ec0f8a5cc597e97224b6f32f462a1e97f10380c2c45ea31a89059c1d2c08a003

Sharing

Copy URL

Twitter E-mail

General

Target

ec0f8a5cc597e97224b6f32f462a1e97f10380c2c45ea31a89059c1d2c08a003
Size

561KB
MD5

a01c8c45a9e54684ae643dd409110ac8
SHA1

2124dc39d9ba939a83fbc5782772a0e062998f92
SHA256

ec0f8a5cc597e97224b6f32f462a1e97f10380c2c45ea31a89059c1d2c08a003
SHA512

d277f8b95fd331811c04221abe1d85ef0cf09c07590fe7025c7e46a268ccd5f5f0768a91aa2c2f7fcf9167e703bc14c9a7a047084906710b41308e5a636aaeb2
SSDEEP

12288:GR83Tb42AYTX+FpUlqkdcpUwfCeUTkw3Ae7vEps:GG3/4VUt+esw3Ae7s

Score

N/A

Malware Config

Signatures

Files

ec0f8a5cc597e97224b6f32f462a1e97f10380c2c45ea31a89059c1d2c08a003
.dll windows x86

3d800d346b1c95eb65f30c323cd853fc

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtectEx
CloseHandle
TlsAlloc
LoadLibraryA
Sleep
WaitForSingleObject
FindClose
GetEnvironmentVariableA
FindNextFileA
DeviceIoControl
TlsSetValue
CreateFileW
DecodePointer
EncodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
CreateThread
WaitForSingleObjectEx
WriteConsoleW
OutputDebugStringW
OutputDebugStringA
WriteFile
HeapQueryInformation
HeapSize
HeapReAlloc
HeapFree
GetCommandLineW
GetCommandLineA
GetFileType
GetStdHandle
GetProcessHeap
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
GetACP
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetModuleFileNameA
GetSystemInfo
HeapValidate
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleExW
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsGetValue
InitializeCriticalSectionAndSpinCount
RaiseException
InterlockedFlushSList
GetModuleFileNameW
GetLastError
FindFirstFileA
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

advapi32

SystemFunction036
SetSecurityDescriptorDacl
SetEntriesInAclA
CreateServiceW
RegEnumKeyA
RegCloseKey
StartServiceCtrlDispatcherA
QueryServiceStatus
RegDeleteKeyA
RegQueryValueExA
AllocateAndInitializeSid
LookupPrivilegeValueA
SetServiceStatus
OpenServiceA
OpenThreadToken
RegOpenKeyExA
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
RegSetValueExA
ControlService
RegCreateKeyExA
OpenSCManagerA
RegisterServiceCtrlHandlerA

mprapi

MprAdminInterfaceTransportGetInfo
MprConfigServerGetInfo
MprConfigInterfaceGetInfo
MprConfigServerInstall
MprAdminTransportSetInfo
MprAdminIsServiceRunning
MprAdminInterfaceDelete
MprConfigBufferFree
MprAdminInterfaceSetInfo
MprInfoBlockSet
MprAdminMIBEntryGetNext
MprAdminMIBEntryGetFirst
MprAdminInterfaceDeviceGetInfo
MprConfigInterfaceDelete
MprConfigInterfaceGetHandle
MprAdminMIBEntryCreate
MprAdminMIBEntrySet
MprAdminMIBBufferFree
MprConfigServerBackup
MprAdminInterfaceGetCredentialsEx
MprConfigInterfaceTransportSetInfo
MprConfigTransportDelete
MprAdminInterfaceQueryUpdateResult
MprConfigServerRestore
MprConfigGetFriendlyName
MprAdminTransportGetInfo
MprAdminPortEnum
MprAdminUserSetInfo
MprAdminMIBEntryGet
MprAdminPortDisconnect
MprInfoBlockQuerySize
MprInfoDelete
MprInfoCreate
MprAdminUserGetInfo
MprAdminServerGetInfo
MprInfoBlockFind
MprAdminServerGetCredentials
MprAdminServerDisconnect
MprAdminInterfaceDeviceSetInfo
MprConfigInterfaceTransportAdd
MprInfoBlockRemove
MprAdminInterfaceSetCredentials
MprAdminServerSetCredentials
MprConfigInterfaceTransportEnum
MprConfigServerRefresh
MprConfigGetGuidName
MprAdminInterfaceGetInfo
MprAdminSendUserMessage
MprConfigTransportCreate
MprAdminTransportCreate
MprAdminRegisterConnectionNotification
MprAdminGetPDCServer
MprConfigTransportGetInfo
MprAdminPortClearStats
MprConfigTransportEnum
MprAdminInterfaceGetCredentials
MprConfigInterfaceTransportGetInfo
MprAdminInterfaceConnect
MprAdminPortGetInfo
MprAdminPortReset
MprAdminMIBServerConnect
MprConfigInterfaceSetInfo
MprAdminGetErrorString
MprAdminInterfaceTransportAdd
MprConfigInterfaceTransportRemove
MprAdminInterfaceEnum
MprAdminInterfaceDisconnect
MprInfoDuplicate
MprInfoBlockAdd
MprConfigServerConnect
MprAdminDeregisterConnectionNotification
MprAdminInterfaceSetCredentialsEx
MprAdminDeviceEnum
MprConfigTransportSetInfo
MprAdminInterfaceTransportSetInfo
MprConfigTransportGetHandle
MprAdminInterfaceUpdatePhonebookInfo
MprAdminServerConnect
MprConfigInterfaceTransportGetHandle
MprAdminInterfaceGetHandle
MprConfigInterfaceCreate
MprConfigInterfaceEnum
MprAdminInterfaceTransportRemove
MprAdminConnectionGetInfo
MprAdminMIBServerDisconnect
MprConfigServerDisconnect
MprAdminInterfaceCreate
MprAdminInterfaceUpdateRoutes
MprAdminMIBEntryDelete

Sections

.text
Size: 302KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d800d346b1c95eb65f30c323cd853fc

Code Sign

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

mprapi

Sections

.text Size: 302KB - Virtual size: 301KB

.rdata Size: 189KB - Virtual size: 188KB

.data Size: 55KB - Virtual size: 165KB

.gfids Size: 512B - Virtual size: 248B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 302KB - Virtual size: 301KB

.rdata
Size: 189KB - Virtual size: 188KB

.data
Size: 55KB - Virtual size: 165KB

.gfids
Size: 512B - Virtual size: 248B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 11KB - Virtual size: 10KB