aad237bb1f13ca07c3cdac26de79bccabb21b0adf8813d33920e9596bdff6fc4

Sharing

Copy URL Twitter E-mail

General

Target

aad237bb1f13ca07c3cdac26de79bccabb21b0adf8813d33920e9596bdff6fc4
Size

370KB
MD5

a303be32c07f28ccc88fa5d959dcc9d2
SHA1

855b5b8bb23d50419cab2069dd88320ef9eba15e
SHA256

aad237bb1f13ca07c3cdac26de79bccabb21b0adf8813d33920e9596bdff6fc4
SHA512

9e785062b05f31e717261f2b8c1618da1b7e96541597813aea623f5fc2d5a05021b0ad67bc492c2cee1e5eba1e2921b8257854ce50d7f9dc3c86a1aa193b452b
SSDEEP

6144:EOzZG2VHDiQWgI7gjTOsbRcx8RNA3GK1a5PWhV4NNQskz9dfx:EoQ+Jjas9czGEajU7jfx

Score

N/A

Malware Config

Signatures

Files

aad237bb1f13ca07c3cdac26de79bccabb21b0adf8813d33920e9596bdff6fc4
.exe windows x86

c252675b98f6bc85513ef680dc01d880

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WriteFile
ReadConsoleInputA
GetFileTime
ReadConsoleOutputAttribute
SetCriticalSectionSpinCount
LocalAlloc
SetFileAttributesW
FindAtomW
GetStringTypeExW
SetThreadIdealProcessor
RequestDeviceWakeup
DeleteTimerQueue
SetLocalPrimaryComputerNameA
GetACP
CompareStringW
GetConsoleCursorInfo
SetConsoleNumberOfCommandsW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
GetEnvironmentStringsW
SetConsoleMenuClose
WriteConsoleInputVDMA
SetConsoleOutputCP
GetLogicalDriveStringsW
GetStartupInfoA
FindNextVolumeMountPointW
GetDriveTypeA
IsBadStringPtrA
GetCurrentDirectoryW
LoadLibraryA
AddVectoredExceptionHandler
SetConsoleCursorMode
OutputDebugStringA
LoadModule
GetCurrentThread
MoveFileWithProgressW
SetThreadUILanguage
FindNextVolumeW
SetCommBreak
DeleteTimerQueueEx
GetCommProperties
EnumSystemLocalesW
HeapWalk
QueryPerformanceCounter
GetHandleInformation
MultiByteToWideChar
FindVolumeMountPointClose
SetProcessAffinityMask
GetTapeStatus
VirtualAlloc

winipsec

CloseTransportFilterHandle
AddQMPolicy
EnumMMFilters
OpenMMFilterHandle
GetMMPolicy
EnumIPSecInterfaces
SPDApiBufferAllocate
GetQMPolicyByID
CloseTunnelFilterHandle
DeleteMMFilter
AddTunnelFilter
DeleteTunnelFilter
GetQMPolicy
AddMMFilter
AddMMPolicy
EnumMMPolicies
EnumMMAuthMethods
SetQMPolicy
DeleteQMPolicy
SetTransportFilter
SPDApiBufferFree
SetMMFilter
MatchTunnelFilter
GetTunnelFilter
EnumQMPolicies
OpenTransportFilterHandle
GetMMFilter
EnumTunnelFilters
AddTransportFilter
AddMMAuthMethods
MatchMMFilter
OpenTunnelFilterHandle
SetMMAuthMethods
GetMMPolicyByID
EnumTransportFilters
SetTunnelFilter
QueryIPSecStatistics
DeleteTransportFilter
CloseMMFilterHandle
SetMMPolicy

ole32

HICON_UserSize
HICON_UserUnmarshal
HICON_UserFree
CoWaitForMultipleHandles
HACCEL_UserUnmarshal
CoGetCallContext
HENHMETAFILE_UserSize
CoRegisterClassObject
OleMetafilePictFromIconAndLabel
StgConvertVariantToProperty
OleRegGetMiscStatus
CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoInitialize
IsAccelerator
CreateOleAdviseHolder
CoAllowSetForegroundWindow
HACCEL_UserMarshal
OleLoad
PropSysAllocString
SetErrorInfo
CoPopServiceDomain
CoMarshalHresult
CoMarshalInterface
SetConvertStg
CreateFileMoniker
CoGetInstanceFromIStorage
CoIsOle1Class
HPALETTE_UserSize
CreateILockBytesOnHGlobal
GetErrorInfo
CreateStreamOnHGlobal
CoGetInterfaceAndReleaseStream
CoGetPSClsid
CoFreeUnusedLibraries
STGMEDIUM_UserMarshal
StgOpenStorageOnILockBytes
CoGetDefaultContext
GetConvertStg
GetHookInterface
ComPs_NdrDllCanUnloadNow

msvcirt

??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
?sync@filebuf@@UAEHXZ
??_7ostream_withassign@@6B@
?text@filebuf@@2HB
?fail@ios@@QBEHXZ
?eatwhite@istream@@QAEXXZ
??_Dfstream@@QAEXXZ
??4stdiostream@@QAEAAV0@AAV0@@Z
??_Dostream_withassign@@QAEXXZ
??_7logic_error@@6B@
??0strstreambuf@@QAE@PADH0@Z
??0ifstream@@QAE@PBDHH@Z
?unsetf@ios@@QAEJJ@Z
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
??_Eifstream@@UAEPAXI@Z
??0filebuf@@QAE@H@Z
??_8stdiostream@@7Bostream@@@
?attach@ifstream@@QAEXH@Z
??_7istream_withassign@@6B@
?out_waiting@streambuf@@QBEHXZ
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
?str@strstream@@QAEPADXZ
??_7iostream@@6B@
??4ostream@@IAEAAV0@ABV0@@Z
?ends@@YAAAVostream@@AAV1@@Z
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
?put@ostream@@QAEAAV1@C@Z
??5istream@@QAEAAV0@AAJ@Z
??0streambuf@@QAE@ABV0@@Z
?overflow@stdiobuf@@UAEHH@Z
??0filebuf@@QAE@HPADH@Z
??0ostrstream@@QAE@PADHH@Z
??5istream@@QAEAAV0@AAH@Z
??_Gios@@UAEPAXI@Z
??6ostream@@QAEAAV0@C@Z
??_Eistream@@UAEPAXI@Z
?lockbuf@ios@@QAAXXZ
??0istream_withassign@@QAE@ABV0@@Z
?base@streambuf@@IBEPADXZ
?sputn@streambuf@@QAEHPBDH@Z
??0strstream@@QAE@ABV0@@Z
?doallocate@strstreambuf@@MAEHXZ
?tie@ios@@QAEPAVostream@@PAV2@@Z
??_Distream@@QAEXXZ
??1Iostream_init@@QAE@XZ

pdh

PdhGetDefaultPerfCounterHA
PdhCollectQueryData
PdhVbGetOneCounterPath
PdhGetCounterInfoA
PdhEnumObjectItemsA
PdhGetLogFileTypeW
PdhEnumLogSetNamesW
PdhGetFormattedCounterValue
PdhRelogA
PdhUpdateLogA
PdhGetDllVersion
PdhIsRealTimeQuery
PdhExpandWildCardPathA
PdhParseInstanceNameA
PdhExpandWildCardPathHW
PdhGetDefaultPerfObjectA
PdhMakeCounterPathW
PdhLookupPerfNameByIndexA
PdhGetDataSourceTimeRangeW
PdhGetLogSetGUID
PdhBrowseCountersHW
PdhAdd009CounterA
PdhExpandWildCardPathW
PdhCreateSQLTablesW
PdhBindInputDataSourceW
PdhVbIsGoodStatus
PdhGetFormattedCounterArrayW
PdhVbCreateCounterPathList
PdhParseInstanceNameW
PdhSetQueryTimeRange
PdhBrowseCountersA

acledit

SedTakeOwnership
SedDiscretionaryAclEditor
FMExtensionProcW
EditPermissionInfo
EditAuditInfo
DllMain
EditOwnerInfo
SedSystemAclEditor

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c252675b98f6bc85513ef680dc01d880

Headers

File Characteristics

Imports

kernel32

winipsec

ole32

msvcirt

pdh

acledit

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 1024B - Virtual size: 450KB

.rsrc Size: 116KB - Virtual size: 116KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 1024B - Virtual size: 450KB

.rsrc
Size: 116KB - Virtual size: 116KB

.reloc
Size: 1024B - Virtual size: 1024B