ammyyadmin | 10c182e0e705aa72cdb4491752f8f2e0

Sharing

Copy URL

Twitter E-mail

General

Target

10c182e0e705aa72cdb4491752f8f2e0
Size

547KB
MD5

10c182e0e705aa72cdb4491752f8f2e0
SHA1

2412206ea3c6084a6764ee42b756f6f6a8c745d1
SHA256

e6f19ef7ad9485dbb3bcc7f5cdca8b6dd388837c72f1c0f64730fe6e85b5537b
SHA512

6b8c80c674a970dabd6b86d5a9cccf6f4c8bfe4ce28b64a3008b12ebfc16fb8b28cef9c24b352396098b751e0e7913723aa176454f9b33a69f67ffb87f731918
SSDEEP

12288:gVnvmlaX9OOr3SCQ0F+bJ8SDmH/P3veRt9ahLXhj5RAT8:gVngK3HQzJtDmXfeRtQhLxj5R/

Score

10^/10

ammyyadmin

Malware Config

Signatures

AmmyyAdmin payload 1 IoCs

Processes:

resource yara_rule

sample family_ammyyadmin
Ammyyadmin family
ammyyadmin

resource	yara_rule
sample	family_ammyyadmin

Files

10c182e0e705aa72cdb4491752f8f2e0
.exe windows:4 windows x86 arch:x86

3fdbaf65b82dcd62fa84d134e91da9d8

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

92:ef:3f:37:21:6c:5b:81:11:5d:14:b2:85:dc:ad:6b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05-06-2009 00:00

Not After

05-06-2010 23:59

Subject

CN=Ammyy Group,O=Ammyy Group,POSTALCODE=117418,STREET=Novocheremushkinskaya 53-4,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dc:78:f4:a8:13:98:66:11:75:73:db:73:23:5b:c1:68:37:7d:b1:13
Signer

Actual PE Digest

dc:78:f4:a8:13:98:66:11:75:73:db:73:23:5b:c1:68:37:7d:b1:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAIoctl
shutdown
select
__WSAFDIsSet
accept
bind
listen
ioctlsocket
send
recv
getservbyport
ntohs
gethostbyaddr
gethostbyname
getservbyname
htonl
inet_ntoa
inet_addr
socket
WSAGetLastError
htons
connect
closesocket
setsockopt
WSAStartup

gdi32

CreateRectRgn
ExtTextOutA
SetBkColor
CreatePalette
CreateCompatibleBitmap
RealizePalette
SelectPalette
UpdateColors
BitBlt
StretchBlt
SetBrushOrgEx
SetStretchBltMode
SetPixelV
SelectClipRgn
GetDIBits
GdiFlush
GetBitmapBits
CombineRgn
CreateRectRgnIndirect
GetRegionData
CreateFontIndirectA
DPtoLP
GetDeviceCaps
GetStockObject
SetBkMode
SetBitmapBits
GetObjectA
SelectObject
SetTextColor
GetSystemPaletteEntries
CreateCompatibleDC
CreateDIBSection
DeleteObject
DeleteDC

user32

VkKeyScanExA
MapVirtualKeyA
GetAsyncKeyState
GetIconInfo
MessageBeep
IntersectRect
EqualRect
OpenInputDesktop
GetUserObjectInformationA
IsWindowVisible
DrawIconEx
RegisterWindowMessageA
OpenDesktopA
EnumDesktopWindows
CloseDesktop
MsgWaitForMultipleObjects
GetDesktopWindow
mouse_event
GetThreadDesktop
SetThreadDesktop
keybd_event
GetCursorInfo
IsDialogMessageA
SetClassLongA
SetDlgItemInt
GetKeyboardState
ToAsciiEx
FindWindowA
SendMessageTimeoutA
RegisterClassExA
GetMessageA
SetTimer
MessageBoxA
SetDlgItemTextA
ReleaseDC
GetDC
GetDlgItem
EnableWindow
EndDialog
LoadImageA
GetSubMenu
GetKeyState
LoadKeyboardLayoutA
DestroyAcceleratorTable
TranslateAcceleratorA
CreateAcceleratorTableA
PeekMessageA
TranslateMessage
DispatchMessageA
CreateDialogParamA
GetCursorPos
SetCursorPos
EmptyClipboard
SetClipboardData
GetClipboardOwner
OpenClipboard
GetClipboardData
CloseClipboard
SetScrollInfo
GetFocus
GetForegroundWindow
GetWindow
WindowFromPoint
ScreenToClient
ChangeClipboardChain
DestroyWindow
EnumWindows
GetWindowThreadProcessId
GetClassNameA
GetWindowTextA
KillTimer
PostQuitMessage
ShowScrollBar
IsIconic
ScrollWindowEx
SystemParametersInfoA
SetRect
AdjustWindowRectEx
GetMenuState
GetWindowPlacement
SetWindowPlacement
GetSysColorBrush
RegisterClassA
DrawMenuBar
SetClipboardViewer
DialogBoxIndirectParamA
DialogBoxParamA
GetSystemMenu
RedrawWindow
UpdateWindow
InvalidateRect
GetClientRect
SendMessageW
SetDlgItemTextW
wsprintfA
CallWindowProcA
DefWindowProcA
GetWindowLongA
SetWindowLongA
IsWindow
GetParent
DrawTextA
SetCursor
LoadCursorA
DestroyIcon
PostThreadMessageA
GetSysColor
CreateWindowExA
PostMessageA
LoadIconA
GetDlgItemInt
SendDlgItemMessageA
GetMenuItemID
EnableMenuItem
GetMenuItemCount
CheckMenuItem
SetForegroundWindow
SetFocus
GetDlgItemTextA
SendMessageA
BeginPaint
EndPaint
AppendMenuA
SetWindowTextA
ShowWindow
GetWindowRect
GetSystemMetrics
SetWindowPos
GetMenu

shell32

ShellExecuteA
Shell_NotifyIconA
SHGetFolderPathA

msvcrt

_stat
_strlwr
__CxxFrameHandler
??3@YAXPAX@Z
_CxxThrowException
??2@YAPAXI@Z
memset
abs
sprintf
atol
strcpy
wcschr
iswspace
wcsncmp
wcslen
_wtoi
_ultow
memcmp
memcpy
strncpy
strchr
strcat
free
strtoul
calloc
strlen
strcmp
_ftol
swprintf
qsort
_purecall
strstr
wcsncpy
wcscpy
wcsrchr
vsprintf
_strdup
_stricmp
memmove
strrchr
strncmp
isdigit
atoi
isspace
wcscmp
sscanf
malloc
time
strcspn
memchr
srand
rand
exit
fprintf
_iob
_beginthreadex
_endthreadex
_errno
getenv
floor
printf
realloc
fputc
_CIpow
_CIacos
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

comctl32

CreatePropertySheetPageW
PropertySheetA
ImageList_Create
ImageList_Add
ImageList_Draw
ImageList_Destroy
CreateToolbarEx
ord17

advapi32

SetSecurityDescriptorDacl
FreeSid
RevertToSelf
ImpersonateLoggedOnUser
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartServiceA
ControlService
InitializeSecurityDescriptor
SetEntriesInAclA
AllocateAndInitializeSid
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
SetServiceStatus
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CreateServiceA
DeleteService
SetFileSecurityA

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiClassGuidsFromNameA
SetupDiDestroyDeviceInfoList

iphlpapi

GetAdaptersInfo

wininet

InternetReadFile
HttpQueryInfoA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetConnectA
InternetSetOptionA
InternetCloseHandle

dsound

ord6
ord2
ord7
ord1

kernel32

GlobalUnlock
lstrlenW
lstrlenA
InterlockedDecrement
InterlockedIncrement
QueryPerformanceCounter
QueryPerformanceFrequency
FindResourceExA
SizeofResource
LoadResource
LockResource
GetLocalTime
GetModuleFileNameW
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GlobalLock
ResetEvent
SetEvent
OpenEventA
CreateEventA
ExitProcess
SetUnhandledExceptionFilter
GetUserDefaultUILanguage
GetLocaleInfoA
GlobalAlloc
OpenProcess
GetCurrentProcess
GetSystemDirectoryW
lstrcatW
LoadLibraryW
CreateFileW
WaitNamedPipeW
ReadFile
SetLastError
GetExitCodeProcess
GetVersionExA
BeginUpdateResourceA
EndUpdateResourceA
UpdateResourceA
TerminateProcess
CreateMutexA
MultiByteToWideChar
WideCharToMultiByte
Sleep
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
SetFilePointer
WriteFile
WaitForSingleObject
CreateThread
GetStartupInfoA
CreateProcessA
GetVersion
MulDiv
LocalAlloc
LocalFree
GetExitCodeThread
MoveFileA
GetTempPathA
FindFirstFileA
DeleteFileA
SetErrorMode
FindClose
GetModuleFileNameA
CreateFileA
GetFileSize
CloseHandle
CreateDirectoryA
SetCurrentDirectoryA
SetProcessShutdownParameters
GetLastError
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
SetFileTime
GetLogicalDriveStringsA
GetComputerNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
GlobalFree
CreateDirectoryW
IsBadReadPtr
lstrcmpA
LocalFileTimeToFileTime
DeviceIoControl
lstrcpyA
SystemTimeToFileTime
GetCurrentDirectoryA
FindResourceA
DuplicateHandle
ReleaseSemaphore
CreateSemaphoreA
SetThreadPriority
TlsSetValue
GetCurrentThread
TlsAlloc
ResumeThread
TlsGetValue
InitializeCriticalSection
FindNextFileA

Sections

.text
Size: 384KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fdbaf65b82dcd62fa84d134e91da9d8

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

92:ef:3f:37:21:6c:5b:81:11:5d:14:b2:85:dc:ad:6bCertificate

Extended Key Usages

Key Usages

dc:78:f4:a8:13:98:66:11:75:73:db:73:23:5b:c1:68:37:7d:b1:13Signer

Headers

File Characteristics

Imports

ws2_32

gdi32

user32

shell32

msvcrt

msvcp60

comctl32

advapi32

setupapi

iphlpapi

wininet

dsound

kernel32

Sections

.text Size: 384KB - Virtual size: 381KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 56KB - Virtual size: 54KB

.rsrc Size: 52KB - Virtual size: 48KB

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

92:ef:3f:37:21:6c:5b:81:11:5d:14:b2:85:dc:ad:6b
Certificate

dc:78:f4:a8:13:98:66:11:75:73:db:73:23:5b:c1:68:37:7d:b1:13
Signer

.text
Size: 384KB - Virtual size: 381KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 56KB - Virtual size: 54KB

.rsrc
Size: 52KB - Virtual size: 48KB