4c574819a49ad8e140dfac4ed3ab1362154120209af4a5df706ae7cec66be6f0

Sharing

Copy URL Twitter E-mail

General

Target

4c574819a49ad8e140dfac4ed3ab1362154120209af4a5df706ae7cec66be6f0
Size

156KB
MD5

405197bed4c1a506e55843b18ab9ca47
SHA1

e7dc6c87e2ff4d03d57ccfefa70a5c3d6544b58f
SHA256

4c574819a49ad8e140dfac4ed3ab1362154120209af4a5df706ae7cec66be6f0
SHA512

76dee5107865177fe78e974c26551405b70f8bcacf5bb206d5f600963271d5e23698916190c8add66434b9cd21cc7ced75b919b327724682f82fea515ec1387c
SSDEEP

3072:qRtqKkHCGIiiqXTUf+RwnTu1ny2r6eMDYjCtjiEqmcXkNZ:qj/PiiqXT/enQny2r6eOECtG2cX

Score

N/A

Malware Config

Signatures

Files

4c574819a49ad8e140dfac4ed3ab1362154120209af4a5df706ae7cec66be6f0
.dll windows x86

91deedc210c913691a7a358249574566

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

secur32

FreeContextBuffer

kernel32

GetCurrentThreadId
VirtualAlloc
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualProtect
DisableThreadLibraryCalls
LoadLibraryA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LocalAlloc
LocalFree
InterlockedExchangeAdd
InterlockedIncrement
InterlockedDecrement
GetComputerNameExW
CreateEventW
CloseHandle
ExpandEnvironmentStringsW
DelayLoadFailureHook
TerminateProcess
LoadLibraryW

advapi32

CryptGenRandom
SetThreadToken
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptSetHashParam
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptSetKeyParam
RevertToSelf
RegCreateKeyExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
CryptAcquireContextW

msvcrt

wcslen
sprintf
isspace
_strnicmp
strncmp
wcscpy
time

ntdll

RtlDeregisterWait
NtAllocateLocallyUniqueId
RtlGetNtProductType
RtlInitUnicodeString
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
NtClose
RtlCompareString
RtlInitString
RtlCharToInteger
RtlEqualString
NtQuerySystemTime
RtlEqualUnicodeString
RtlRegisterWait
NtOpenThreadToken
NtQueryInformationToken
NtSetSecurityObject
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlEqualSid
RtlLengthSid
NtOpenProcessToken
RtlAllocateAndInitializeSid
RtlUpcaseUnicodeString
RtlAnsiStringToUnicodeString
RtlTimeToTimeFields
RtlSystemTimeToLocalTime
RtlDowncaseUnicodeString
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlCopyUnicodeString
RtlCompareMemory
RtlDeregisterWaitEx

Exports

Exports

ServiceMain
CredentialUpdateNotify
CredentialUpdateRegister
SpInitialize
SpInstanceInit
SpLsaModeInitialize
SpUserModeInitialize
SupportsChannelBinding

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91deedc210c913691a7a358249574566

Headers

DLL Characteristics

File Characteristics

Imports

secur32

kernel32

advapi32

msvcrt

ntdll

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 512B - Virtual size: 808B

.rsrc Size: 104KB - Virtual size: 104KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 512B - Virtual size: 808B

.rsrc
Size: 104KB - Virtual size: 104KB

.reloc
Size: 2KB - Virtual size: 1KB