76a91b1e092e66bf902df2e21c27652c5341ede4

Sharing

Copy URL Twitter E-mail

General

Target

76a91b1e092e66bf902df2e21c27652c5341ede4
Size

405KB
MD5

fa6da92ac7ec0610d6b3a0a3c3a50af9
SHA1

76a91b1e092e66bf902df2e21c27652c5341ede4
SHA256

e51d139cf98e999d86bc9cb0cb5fd0ba38bbebb97719299b30921c9a978ece87
SHA512

2ceaad13bb0161534e0a4077bb412a31c72565218561c90574915428a9cf222c3a2af76f2b31bd4958ae883db51ac714e57cd13807c4888b910fd7e59bba34bb
SSDEEP

12288:JFDnoOeIq5DdmdMH1ZrZmN/QDX42b0Hr:zReh9dmj/E4k

Score

N/A

Malware Config

Signatures

Files

76a91b1e092e66bf902df2e21c27652c5341ede4
.exe windows x86

e1ca03b6bc24f1f5867d8442934c150d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasSetAutodialEnableA
RasIsSharedConnection
RasGetEntryHrasconnW
RasGetCredentialsW
DDMGetPhonebookInfo
RasCreatePhonebookEntryA
RasScriptInit
RasSetEntryDialParamsA
RasHangUpA
RasGetCustomAuthDataW
RasCreatePhonebookEntryW
DwCloneEntry
RasDialA
RasGetSubEntryHandleA
RasSetEapUserDataA
RasGetEntryPropertiesA
RasGetEapUserIdentityA
RasConnectionNotificationA
RasGetAutodialParamW
UnInitializeRAS
RasSetEntryDialParamsW
RasValidateEntryNameA
RasSetCustomAuthDataW
RasGetCountryInfoW
RasGetHport
RasGetEntryPropertiesW
RasDeleteEntryW
RasScriptTerm
RasEnumEntriesW
RasSetAutodialEnableW
RasAutodialEntryToNetwork
RasEnumConnectionsW

kernel32

AddAtomW
GetFullPathNameW
HeapFree
LocalSize
QueueUserAPC
GetLogicalDrives
HeapValidate
GetModuleFileNameA
PrepareTape
WTSGetActiveConsoleSessionId
VirtualAlloc
HeapCreate
InterlockedIncrement
SetFileShortNameA
CompareStringW
CopyLZFile
LocalAlloc
LoadLibraryA
GetThreadPriority
BackupRead
PeekConsoleInputA
DeleteFileA
GetStartupInfoW
SetComputerNameExA
SetThreadLocale
CreateActCtxA
UnmapViewOfFile
GetTickCount
QueryPerformanceFrequency
SetCurrentDirectoryA
SetCommTimeouts
GetGeoInfoA
InitializeSListHead
EraseTape
FoldStringW
CreateEventW
SetHandleCount
DeleteTimerQueue
GetCurrencyFormatW
GetOverlappedResult
SetConsoleCursor
GetLocaleInfoW
GetExitCodeProcess
GlobalUnfix

apphelp

SdbGetDatabaseVersion
SdbGetDatabaseID
SdbTagRefToTagID
SdbCreateMsiTransformFile
SdbReleaseDatabase
SdbOpenApphelpDetailsDatabase
SdbFindFirstMsiPackage
SdbReadBinaryTag
SdbEnumMsiTransforms
SdbReadWORDTag
SdbGetNextChild
SdbGetTagFromTagID
SdbInitDatabase
SdbReadStringTag
ApphelpCheckRunApp
AllowPermLayer
ApphelpCheckMsiPackage
SdbReadBYTETag
SetPermLayers
SdbGetStandardDatabaseGUID
ApphelpCheckIME
SdbFindNextTag
SdbFindNextMsiPackage
ApphelpGetNTVDMInfo
SdbGrabMatchingInfo
SdbFindFirstTag
SdbOpenApphelpInformation
SdbOpenDatabase
SdbGetBinaryTagData
SdbResolveDatabase
ApphelpFixMsiPackageExe
SdbFindFirstTagRef
SdbGetFirstChild
SdbReadEntryInformation
SdbTagIDToTagRef
SdbCloseDatabase
ShimFlushCache
ApphelpUpdateCacheEntry
SdbSetPermLayerKeys
SdbRegisterDatabase
SdbDeletePermLayerKeys
SdbReadMsiTransformInfo
ApphelpFixMsiPackage
GetPermLayers

ifsutil

?QueryMediaByte@DP_DRIVE@@QBEEXZ
?Initialize@LOG_IO_DP_DRIVE@@QAEEPBVWSTRING@@0PAVMESSAGE@@E@Z
?QueryParents@DIGRAPH@@QBEEKPAVNUMBER_SET@@@Z
?GetFirst@TLINK@@QAEPAXXZ
??0DIGRAPH_EDGE@@QAE@XZ
?Read@IO_DP_DRIVE@@QAEEVBIG_INT@@KPAX@Z
?CheckValidSecurityDescriptor@IFS_SYSTEM@@SGEKPAU_SECURITY_DESCRIPTOR@@@Z
?QueryDriveName@MOUNT_POINT_MAP@@QAEEPAVWSTRING@@0@Z
??1LOG_IO_DP_DRIVE@@UAE@XZ
?QueryCanonicalNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?CheckAndAdd@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?GetAt@MOUNT_POINT_MAP@@QAEEKPAVWSTRING@@0@Z
?SendSonyMSModeSenseCmd@DP_DRIVE@@QAEEPAUSONY_MS_MODE_SENSE_DATA@@@Z
?RestoreThreadExecutionState@@YGXJK@Z
??1NUMBER_SET@@UAE@XZ
?RemoveAll@SPARSE_SET@@QAEEXZ
?Remove@NUMBER_SET@@QAEEPBV1@@Z
??1DIGRAPH@@UAE@XZ
?AddStart@NUMBER_SET@@QAEEVBIG_INT@@@Z
?Initialize@MOUNT_POINT_MAP@@QAEEXZ
?DismountVolume@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?Push@INTSTACK@@QAEEVBIG_INT@@@Z
??1TLINK@@UAE@XZ
?InvalidateVolume@IO_DP_DRIVE@@QAEEXZ
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@@Z
?NtDriveNameToDosDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
??0DIGRAPH@@QAE@XZ
?QuerySectors@DP_DRIVE@@UBE?AVBIG_INT@@XZ
?Look@INTSTACK@@QBE?AVBIG_INT@@K@Z
?EnableVolumeCompression@IFS_SYSTEM@@SGEPBVWSTRING@@@Z
?CheckAndRemove@NUMBER_SET@@QAEEVBIG_INT@@PAE@Z
?IsEntryPresent@AUTOREG@@SGEPBVWSTRING@@0@Z
?QueryNtfsTime@IFS_SYSTEM@@SGXPAT_LARGE_INTEGER@@@Z
?Initialize@SECRUN@@QAEEPAVMEM@@PAVIO_DP_DRIVE@@VBIG_INT@@K@Z
??0READ_WRITE_CACHE@@QAE@XZ
?QueryParentsWithChildren@DIGRAPH@@QBEEPAVNUMBER_SET@@K@Z
??0CANNED_SECURITY@@QAE@XZ
?SendSonyMSInquiryCmd@DP_DRIVE@@QAEEPAUSONY_MS_INQUIRY_DATA@@@Z
?Initialize@DP_DRIVE@@QAEEPBVWSTRING@@PAVMESSAGE@@EEG@Z
?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@E@Z
?Verify@IO_DP_DRIVE@@QAEEVBIG_INT@@0PAVNUMBER_SET@@@Z

msvcirt

??_Dostream_withassign@@QAEXXZ
?setmode@ifstream@@QAEHH@Z
??_8ifstream@@7B@
??4istream@@IAEAAV0@PAVstreambuf@@@Z
?pcount@ostrstream@@QBEHXZ
??_Dostrstream@@QAEXXZ
?sputc@streambuf@@QAEHH@Z
?bitalloc@ios@@SAJXZ
?setmode@fstream@@QAEHH@Z
??1istream@@UAE@XZ
?get@istream@@QAEAAV1@AAC@Z
??1ostrstream@@UAE@XZ
??0ostream_withassign@@QAE@PAVstreambuf@@@Z
??_Estreambuf@@UAEPAXI@Z
??0exception@@QAE@ABQBD@Z
??0ofstream@@QAE@HPADH@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?pcount@strstream@@QBEHXZ
??0ifstream@@QAE@H@Z
?x_maxbit@ios@@0JA
??_Gstdiobuf@@UAEPAXI@Z
?setp@streambuf@@IAEXPAD0@Z
??_Dfstream@@QAEXXZ
??Bios@@QBEPAXXZ
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
?flush@ostream@@QAEAAV1@XZ
?gbump@streambuf@@IAEXH@Z
?underflow@stdiobuf@@UAEHXZ
?opfx@ostream@@QAEHXZ
??6ostream@@QAEAAV0@C@Z
??1ostream@@UAE@XZ
?sgetn@streambuf@@QAEHPADH@Z
?attach@fstream@@QAEXH@Z
??_Estrstream@@UAEPAXI@Z
?clrlock@ios@@QAAXXZ
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z

msi

MsiGetProductCodeW
MsiCollectUserInfoW
MsiPreviewDialogW
MsiReinstallFeatureFromDescriptorW
MsiEnumComponentsA
MsiCloseAllHandles
MsiCreateTransformSummaryInfoW
DllGetVersion
MsiLoadStringW
MsiEnumFeaturesW
MsiViewClose
MsiPreviewBillboardA
MsiSetExternalUIW
MsiGetProductInfoFromScriptW
MsiSetExternalUIA
MsiConfigureFeatureW
MsiSummaryInfoPersist
MsiGetFeatureValidStatesA
MsiGetProductCodeFromPackageCodeA
MsiProvideComponentA
MsiSetFeatureStateA
MsiProcessAdvertiseScriptW
MsiEnumRelatedProductsA
MsiSummaryInfoGetPropertyA
MsiEnumClientsW
MsiEvaluateConditionA
MsiReinstallFeatureA
MsiLocateComponentA
MsiCreateTransformSummaryInfoA
MsiEnableLogW
MsiQueryProductStateA
MsiSetComponentStateA
MsiReinstallProductW
MsiEnumComponentsW
MsiProvideQualifiedComponentW
MsiEnumPatchesA
MsiInstallMissingComponentW
MsiInvalidateFeatureCache
MsiGetProductCodeFromPackageCodeW
MsiMessageBoxA
MsiAdvertiseProductExW
MsiInstallMissingComponentA

wininet

InternetGetPerSiteCookieDecisionA
HttpSendRequestExA
InternetSecurityProtocolToStringA
InternetWriteFileExA
InternetGetLastResponseInfoA
FtpGetCurrentDirectoryW
InternetSetCookieExA
FindNextUrlCacheContainerW
InternetGetPerSiteCookieDecisionW
GetUrlCacheConfigInfoA
InternetQueryFortezzaStatus
HttpEndRequestW
ShowCertificate
InternetSecurityProtocolToStringW
InternetCanonicalizeUrlA
PrivacyGetZonePreferenceW
HttpCheckDavCompliance
ShowSecurityInfo
InternetReadFile
InternetCreateUrlW
InternetAttemptConnect
SetUrlCacheEntryInfoA
ParseX509EncodedCertificateForListBoxEntry
InternetCombineUrlW
FindFirstUrlCacheEntryW
GetUrlCacheConfigInfoW
SetUrlCacheGroupAttributeA
InternetTimeToSystemTimeW
RunOnceUrlCache
LoadUrlCacheContent
InternetLockRequestFile
GopherGetAttributeW
FindNextUrlCacheGroup
SetUrlCacheEntryGroupW
ReadUrlCacheEntryStream
FtpGetFileSize
InternetAlgIdToStringA
SetUrlCacheConfigInfoA

Sections

.text
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 531KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1ca03b6bc24f1f5867d8442934c150d

Headers

File Characteristics

Imports

rasapi32

kernel32

apphelp

ifsutil

msvcirt

msi

wininet

Sections

.text Size: 253KB - Virtual size: 253KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 84KB - Virtual size: 531KB

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 253KB - Virtual size: 253KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 84KB - Virtual size: 531KB

.rsrc
Size: 19KB - Virtual size: 19KB