cee1cbbbd5588894df56583060c322799b3660afc7ba40093627888b86c1c862

Sharing

Copy URL Twitter E-mail

General

Target

cee1cbbbd5588894df56583060c322799b3660afc7ba40093627888b86c1c862
Size

368KB
MD5

4735ea394fc5fe7a3133c3181a033a5a
SHA1

66a5fb964cbb853a51a4be0bd4530160a9d55455
SHA256

cee1cbbbd5588894df56583060c322799b3660afc7ba40093627888b86c1c862
SHA512

5ab5883719843355e1753b32d4cdc34252f7b43eb74258f14280905aa6e8d0b76772434a78e0ed64e94af6ddd54bc048aa4c2dd7f57e341055b79d91cb11e583
SSDEEP

6144:Za+9tAAmrJX9rmtxMiIreXsTrcGztRPtdXKATHoBUdpF6QnktxcljAEbWE//5axe:QieAm9NrmtxMJQGzt/lKATH/R6lSjJbx

Score

N/A

Malware Config

Signatures

Files

cee1cbbbd5588894df56583060c322799b3660afc7ba40093627888b86c1c862
.exe windows x86

5ce7dd10147c263cf01576dcbb77a015

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

query

?ContainsDrive@CDriveInfo@@SGHPBG@Z
?Release@CDbProperties@@UAGKXZ
?QueryInterface@CQueryUnknown@@UAGJABU_GUID@@PAPAX@Z
?Marshall@CRestriction@@QBEXAAVPSerStream@@@Z
?SkipWChar@CMemDeSerStream@@UAEXK@Z
?Close@CPipeClient@@IAEXXZ
?OpenRecordForWrites@CPropStoreManager@@QAEPAVCCompositePropRecordForWrites@@KPAE@Z
?AcqWord@CQueryScanner@@QAEPAGXZ
??1CQueryUnknown@@QAE@XZ
?SkipLong@CMemDeSerStream@@UAEXXZ
?Remove@CWorkQueue@@QAEXPAVPWorkItem@@@Z
??1CMachineAdmin@@QAE@XZ
?AppendChild@CDbCmdTreeNode@@IAEXPAV1@@Z
?Refresh@CCiRegParams@@QAEXPAUICiAdminParams@@H@Z
?Init@CSdidLookupTable@@QAEHPAVCiStorage@@@Z
?StopFiltering@CFilterDaemon@@QAEXXZ
?InitIterator@CCombinedPropertyList@@UAEXXZ
?AcceptCommand@CQueryScanner@@QAEXXZ
?Flush@CPropStoreManager@@QAEXXZ
?AddError@CEventItem@@QAEXK@Z
?ciDelete@@YGXPAX@Z
??1CDbSortSet@@QAE@XZ
??1CMemSerStream@@UAE@XZ
_AbortMerges@16
?GetPropInfo@CEmptyPropertyList@@QAEHABVCDbColId@@PAPBGPAGPAI@Z
??3CDbContent@@SGXPAX@Z
CIGetGlobalPropertyList
?Init@CMmStreamConsecBuf@@QAEXPAVPMmStream@@@Z
?GetFloat@CMemDeSerStream@@UAEMXZ
?MakeBackupCopy@CPidLookupTable@@QAEXAAVPRcovStorageObj@@AAVPSaveProgressTracker@@@Z
?ChangeCurrentMachine@CCatState@@QAEXPBG@Z
??0CSynRestriction@@QAE@ABVCKey@@KKKH@Z
?SetCY@CStorageVariant@@QAEXTtagCY@@I@Z
CollectCIPerformanceData
?Grow@CDynStream@@QAEXAAVPStorage@@K@Z
?ChangeCurrentDepth@CCatState@@QAEXH@Z
?IsWriteProtected@CDriveInfo@@QAEHXZ
??1CNatLanguageRestriction@@QAE@XZ

catsrvut

??_7CComPlusObject@@6B@
CGMIsAdministrator
WinlogonHandlePendingInfOperations
DllGetClassObject
?GetITypeLib@CComPlusTypelib@@QAEPAUITypeLib@@XZ
SysprepComplus
SysprepComplus2
FindAssemblyModulesW
StartMTSTOCOM
??4CComPlusObject@@QAEAAV0@ABV0@@Z
RegDBRestore
RegDBBackup
??0CComPlusInterface@@QAE@ABV0@@Z
QueryUserDllW
??0CComPlusComponent@@QAE@ABV0@@Z
RunMTSToCom
??_7CComPlusComponent@@6B@
??0CComPlusMethod@@QAE@ABV0@@Z
??_7CComPlusMethod@@6B@
??4CComPlusTypelib@@QAEAAV0@ABV0@@Z
ManagedRequestW
??4CComPlusInterface@@QAEAAV0@ABV0@@Z
COMPlusUninstallActionW
??0CComPlusObject@@QAE@ABV0@@Z
??4CComPlusMethod@@QAEAAV0@ABV0@@Z
??1CComPlusComponent@@UAE@XZ
??4CComPlusComponent@@QAEAAV0@ABV0@@Z
??_7CComPlusInterface@@6B@
??1CComPlusInterface@@UAE@XZ

snmpapi

SnmpSvcInitUptime
SnmpTfxQuery
SnmpUtilDbgPrint
SnmpSvcAddrIsIpx
SnmpUtilIdsToA
SnmpUtilMemFree
SnmpUtilMemAlloc
SnmpSvcSetLogType
SnmpUtilOidCmp
SnmpUtilOctetsFree
SnmpUtilAsnAnyFree
SnmpUtilUnicodeToUTF8
SnmpUtilVarBindCpy
SnmpUtilVarBindListCpy
SnmpUtilAsnAnyCpy
SnmpUtilPrintOid
SnmpUtilOidCpy
SnmpUtilOidNCmp
SnmpUtilVarBindListFree
SnmpSvcGetUptimeFromTime
SnmpUtilPrintAsnAny
SnmpTfxClose
SnmpSvcGetEnterpriseOID
SnmpUtilOidToA
SnmpSvcGetUptime
SnmpTfxOpen
SnmpUtilAnsiToUnicode

msvcrt

??_V@YAXPAX@Z
_mbclen
__unDName
wcscoll
_chdrive
__CxxUnregisterExceptionObject
_findnexti64
wcspbrk
iswgraph
__unDNameEx
difftime
_mbbtype
_adj_fdiv_m64
__uncaught_exception
_wstat64
_winver
??1bad_typeid@@UAE@XZ
_ismbbprint
_y0
abort
wcsspn
_getcwd
iscntrl
_CItan
abs
signal
wcsncat
_scalb
_mbstok
towlower
_putws
atexit
fmod

user32

GetPropA
GetClipboardFormatNameW
EndDialog
TrackPopupMenu
LoadStringW
SetWindowsHookA
OemToCharBuffW
GetWindowLongA
OemToCharBuffA
RecordShutdownReason
GetRawInputDeviceList
SetProcessDefaultLayout
DrawIcon
SetThreadDesktop
ModifyMenuW
AppendMenuW
SetMenuItemInfoA
GetDoubleClickTime
EnableMenuItem
UserRealizePalette
OpenDesktopA
CharUpperA
UnionRect
NotifyWinEvent
PostThreadMessageW
BeginDeferWindowPos
DdeCmpStringHandles
BuildReasonArray
IsCharUpperW

ntdll

RtlUpcaseUnicodeStringToCountedOemString
ZwVdmControl
CsrCaptureMessageMultiUnicodeStringsInPlace
RtlTimeToTimeFields
ZwDeleteObjectAuditAlarm
RtlClearBits
NtSetQuotaInformationFile
RtlRestoreLastWin32Error
RtlQueryProcessDebugInformation
ZwUnloadKey
ZwCreateKeyedEvent
RtlAddAccessAllowedAce
NtCancelIoFile
NtDeleteAtom
RtlConvertLongToLargeInteger
RtlAddVectoredExceptionHandler
RtlGetSecurityDescriptorRMControl
RtlNumberOfSetBits
RtlSubAuthoritySid
RtlMakeSelfRelativeSD
log
RtlAllocateHeap
RtlDumpResource
ZwInitializeRegistry
ZwQueryDefaultLocale
NtQuerySystemEnvironmentValueEx
_itoa

kernel32

InitAtomTable
QueryDosDeviceA
Thread32First
ReadConsoleOutputW
FindNextFileA
GlobalReAlloc
GetCommConfig
GetLastError
ClearCommBreak
GetTempFileNameA
WaitNamedPipeA
LoadResource
GetCurrentThread
LocalAlloc
FindResourceW
GetConsoleInputWaitHandle
CancelTimerQueueTimer
lstrcmpiW
Beep
SetFileApisToANSI
GetModuleHandleA
CreateMutexA
EnumLanguageGroupLocalesW
QueryPerformanceCounter
DeleteCriticalSection
FoldStringW
GetExitCodeThread
SetCalendarInfoW
BuildCommDCBAndTimeoutsA
Module32Next
LoadLibraryA
GetCommandLineA
EnumDateFormatsExA
PeekConsoleInputA
GetEnvironmentStringsW
lstrlen
VirtualAlloc
Thread32Next
FillConsoleOutputCharacterA
GetDateFormatA
FoldStringA

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ce7dd10147c263cf01576dcbb77a015

Headers

File Characteristics

Imports

query

catsrvut

snmpapi

msvcrt

user32

ntdll

kernel32

Sections

.text Size: 126KB - Virtual size: 126KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 1KB - Virtual size: 481KB

.rsrc Size: 130KB - Virtual size: 130KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 126KB - Virtual size: 126KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 1KB - Virtual size: 481KB

.rsrc
Size: 130KB - Virtual size: 130KB

.reloc
Size: 1KB - Virtual size: 1KB