect_@4
_ExtractAssociatedIcon_@12
_GetDateFormat_@24
_GetCurrentHwProfile_@4
_CreateAcceleratorTable_@8
_GetLogicalDriveStrings_@8

kernel32

HeapQueryInformation
GetProfileStringA
QueryPerformanceCounter
GetModuleHandleA
VirtualAlloc
GetNamedPipeHandleStateA
LoadLibraryA
GetProcAddress
EnumDateFormatsW
SleepEx
OutputDebugStringA
FillConsoleOutputAttribute
MoveFileExA
MultiByteToWideChar
lstrcpyn
Heap32Next
FindFirstFileA
SystemTimeToFileTime
GetSystemWindowsDirectoryA
IsBadReadPtr
FileTimeToSystemTime
GetLocalTime
WriteConsoleInputVDMA
VerifyVersionInfoA
_hwrite
ReadConsoleInputW
HeapCreate
PeekConsoleInputA
GetFileSizeEx
AddLocalAlternateComputerNameA
GlobalFindAtomA
RequestWakeupLatency
ReadDirectoryChangesW

cryptnet

CertDllVerifyRevocation
LdapProvOpenStore
CryptGetObjectUrl
CryptFlushTimeValidObject
I_CryptNetGetUserDsStoreUrl
I_CryptNetGetHostNameFromUrl
CryptRetrieveObjectByUrlW
CryptUninstallCancelRetrieval
CryptRetrieveObjectByUrlA
CertDllVerifyCTLUsage
CryptGetTimeValidObject
CryptCancelAsyncRetrieval
CryptInstallCancelRetrieval

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ab203ea6ecca0589e6511a1a853befa8

Headers

File Characteristics

Imports

ntdll

msvcirt

glu32

sqlunirl

kernel32

cryptnet

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 215KB - Virtual size: 215KB

.data Size: 12KB - Virtual size: 395KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 215KB - Virtual size: 215KB

.data
Size: 12KB - Virtual size: 395KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 1024B - Virtual size: 1024B