ammyyadmin | 4a9b69734b1ff51dd357edc6addf122e43b08ea7e36d62026b4a27a8da8ad26c

Sharing

Copy URL

Twitter E-mail

General

Target

4a9b69734b1ff51dd357edc6addf122e43b08ea7e36d62026b4a27a8da8ad26c
Size

306KB
MD5

1eef4d3f5b8d2094ffeeb683b81bf514
SHA1

085f744ae5a59616d0ed18e574c379c3731f362f
SHA256

4a9b69734b1ff51dd357edc6addf122e43b08ea7e36d62026b4a27a8da8ad26c
SHA512

50bf2bb6d028a4785ef2d23bcd965f721326e99581f50fc304f13e2c78386b8d2e97235164686ac95ac2c9789602a358a240f9de4adfaeee3fb7120efe2a868f
SSDEEP

6144:nBu/emAB6ghBUhnV6Gae6zjunPGxnRgXukHu48hBWTntyFy4kog9x1ciqUzkhUyU:8/eBuX61eUc+gO4zkfmKiqUzkeyZm

Score

10^/10

ammyyadmin

Malware Config

Signatures

AmmyyAdmin payload 1 IoCs

resource	yara_rule
static1/unpack001/AMMYY_Admin.exe	family_ammyyadmin

Ammyyadmin family
ammyyadmin

Files

4a9b69734b1ff51dd357edc6addf122e43b08ea7e36d62026b4a27a8da8ad26c
.rar
AMMYY_Admin.exe
.exe windows:4 windows x86 arch:x86

ffb5ae016ce323172126d82e6bfb166f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

92:ef:3f:37:21:6c:5b:81:11:5d:14:b2:85:dc:ad:6b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05-06-2009 00:00

Not After

05-06-2010 23:59

Subject

CN=Ammyy Group,O=Ammyy Group,POSTALCODE=117418,STREET=Novocheremushkinskaya 53-4,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d8:5e:a5:94:9e:38:1a:bb:ef:75:84:37:4b:f2:cd:3b:83:eb:59:57
Signer

Actual PE Digest

d8:5e:a5:94:9e:38:1a:bb:ef:75:84:37:4b:f2:cd:3b:83:eb:59:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAGetLastError
send
recv
shutdown
__WSAFDIsSet
accept
bind
listen
ioctlsocket
getservbyport
ntohs
gethostbyaddr
gethostbyname
getservbyname
htonl
inet_ntoa
inet_addr
socket
htons
connect
setsockopt
WSAIoctl
WSACleanup
WSAStartup
select
closesocket

gdi32

SetPixelV
GetSystemPaletteEntries
GetDIBits
GdiFlush
CombineRgn
CreateRectRgnIndirect
GetRegionData
SetStretchBltMode
CreateFontIndirectA
DPtoLP
GetDeviceCaps
GetStockObject
SetBkMode
SetBitmapBits
CreateDIBSection
DeleteDC
SetBrushOrgEx
StretchBlt
BitBlt
UpdateColors
SelectPalette
RealizePalette
CreateCompatibleBitmap
CreatePalette
CreateRectRgn
SelectClipRgn
SetBkColor
ExtTextOutA
GetBitmapBits
GetObjectA
SelectObject
SetTextColor
DeleteObject
CreateCompatibleDC

user32

FindWindowA
VkKeyScanExA
MapVirtualKeyA
GetIconInfo
SendMessageTimeoutA
SystemParametersInfoW
IntersectRect
EqualRect
OpenInputDesktop
GetUserObjectInformationA
DefWindowProcA
IsWindowVisible
EmptyClipboard
SetClipboardData
DrawIconEx
RegisterClassExA
OpenDesktopA
EnumDesktopWindows
CloseDesktop
GetDesktopWindow
MsgWaitForMultipleObjects
PeekMessageA
mouse_event
GetThreadDesktop
GetMessageA
SetTimer
MessageBoxA
wsprintfA
SetDlgItemTextA
ReleaseDC
SetThreadDesktop
keybd_event
GetCursorInfo
IsDialogMessageA
SetDlgItemInt
TranslateMessage
DispatchMessageA
GetKeyboardState
ToAsciiEx
LoadKeyboardLayoutA
DestroyAcceleratorTable
TranslateAcceleratorA
GetDC
SetDlgItemTextW
GetDlgItem
EnableWindow
EndDialog
LoadImageA
GetSubMenu
GetMenu
SetWindowLongA
CreateAcceleratorTableA
wsprintfW
ReleaseCapture
SetCapture
MoveWindow
GetAsyncKeyState
RegisterClassExW
DestroyCursor
MessageBeep
MessageBoxW
GetCursorPos
SetCursorPos
GetSystemMetrics
GetClipboardOwner
OpenClipboard
GetClipboardData
CloseClipboard
SetScrollInfo
GetFocus
GetWindow
WindowFromPoint
ScreenToClient
SetClassLongW
ChangeClipboardChain
PostQuitMessage
EnumWindows
GetClassNameA
GetWindowTextA
KillTimer
GetWindowLongW
SetRect
SetWindowPos
ShowScrollBar
IsIconic
ScrollWindowEx
SystemParametersInfoA
AdjustWindowRectEx
GetMenuState
GetWindowRect
GetWindowPlacement
SetWindowPlacement
GetSysColorBrush
RegisterClassW
DrawMenuBar
SetClipboardViewer
DrawTextA
DialogBoxIndirectParamA
DialogBoxParamA
CallWindowProcW
CallWindowProcA
DefWindowProcW
SetWindowLongW
IsWindowUnicode
GetSystemMenu
RedrawWindow
UpdateWindow
InvalidateRect
SendMessageW
CreateWindowExW
DrawStateA
DrawEdge
IsWindow
GetParent
DestroyWindow
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetActiveWindow
SetCursor
LoadCursorA
DestroyIcon
PostThreadMessageA
GetSysColor
CreateWindowExA
BeginPaint
EndPaint
PostMessageA
LoadIconA
GetKeyState
GetDlgItemInt
SendDlgItemMessageA
SetWindowTextW
SetMenuItemInfoW
GetMenuItemID
EnableMenuItem
GetMenuItemCount
CheckMenuItem
SetForegroundWindow
SetFocus
AppendMenuA
SetWindowTextA
ShowWindow
GetClientRect
SendMessageA
GetWindowLongA

shell32

ShellExecuteA
ShellExecuteExW
SHGetFileInfoW
SHGetFolderPathW
SHGetSpecialFolderPathW
Shell_NotifyIconA

msvcrt

_strnicmp
_strlwr
__CxxFrameHandler
strlen
isspace
memchr
_errno
strtol
isdigit
strstr
memcpy
??2@YAPAXI@Z
_purecall
_stricmp
_CxxThrowException
atol
memset
atoi
abs
sprintf
wcscmp
swprintf
wcscpy
_wtol
strcpy
iswspace
wcsncmp
wcslen
_wtoi
_ultow
wcschr
memcmp
strncpy
strchr
strcat
free
strtoul
calloc
strcmp
_ftol
wcsncpy
wcsrchr
vsprintf
vswprintf
memmove
strrchr
strncmp
mbstowcs
iswdigit
_beginthreadex
sscanf
_endthreadex
_i64tow
malloc
wcscat
time
srand
rand
exit
fprintf
_iob
getenv
floor
printf
realloc
fputc
_CIpow
_CIacos
__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_wcsrev
_wcsicmp

secur32

QuerySecurityPackageInfoA
FreeCredentialsHandle
InitializeSecurityContextA
AcquireCredentialsHandleA
FreeContextBuffer
CompleteAuthToken

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiClassGuidsFromNameA

advapi32

ConvertSidToStringSidA
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
FreeSid
SetFileSecurityW
SetSecurityDescriptorDacl
SetEntriesInAclA
AllocateAndInitializeSid
ImpersonateLoggedOnUser
RevertToSelf
GetUserNameA
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerExA
SetServiceStatus
SetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
CreateServiceW
DeleteService
ControlService
StartServiceA
RegCreateKeyExA
RegQueryValueExW
RegSetValueExW
RegSetValueExA
RegDeleteKeyA
InitializeSecurityDescriptor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

userenv

LoadUserProfileA
UnloadUserProfile

comctl32

CreateToolbarEx
ImageList_Draw
ImageList_Add
ImageList_Create
ord17
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_Destroy
_TrackMouseEvent
CreatePropertySheetPageW
PropertySheetW

wininet

HttpSendRequestA
HttpQueryInfoA
InternetConnectA
InternetSetOptionA
InternetCloseHandle
InternetReadFile
InternetOpenA
HttpOpenRequestA

dsound

ord7
ord6
ord2
ord1

kernel32

FindResourceExA
SizeofResource
LoadResource
LockResource
GetLocalTime
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEvent
OpenEventA
CreateEventA
ExitProcess
SetUnhandledExceptionFilter
CompareFileTime
QueryPerformanceFrequency
GetSystemDirectoryW
lstrcatW
LoadLibraryW
WaitNamedPipeW
ReadFile
SetLastError
GetExitCodeProcess
BeginUpdateResourceW
QueryPerformanceCounter
UpdateResourceA
TerminateProcess
CreateMutexA
Sleep
GetSystemDirectoryA
OpenProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
LoadLibraryA
FreeLibrary
GetFileSize
SetFilePointer
WriteFile
WaitForSingleObject
CreateThread
GetStartupInfoW
CreateProcessW
GetVersion
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
LocalAlloc
GetExitCodeThread
SystemTimeToFileTime
MoveFileW
DeleteFileW
GetTempPathW
CreateFileW
FindFirstFileW
FindClose
GetUserDefaultUILanguage
GetModuleHandleA
GetProcAddress
GetLocaleInfoA
CreateFileA
DeviceIoControl
CreateDirectoryW
SetCurrentDirectoryW
SetProcessShutdownParameters
GetVersionExA
GetCurrentProcess
GetLastError
CloseHandle
LocalFree
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrlenW
GlobalUnlock
GlobalLock
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
GetComputerNameA
GlobalAlloc
GetDriveTypeW
RemoveDirectoryW
FindNextFileW
SetFileAttributesW
GetLogicalDrives
GetFileTime
SetFileTime
GlobalFree
CreateDirectoryA
IsBadReadPtr
lstrcmpA
LocalFileTimeToFileTime
EndUpdateResourceW
lstrcpyA
GetCurrentDirectoryA
FindResourceA
DuplicateHandle
ReleaseSemaphore
CreateSemaphoreA
SetThreadPriority
TlsSetValue
GetCurrentThread
TlsAlloc
ResumeThread
TlsGetValue
InterlockedExchange
GetStartupInfoA
GetSystemTimeAsFileTime

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffb5ae016ce323172126d82e6bfb166f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

92:ef:3f:37:21:6c:5b:81:11:5d:14:b2:85:dc:ad:6bCertificate

Extended Key Usages

Key Usages

d8:5e:a5:94:9e:38:1a:bb:ef:75:84:37:4b:f2:cd:3b:83:eb:59:57Signer

Headers

File Characteristics

Imports

ws2_32

gdi32

user32

shell32

msvcrt

secur32

setupapi

advapi32

comdlg32

userenv

comctl32

wininet

dsound

kernel32

Sections

.text Size: 444KB - Virtual size: 443KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 76KB - Virtual size: 75KB

.rsrc Size: 68KB - Virtual size: 64KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

92:ef:3f:37:21:6c:5b:81:11:5d:14:b2:85:dc:ad:6b
Certificate

d8:5e:a5:94:9e:38:1a:bb:ef:75:84:37:4b:f2:cd:3b:83:eb:59:57
Signer

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 76KB - Virtual size: 75KB

.rsrc
Size: 68KB - Virtual size: 64KB