dfde7665275251945ab0f539d6cfefcb462180120005c50185c3892a369ac8b6

Sharing

Copy URL Twitter E-mail

General

Target

dfde7665275251945ab0f539d6cfefcb462180120005c50185c3892a369ac8b6
Size

275KB
MD5

6313bbfe71768b7333ffe144299c8b70
SHA1

5e7ea41273c81a044e023ce53ee096397246df9c
SHA256

dfde7665275251945ab0f539d6cfefcb462180120005c50185c3892a369ac8b6
SHA512

476cc1ab6b9ae69b7c70f0cacd2047b426ff346524f71315309bc4340a41f030a059c86df80636b75761da62b587ce82ea5d1c53aa9d65b1f5f18d0524bb6304
SSDEEP

6144:KilKvqrIcCazlZ2TJcvlc+3hqFjdP6PexqHJ5G6+v:OvqHBZ2T+vlT34F5Pye8HDGH

Score

N/A

Malware Config

Signatures

Files

dfde7665275251945ab0f539d6cfefcb462180120005c50185c3892a369ac8b6
.exe windows x86

95ddc6ac890faad6ad318d6358e3f906

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleInputW
FreeConsole
GetSystemDirectoryW
CloseHandle
OpenProcess
GetLocalTime
GetStdHandle
SetErrorMode
CreateNamedPipeW
lstrlenW
VirtualFree
CancelIo
SetEnvironmentVariableW
DuplicateHandle
GetCPInfo
GetCurrentProcess
WaitForMultipleObjects
GetModuleFileNameA
CreateFileW
GetLastError
GetConsoleScreenBufferInfo
ReadConsoleOutputW
GetSystemDirectoryA
GetLocaleInfoW
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
GetExitCodeProcess
HeapAlloc
InitializeCriticalSection
SetUnhandledExceptionFilter
WriteConsoleW
GetConsoleCP
QueryPerformanceCounter
GenerateConsoleCtrlEvent
WriteFile
ReadConsoleOutputA
MultiByteToWideChar
GetOverlappedResult
GetACP
GetCurrentProcessId
DeleteFileA
LocalAlloc
GetSystemDefaultLCID
CreateEventW
IsDBCSLeadByte
SetEnvironmentVariableA
HeapFree
lstrcpyA
GlobalAlloc
GetConsoleMode
FormatMessageW
LoadLibraryW
GetComputerNameW
GetModuleHandleA
ReadFile
GlobalFree
FreeLibrary
AllocConsole
LoadLibraryExW
SetHandleInformation
GetCurrentThread
CreateFileA
LocalFree
FormatMessageA
GetProcessHeap
SetConsoleCtrlHandler
GlobalFindAtomW
SetLastError
WriteConsoleInputA
lstrcpyW
lstrcatA
WideCharToMultiByte
ExpandEnvironmentStringsW
GetStartupInfoA
WaitForSingleObject
SetConsoleScreenBufferSize
GetProcAddress
SetConsoleWindowInfo
ReleaseMutex

msvcrt

_itoa
??3@YAXPAX@Z
isdigit
_XcptFilter
strrchr
wcscpy
wcscmp
_wcsnicmp
free
wcsrchr
_wcsicmp
toupper
strchr
_snprintf
_cexit
__initenv
_stricmp
_strcmpi
__setusermatherr
_adjust_fdiv
towlower
__getmainargs
wcslen
__p__fmode
_snwprintf
wcscat
wcsncpy
strtoul
_c_exit
wcschr
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
calloc
sprintf
_exit
wcsncat
memmove
??2@YAPAXI@Z
_except_handler3
_controlfp
malloc
memchr
_initterm
strncpy

advapi32

CreateProcessAsUserW
LookupPrivilegeValueW
EqualSid
GetSecurityDescriptorLength
DuplicateTokenEx
GetSidIdentifierAuthority
RegCloseKey
InitializeAcl
GetLengthSid
CryptAcquireContextW
LookupAccountSidW
LsaOpenPolicy
RegOpenKeyExA
RegisterEventSourceW
FreeSid
CryptGenRandom
InitializeSecurityDescriptor
RegSetKeySecurity
IsValidSid
RegOpenKeyExW
GetSidSubAuthority
GetTokenInformation
LookupAccountNameW
LogonUserW
RegCreateKeyA
CryptReleaseContext
LsaQueryInformationPolicy
LsaFreeMemory
GetAce
AllocateAndInitializeSid
ImpersonateLoggedOnUser
RevertToSelf
OpenThreadToken
DeregisterEventSource
LsaClose
OpenProcessToken
AdjustTokenPrivileges
RegCreateKeyExW
AddAccessAllowedAce
RegLoadKeyA
RegQueryValueExW
MakeSelfRelativeSD
ReportEventW
RegOpenKeyW
GetSidSubAuthorityCount
RegSetValueExW
RegQueryValueExA
SetSecurityDescriptorDacl

netapi32

NetApiBufferFree
NetUserGetInfo
NetGetAnyDCName

user32

OpenDesktopW
GetProcessWindowStation
CloseWindowStation
LoadStringW
MapVirtualKeyW
CloseDesktop
VkKeyScanW
CharToOemA
wsprintfW
SetUserObjectSecurity

security

AcceptSecurityContext
DeleteSecurityContext
RevertSecurityContext
ImpersonateSecurityContext
FreeContextBuffer
QuerySecurityPackageInfoW
AcquireCredentialsHandleW
FreeCredentialsHandle

ntdll

RtlSubAuthorityCountSid
RtlSubAuthoritySid
RtlInitUnicodeString
DbgPrint
RtlEqualUnicodeString

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW
WNetAddConnection2W
WNetCancelConnection2W

psapi

EnumProcesses

ws2_32

WSASocketW

shell32

SHGetFolderPathW

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95ddc6ac890faad6ad318d6358e3f906

Headers

File Characteristics

Imports

kernel32

msvcrt

advapi32

netapi32

user32

security

ntdll

mpr

psapi

ws2_32

shell32

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 58KB - Virtual size: 57KB

.rsrc Size: 78KB - Virtual size: 78KB

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 58KB - Virtual size: 57KB

.rsrc
Size: 78KB - Virtual size: 78KB