b122e8697e6bf0b3894a36b07848a6888347ab4ec2447af719c65a4b0228616f

Sharing

Copy URL

Twitter E-mail

General

Target

b122e8697e6bf0b3894a36b07848a6888347ab4ec2447af719c65a4b0228616f
Size

268KB
MD5

06203a68437ec5c87d7bba70795685a1
SHA1

30311c7300f8d986eeb766159b06ec6fb14ca3ad
SHA256

b122e8697e6bf0b3894a36b07848a6888347ab4ec2447af719c65a4b0228616f
SHA512

d5b8c53644214fcd2051c35eb5ad8f444fa740937992b733e16b39bf445e7e2285f3e005e4849765de248dc7e13f7bb78e2dd07c6644c81ebd4ed087ab020a0c
SSDEEP

6144:hkWclBM7JHVyYQOVKR73Ou4gr5Ui+fU+BL:h9RHV47bvrUtBL

Score

N/A

Malware Config

Signatures

Files

b122e8697e6bf0b3894a36b07848a6888347ab4ec2447af719c65a4b0228616f
.exe windows x86

578b9bc8b1c33bc3c517b908b0672881

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

powrprof

IsPwrHibernateAllowed
SetActivePwrScheme
ReadPwrScheme
WriteProcessorPwrScheme
IsPwrShutdownAllowed
DeletePwrScheme
ReadProcessorPwrScheme
CallNtPowerInformation
MergeLegacyPwrScheme
SetSuspendState
IsAdminOverrideActive
LoadCurrentPwrScheme
WriteGlobalPwrPolicy
IsPwrSuspendAllowed
GetActivePwrScheme
CanUserWritePwrScheme
GetCurrentPowerPolicies
GetPwrCapabilities
WritePwrScheme
ValidatePowerPolicies
GetPwrDiskSpindownRange
ReadGlobalPwrPolicy
EnumPwrSchemes

kernel32

RemoveDirectoryW
RegisterConsoleOS2
ReadConsoleInputExA
GetSystemDirectoryA
FlushInstructionCache
MulDiv
LocalAlloc
EnumResourceTypesW
SetLocalPrimaryComputerNameW
UpdateResourceW
CreateMailslotW
HeapCompact
GetCPInfoExW
WTSGetActiveConsoleSessionId
DebugActiveProcessStop
OpenSemaphoreA
WaitForMultipleObjectsEx
LZRead
VirtualAlloc
ReadConsoleOutputW
GetEnvironmentStringsW
SetConsoleCP
EnumResourceLanguagesA
FlushFileBuffers
SetComputerNameW
GetTapeParameters
TermsrvAppInstallMode
LZStart
FatalExit
CreateNamedPipeW
InterlockedPopEntrySList
DeleteFileA
FindVolumeMountPointClose
FindFirstVolumeW
SetComputerNameA
LoadLibraryA
ResumeThread
VirtualUnlock
GetACP
GetCommModemStatus
GetCurrentThread
SystemTimeToFileTime
QueryPerformanceCounter
WaitCommEvent
GetProfileIntW
RtlCaptureContext
GetConsoleFontSize

mprapi

MprInfoBlockRemove
MprAdminServerGetCredentials
MprAdminInterfaceCreate
MprAdminInterfaceTransportAdd
MprAdminInterfaceUpdateRoutes
MprAdminConnectionGetInfo
MprAdminMIBEntryGet
MprAdminUserWriteProfFlags
MprAdminTransportSetInfo
MprAdminMIBEntryDelete
MprAdminMIBEntryGetFirst
MprInfoCreate
MprAdminUpgradeUsers
MprAdminTransportGetInfo
MprAdminInterfaceGetInfo
MprAdminInterfaceDeviceGetInfo
MprConfigTransportDelete
MprAdminInterfaceUpdatePhonebookInfo
MprAdminIsServiceRunning
MprAdminGetErrorString
MprAdminPortEnum
MprConfigServerRestore
MprAdminMIBEntrySet
MprConfigBufferFree
MprConfigInterfaceTransportEnum
MprAdminInterfaceGetHandle
MprInfoBlockAdd
MprAdminServerGetInfo
MprConfigInterfaceGetHandle
MprAdminUserRead
MprAdminEstablishDomainRasServer
MprConfigServerGetInfo
MprInfoBlockQuerySize
MprAdminPortReset
MprAdminServerConnect
MprAdminInterfaceSetCredentialsEx
MprInfoDuplicate
MprConfigInterfaceDelete
MprAdminIsDomainRasServer
MprAdminBufferFree
MprConfigInterfaceEnum
MprAdminInterfaceSetCredentials
MprAdminInterfaceEnum
MprAdminPortDisconnect
MprConfigTransportEnum
MprAdminPortGetInfo
MprInfoBlockFind
MprConfigInterfaceGetInfo
MprConfigInterfaceTransportRemove
MprAdminMIBBufferFree
MprPortSetUsage
MprAdminUserClose
MprAdminInterfaceTransportRemove
MprAdminInterfaceDeviceSetInfo
MprConfigInterfaceTransportSetInfo
MprAdminMIBServerConnect
MprAdminTransportCreate
MprInfoDelete
MprConfigInterfaceTransportGetHandle
MprAdminUserWrite
MprConfigInterfaceSetInfo
MprConfigServerBackup
MprConfigTransportCreate
MprAdminDeviceEnum
MprAdminUserServerDisconnect
MprAdminInterfaceQueryUpdateResult
MprAdminInterfaceDisconnect
MprConfigServerConnect
MprAdminInterfaceGetCredentials
MprAdminConnectionEnum
MprAdminUserServerConnect

rasman

RasRegisterRedialCallback
RasPortSetProtocolCompression
RasPortGetBundle
RasGetPortUserData
RasPortDisconnect
RasInitialize
RasActivateRoute
RasFreeBuffer
RasDoIke
RasConnectionEnum
RasGetHConnFromEntry
RasGetCalledIdInfo
RasRpcPortEnum
RasInitializeNoWait
RasSetDialParams
RasGetConnectionUserData
RasProtocolEnum
RasPortGetBundledPort
RasDeviceSetInfo
RasRpcSetUserPreferences
RasServerPortClose
RasRpcDisconnect
RasPortSetInfo
RasPortGetFramingEx
RasPortSend
RasLinkGetStatistics
RasPortReceiveEx
RasRpcRemoteRasDeleteEntry
RasRpcConnectServer
RasIsTrustedCustomDll

mmcbase

?LastRefReleased@CMMCStrongReferences@@SG_NXZ
?HrFromSc@@YGJABVSC@mmcerror@@@Z
?GetHWnd@SC@mmcerror@@SGPAUHWND__@@XZ
?Throw@SC@mmcerror@@QAEXXZ
?InternalAddRef@CMMCStrongReferences@@AAEKXZ
??1?$CEventLock@UAppEvents@@@@QAE@XZ
??4CEventBuffer@@QAEAAV0@ABV0@@Z
?IsLocked@CEventBuffer@@QAE_NXZ
?SetHWnd@SC@mmcerror@@SGXPAUHWND__@@@Z
?Lock@CEventBuffer@@QAEXXZ
?FormatErrorIds@@YGXIVSC@mmcerror@@IPAG@Z
??8SC@mmcerror@@QBE_NABV01@@Z
?GetHinst@SC@mmcerror@@SGPAUHINSTANCE__@@XZ
?s_hInst@SC@mmcerror@@0PAUHINSTANCE__@@A
?GetMainThreadID@SC@mmcerror@@SGKXZ
?ScEmitOrPostpone@CEventBuffer@@QAE?AVSC@mmcerror@@PAUIDispatch@@JPAVCComVariant@ATL@@H@Z
?GetHelpID@SC@mmcerror@@QAEKXZ
?MMCErrorBox@@YGHII@Z
?AddRef@CMMCStrongReferences@@SGKXZ
?s_pDispatcher@CConsoleEventDispatcherProvider@@0PAVCConsoleEventDispatcher@@A
?GetHelpFile@SC@mmcerror@@SGPBGXZ
??0CMMCStrongReferences@@AAE@XZ
??7SC@mmcerror@@QBEHXZ
??0CEventBuffer@@QAE@ABV0@@Z
?MMCErrorBox@@YGHIVSC@mmcerror@@I@Z
??4?$CEventLock@UAppEvents@@@@QAEAAV0@ABV0@@Z
??0SC@mmcerror@@QAE@J@Z
?GetComObjectEventSource@@YGAAV?$CEventSource@VCComObjectObserver@@VCVoid@@V2@V2@V2@@@XZ
?FatalError@SC@mmcerror@@QBEXXZ
?ScFromMMC@@YG?AVSC@mmcerror@@J@Z
??0CEventBuffer@@QAE@XZ
?GetStringModule@@YGPAUHINSTANCE__@@XZ
?GetSingletonObject@CMMCStrongReferences@@CGAAV1@XZ
?Unlock@CEventBuffer@@QAEXXZ
?Trace_@SC@mmcerror@@QBEXXZ
?s_dwMainThreadID@SC@mmcerror@@0KA
?GetEventBuffer@@YGAAVCEventBuffer@@XZ

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

578b9bc8b1c33bc3c517b908b0672881

Headers

File Characteristics

Imports

powrprof

kernel32

mprapi

rasman

mmcbase

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 108KB - Virtual size: 108KB

.data Size: 1024B - Virtual size: 512KB

.rsrc Size: 183KB - Virtual size: 183KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 1024B - Virtual size: 512KB

.rsrc
Size: 183KB - Virtual size: 183KB

.reloc
Size: 1024B - Virtual size: 1024B