db88432c6f40e827c6c318cad3308326ff55468d8615073bd1da8e53bdec7b1d

Sharing

Copy URL Twitter E-mail

General

Target

db88432c6f40e827c6c318cad3308326ff55468d8615073bd1da8e53bdec7b1d
Size

370KB
MD5

2e07d134aa35892c1fabd0c89168839b
SHA1

055b8542766d58328e22eb3509e49134d0dd2c1f
SHA256

db88432c6f40e827c6c318cad3308326ff55468d8615073bd1da8e53bdec7b1d
SHA512

bb029ed3d9101d716ad5cb9b8eb7e3789f83ca64eb5b8fa615f78c0a60373850fae5f7832ee51fb8a6f105a6fe2c77bf7b91a6d09024faa2bef9efafc6f73b3f
SSDEEP

6144:EOzZG2VHDiQWgI7gjTOsbRcx8RNA3GK1a5PWhVzLgNQskz9dfx:EoQ+Jjas9czGEaUP7jfx

Score

N/A

Malware Config

Signatures

Files

db88432c6f40e827c6c318cad3308326ff55468d8615073bd1da8e53bdec7b1d
.exe windows x86

c252675b98f6bc85513ef680dc01d880

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WriteFile
ReadConsoleInputA
GetFileTime
ReadConsoleOutputAttribute
SetCriticalSectionSpinCount
LocalAlloc
SetFileAttributesW
FindAtomW
GetStringTypeExW
SetThreadIdealProcessor
RequestDeviceWakeup
DeleteTimerQueue
SetLocalPrimaryComputerNameA
GetACP
CompareStringW
GetConsoleCursorInfo
SetConsoleNumberOfCommandsW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
GetEnvironmentStringsW
SetConsoleMenuClose
WriteConsoleInputVDMA
SetConsoleOutputCP
GetLogicalDriveStringsW
GetStartupInfoA
FindNextVolumeMountPointW
GetDriveTypeA
IsBadStringPtrA
GetCurrentDirectoryW
LoadLibraryA
AddVectoredExceptionHandler
SetConsoleCursorMode
OutputDebugStringA
LoadModule
GetCurrentThread
MoveFileWithProgressW
SetThreadUILanguage
FindNextVolumeW
SetCommBreak
DeleteTimerQueueEx
GetCommProperties
EnumSystemLocalesW
HeapWalk
QueryPerformanceCounter
GetHandleInformation
MultiByteToWideChar
FindVolumeMountPointClose
SetProcessAffinityMask
GetTapeStatus
VirtualAlloc

winipsec

CloseTransportFilterHandle
AddQMPolicy
EnumMMFilters
OpenMMFilterHandle
GetMMPolicy
EnumIPSecInterfaces
SPDApiBufferAllocate
GetQMPolicyByID
CloseTunnelFilterHandle
DeleteMMFilter
AddTunnelFilter
DeleteTunnelFilter
GetQMPolicy
AddMMFilter
AddMMPolicy
EnumMMPolicies
EnumMMAuthMethods
SetQMPolicy
DeleteQMPolicy
SetTransportFilter
SPDApiBufferFree
SetMMFilter
MatchTunnelFilter
GetTunnelFilter
EnumQMPolicies
OpenTransportFilterHandle
GetMMFilter
EnumTunnelFilters
AddTransportFilter
AddMMAuthMethods
MatchMMFilter
OpenTunnelFilterHandle
SetMMAuthMethods
GetMMPolicyByID
EnumTransportFilters
SetTunnelFilter
QueryIPSecStatistics
DeleteTransportFilter
CloseMMFilterHandle
SetMMPolicy

ole32

HICON_UserSize
HICON_UserUnmarshal
HICON_UserFree
CoWaitForMultipleHandles
HACCEL_UserUnmarshal
CoGetCallContext
HENHMETAFILE_UserSize
CoRegisterClassObject
OleMetafilePictFromIconAndLabel
StgConvertVariantToProperty
OleRegGetMiscStatus
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoInitialize
IsAccelerator
CreateOleAdviseHolder
CoAllowSetForegroundWindow
HACCEL_UserMarshal
OleLoad
PropSysAllocString
SetErrorInfo
CoPopServiceDomain
CoMarshalHresult
CoMarshalInterface
SetConvertStg
CreateFileMoniker
CoGetInstanceFromIStorage
CoIsOle1Class
HPALETTE_UserSize
CreateILockBytesOnHGlobal
GetErrorInfo
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
CoGetPSClsid
CoFreeUnusedLibraries
STGMEDIUM_UserMarshal
StgOpenStorageOnILockBytes
CoGetDefaultContext
GetConvertStg
GetHookInterface
ComPs_NdrDllCanUnloadNow

msvcirt

??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
?sync@filebuf@@UAEHXZ
??_7ostream_withassign@@6B@
?text@filebuf@@2HB
?fail@ios@@QBEHXZ
?eatwhite@istream@@QAEXXZ
??_Dfstream@@QAEXXZ
??4stdiostream@@QAEAAV0@AAV0@@Z
??_Dostream_withassign@@QAEXXZ
??_7logic_error@@6B@
??0strstreambuf@@QAE@PADH0@Z
??0ifstream@@QAE@PBDHH@Z
?unsetf@ios@@QAEJJ@Z
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
??_Eifstream@@UAEPAXI@Z
??0filebuf@@QAE@H@Z
??_8stdiostream@@7Bostream@@@
?attach@ifstream@@QAEXH@Z
??_7istream_withassign@@6B@
?out_waiting@streambuf@@QBEHXZ
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
?str@strstream@@QAEPADXZ
??_7iostream@@6B@
??4ostream@@IAEAAV0@ABV0@@Z
?ends@@YAAAVostream@@AAV1@@Z
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
?put@ostream@@QAEAAV1@C@Z
??5istream@@QAEAAV0@AAJ@Z
??0streambuf@@QAE@ABV0@@Z
?overflow@stdiobuf@@UAEHH@Z
??0filebuf@@QAE@HPADH@Z
??0ostrstream@@QAE@PADHH@Z
??5istream@@QAEAAV0@AAH@Z
??_Gios@@UAEPAXI@Z
??6ostream@@QAEAAV0@C@Z
??_Eistream@@UAEPAXI@Z
?lockbuf@ios@@QAAXXZ
??0istream_withassign@@QAE@ABV0@@Z
?base@streambuf@@IBEPADXZ
?sputn@streambuf@@QAEHPBDH@Z
??0strstream@@QAE@ABV0@@Z
?doallocate@strstreambuf@@MAEHXZ
?tie@ios@@QAEPAVostream@@PAV2@@Z
??_Distream@@QAEXXZ
??1Iostream_init@@QAE@XZ

pdh

PdhGetDefaultPerfCounterHA
PdhCollectQueryData
PdhVbGetOneCounterPath
PdhGetCounterInfoA
PdhEnumObjectItemsA
PdhGetLogFileTypeW
PdhEnumLogSetNamesW
PdhGetFormattedCounterValue
PdhRelogA
PdhUpdateLogA
PdhGetDllVersion
PdhIsRealTimeQuery
PdhExpandWildCardPathA
PdhParseInstanceNameA
PdhExpandWildCardPathHW
PdhGetDefaultPerfObjectA
PdhMakeCounterPathW
PdhLookupPerfNameByIndexA
PdhGetDataSourceTimeRangeW
PdhGetLogSetGUID
PdhBrowseCountersHW
PdhAdd009CounterA
PdhExpandWildCardPathW
PdhCreateSQLTablesW
PdhBindInputDataSourceW
PdhVbIsGoodStatus
PdhGetFormattedCounterArrayW
PdhVbCreateCounterPathList
PdhParseInstanceNameW
PdhSetQueryTimeRange
PdhBrowseCountersA

acledit

SedTakeOwnership
SedDiscretionaryAclEditor
FMExtensionProcW
EditPermissionInfo
EditAuditInfo
DllMain
EditOwnerInfo
SedSystemAclEditor

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c252675b98f6bc85513ef680dc01d880

Headers

File Characteristics

Imports

kernel32

winipsec

ole32

msvcirt

pdh

acledit

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 1024B - Virtual size: 450KB

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 1024B - Virtual size: 450KB

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 1024B - Virtual size: 1024B