a932ec2c6f99079988785376b889f856f785067a32a39174c259baf0a1254dc5

Sharing

Copy URL Twitter E-mail

General

Target

a932ec2c6f99079988785376b889f856f785067a32a39174c259baf0a1254dc5
Size

866KB
MD5

679e8fc38d02d3a1f9e084898e48e89f
SHA1

5cd4548fba1bc6a96ae2183121924ce053b78eea
SHA256

a932ec2c6f99079988785376b889f856f785067a32a39174c259baf0a1254dc5
SHA512

a2d9cc8808dd827a8950c698e949e45a776ef316afee8b88dbdc2974a4fbbb9b7408cbf6325573290413846b3f5f19a384c7a31868c4fa40e810525291e54105
SSDEEP

24576:rqun+iTmDkfB2whlOynhh6K3xExdYgw8YP:rqunrTmYEXynnJqYgw8Y

Score

N/A

Malware Config

Signatures

Files

a932ec2c6f99079988785376b889f856f785067a32a39174c259baf0a1254dc5
.exe windows x86

f435f6be8942307149c5982f78fd4893

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt40

_putch
??1strstream@@UAE@XZ
?open@filebuf@@QAEPAV1@PBDHH@Z
_execvp
??_8istrstream@@7B@
wcscspn
_itoa
atexit
_findfirst
?get@istream@@QAEAAV1@PAEHD@Z
_CIcos
_hypot
?flush@ostream@@QAEAAV1@XZ
_findclose
_isnan
perror
_chsize
?cin@@3Vistream_withassign@@A
_fpreset
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
_fstat
_wcsupr
fmod
fclose
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
tanh
_ismbbkalnum
?attach@fstream@@QAEXH@Z
_findfirsti64
_mbsnbcnt
_chmod
??6ostream@@QAEAAV0@M@Z
_spawnl
rewind
??_7stdiobuf@@6B@
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
__p__fmode
??4bad_typeid@@QAEAAV0@ABV0@@Z
strncat
??0istream@@QAE@PAVstreambuf@@@Z
??1logic_error@@UAE@XZ
??0fstream@@QAE@PBDHH@Z
_tzset
??0stdiobuf@@QAE@ABV0@@Z
_mbcjmstojis
??_Distream@@QAEXXZ
?get@istream@@IAEAAV1@PADHH@Z
?underflow@filebuf@@UAEHXZ
??0ifstream@@QAE@PBDHH@Z
_CItanh
_adj_fdiv_m64
cos
isalnum
_wopen
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
_putenv
??_Dostream_withassign@@QAEXXZ
_copysign
??_Dofstream@@QAEXXZ
?attach@ofstream@@QAEXH@Z
isxdigit
??6ostream@@QAEAAV0@PBD@Z
_cprintf
localtime

kernel32

GlobalMemoryStatus
GlobalUnlock
WritePrivateProfileStringA
SetFileTime
GlobalUnWire
MapUserPhysicalPages
GetNumberFormatA
RtlCaptureStackBackTrace
GetThreadContext
SetLocalTime
EnumResourceNamesW
GetConsoleAliasesLengthW
SetConsoleCursor
FindActCtxSectionGuid
SetFilePointerEx
GetFirmwareEnvironmentVariableA
GetWindowsDirectoryA
Heap32ListNext
GetSystemTimeAsFileTime
OutputDebugStringA
GetNumaProcessorNode
SetConsoleMaximumWindowSize
CmdBatNotification
GetProcessShutdownParameters
QueryMemoryResourceNotification
GetVolumeNameForVolumeMountPointA
LoadLibraryA
GlobalHandle
SetThreadIdealProcessor
LZCopy
GetNamedPipeHandleStateA
VirtualAlloc
GetVersionExA
BaseCheckAppcompatCache
GetConsoleAliasExesLengthA
OpenMutexA
GetQueuedCompletionStatus
WaitNamedPipeW
LocalUnlock
VirtualQueryEx
QueryInformationJobObject
GetNativeSystemInfo
MapUserPhysicalPagesScatter
CreateTimerQueueTimer
GlobalSize
GetSystemDefaultLangID
CreateDirectoryA
lstrcpyn
EnumSystemCodePagesW
InterlockedPushEntrySList

mprapi

MprAdminInterfaceQueryUpdateResult
MprAdminConnectionEnum
MprAdminGetPDCServer
MprAdminServerGetCredentials
MprInfoBlockFind
MprAdminInterfaceConnect
MprAdminInterfaceTransportGetInfo
MprConfigTransportSetInfo
MprAdminUserSetInfo
MprAdminSendUserMessage
MprConfigServerInstall
MprAdminMIBEntryGetFirst
MprAdminUserWrite
MprInfoDelete
MprAdminInterfaceSetCredentialsEx
MprAdminInterfaceSetInfo
MprConfigTransportGetInfo
MprConfigTransportCreate
MprAdminUserReadProfFlags
MprAdminServerConnect
MprAdminIsServiceRunning
MprConfigInterfaceTransportEnum
MprAdminConnectionGetInfo
MprAdminPortReset
MprConfigInterfaceTransportRemove
MprConfigServerConnect
MprAdminDeregisterConnectionNotification
RasPrivilegeAndCallBackNumber
MprAdminInterfaceSetCredentials
MprPortSetUsage
MprConfigTransportDelete
MprAdminMIBEntryDelete
MprInfoRemoveAll
MprAdminUserOpen
MprAdminMIBEntryCreate
MprAdminServerSetCredentials
MprAdminUserWriteProfFlags
MprInfoBlockQuerySize
MprAdminInterfaceGetCredentials
MprGetUsrParams
MprAdminInterfaceDelete
MprConfigInterfaceSetInfo
MprAdminUserGetInfo

ntdll

RtlFlushSecureMemoryCache
ZwLockProductActivationKeys
NtReleaseMutant
ZwRenameKey
NtOpenSymbolicLinkObject
RtlUnicodeStringToCountedOemString
NtMakeTemporaryObject
RtlCreateAcl
RtlNtPathNameToDosPathName
ZwShutdownSystem
ZwDeleteBootEntry
_itoa
NtRegisterThreadTerminatePort
ZwLockFile
NtReadFile
RtlNewSecurityObjectWithMultipleInheritance
_i64toa
NtSetHighEventPair
wcstol
NtCreateKey
NtQuerySystemEnvironmentValueEx
ZwPowerInformation
RtlEnumerateGenericTableWithoutSplaying
ZwSetTimerResolution
_ui64tow

netshell

HrGetIconFromMediaType
StartNCW
DllGetClassObject
HrRenameConnection
HrCreateDesktopIcon
NcIsValidConnectionName
NcFreeNetconProperties
HrLaunchConnectionEx
HrLaunchConnection

ws2_32

closesocket
WSCDeinstallProvider
WSACreateEvent
ntohs
WSAAsyncGetProtoByNumber
inet_addr
WSAEnumProtocolsA
WSAAccept
__WSAFDIsSet
WSAGetOverlappedResult
WPUCompleteOverlappedRequest
WSAInstallServiceClassW
WSAEnumNameSpaceProvidersA
connect
WSCEnumProtocols
WSARecvDisconnect
WSANtohl
WSAStringToAddressW
getaddrinfo
WSAAsyncGetProtoByName
WSASetBlockingHook
gethostbyaddr
WSALookupServiceBeginA
freeaddrinfo
inet_ntoa
getprotobyname
getsockname
WSADuplicateSocketA
WSANSPIoctl

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 231KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f435f6be8942307149c5982f78fd4893

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt40

kernel32

mprapi

ntdll

netshell

ws2_32

Sections

.text Size: 312KB - Virtual size: 312KB

.rdata Size: 320KB - Virtual size: 320KB

.data Size: 231KB - Virtual size: 1.6MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 312KB - Virtual size: 312KB

.rdata
Size: 320KB - Virtual size: 320KB

.data
Size: 231KB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B