5b32f6a7a983eea202742da08634e7e57c19e483b12cb3394921e09327d49d49

Sharing

Copy URL Twitter E-mail

General

Target

5b32f6a7a983eea202742da08634e7e57c19e483b12cb3394921e09327d49d49
Size

171KB
MD5

83c96bb73003f541fb3be694f36861f5
SHA1

1abec3e8cfa9599ca202efd658c801f3c88a2664
SHA256

5b32f6a7a983eea202742da08634e7e57c19e483b12cb3394921e09327d49d49
SHA512

ed4fbe7886529c831e8916d4d30f02cf5c1a22a5700f097cdac930cfc73129a5855df2113755431419d9f6adb91523d4fc082cd95c01a5af3f2ae2a3e34ae49f
SSDEEP

3072:QP+/ATZgV3c5ssD4M5arayaW44K8XRuMnVQJ2UBW4RNIct:QmvwTarXb3JugC2UB

Score

N/A

Malware Config

Signatures

Files

5b32f6a7a983eea202742da08634e7e57c19e483b12cb3394921e09327d49d49
.dll windows x86

6a83e70a7dc8ebda7a3d0989216d4e65

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??3@YAXPAX@Z
sprintf
wcsncpy
wcscpy
wcstok
wcsstr
swprintf
_except_handler3
_wcsnicmp
wcscmp
time
_wcsicmp
wcscspn
wcschr
iswctype
_wcsupr
wcscat
wcslen
wcspbrk
_wtoi
_snwprintf
swscanf
_wtoi64
??2@YAPAXI@Z

ntdll

NtFsControlFile
RtlTimeFieldsToTime
NtOpenProcessToken
NtDuplicateToken
DbgPrint
RtlNtStatusToDosError
NtCreateFile
NtClose
NtQueryInformationToken
NtOpenThreadToken
RtlCopyLuid
RtlReleaseResource
RtlAcquireResourceExclusive
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlInitUnicodeString
RtlRunEncodeUnicodeString
NtOpenFile
DbgBreakPoint
RtlInitializeResource
RtlDeleteResource
RtlFreeHeap
RtlDosPathNameToNtPathName_U
NtQueryInformationFile
NtQueryInformationProcess
NtSetInformationThread
NtAdjustPrivilegesToken

kernel32

DeviceIoControl
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
lstrcmpW
GetFileInformationByHandle
CreateEventW
WriteFile
CreateFileW
FileTimeToSystemTime
lstrlenA
SystemTimeToFileTime
VirtualAlloc
SetEvent
VirtualProtect
ReadFile
lstrlenW
GetVersionExW
LoadLibraryW
SetLastError
LocalFree
LocalAlloc
GetLastError
GetProcAddress
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
LocalLock
LocalReAlloc
LocalUnlock
DosPathToSessionPathW
DefineDosDeviceW
QueryDosDeviceW
GetCurrentThread
CloseHandle
LocalSize
WaitForSingleObject
Sleep
InterlockedDecrement
GetCurrentThreadId
QueueUserWorkItem
InterlockedIncrement
CreateThread
FreeLibrary

rpcrt4

I_RpcBindingIsClientLocal
RpcImpersonateClient
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcBindingServerFromClient
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingFree
RpcStringFreeW
RpcServerUnregisterIf
RpcRevertToSelf
NdrServerCall2

wininet

InternetCloseHandle
InternetReadFile
InternetSetOptionW
HttpEndRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
InternetConnectW
GetUrlCacheConfigInfoW
FreeUrlCacheSpaceA
InternetOpenW
InternetWriteFile
CreateUrlCacheEntryW
CommitUrlCacheEntryW
GetUrlCacheEntryInfoW
HttpAddRequestHeadersA
HttpQueryInfoW
InternetTimeFromSystemTimeA
InternetTimeToSystemTimeW
InternetTimeFromSystemTimeW
InternetCreateUrlW
SetUrlCacheEntryInfoW
HttpSendRequestA
HttpOpenRequestW

ws2_32

WSACleanup
WSAGetLastError
WSAStartup

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

advapi32

ImpersonateLoggedOnUser
ReportEventW
RegisterServiceCtrlHandlerW
RegOpenKeyExW
RegCloseKey
SystemFunction040
OpenEncryptedFileRawW
WriteEncryptedFileRaw
EncryptFileW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetFileSecurityW
CloseEncryptedFileRaw
ReadEncryptedFileRaw
SystemFunction041
RegDisablePredefinedCache
SetServiceStatus
RegQueryValueExW
SetThreadToken
RevertToSelf
OpenThreadToken
GetUserNameW
RegisterEventSourceW
DeregisterEventSource

Exports

Exports

DavClose
DavInit
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a83e70a7dc8ebda7a3d0989216d4e65

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

rpcrt4

wininet

ws2_32

ole32

advapi32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 55KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 106KB - Virtual size: 105KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 55KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 106KB - Virtual size: 105KB

.reloc
Size: 4KB - Virtual size: 3KB