b07ec92120df962c9e3cc45df34c0d918d28366f32f8bc8174e63b5db8c20045

Sharing

Copy URL Twitter E-mail

General

Target

b07ec92120df962c9e3cc45df34c0d918d28366f32f8bc8174e63b5db8c20045
Size

238KB
MD5

74c0278c294841b707e6ecb4b766eeb0
SHA1

06d9ccf9bb3eea1bd3aa6a8c59b84d3c570909d4
SHA256

b07ec92120df962c9e3cc45df34c0d918d28366f32f8bc8174e63b5db8c20045
SHA512

50c65330e9aa177d3af5baec69489466c4eb7d5076dd5a95f910aeb8b267716b46b80d20aa55bf11d60bafe8fe1daf68337c623fa487af38c03660d3a8674ef2
SSDEEP

6144:0J81KKwS7DXFmraOKEILq7M4J5h/ZCI69wYRqNzL1abCILI+g82F83:0iznXFPOKEpTJ5hNzL1auID2F83

Score

N/A

Malware Config

Signatures

Files

b07ec92120df962c9e3cc45df34c0d918d28366f32f8bc8174e63b5db8c20045
.exe windows x86

591e839ccd372054e71cc5c4639f0a18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdsapi

DsRemoveDsServerA
DsQuoteRdnValueA
DsRemoveDsDomainA
DsReplicaModifyW
DsInheritSecurityIdentityW
DsFreeDomainControllerInfoW
DsReplicaDelW
DsListSitesW
DsCrackSpnW
DsReplicaGetInfoW
DsFreeSpnArrayA
DsReplicaConsistencyCheck
DsListDomainsInSiteA
DsGetDomainControllerInfoA
DsListInfoForServerW
DsUnBindA
DsReplicaSyncW
DsFreeNameResultW
DsBindWithSpnA
DsBindWithSpnW
DsRemoveDsDomainW
DsWriteAccountSpnW
DsReplicaSyncAllA
DsFreeSchemaGuidMapW
DsReplicaFreeInfo

mpr

WNetSetLastErrorA
WNetGetUserA
WNetGetNetworkInformationW
WNetGetProviderNameW
WNetEnumResourceW
WNetGetLastErrorW
WNetDisconnectDialog1W
WNetGetResourceInformationW
WNetGetResourceParentW
WNetAddConnectionA
WNetCancelConnection2W
WNetDisconnectDialog
WNetAddConnection3A
WNetGetUserW
WNetGetConnectionA
WNetGetResourceParentA
WNetCancelConnectionW
WNetGetResourceInformationA
WNetUseConnectionW
WNetGetProviderNameA
WNetCancelConnection2A
WNetCloseEnum
WNetGetUniversalNameA

wintrust

DriverInitializePolicy
WVTAsn1SpcLinkDecode
WinVerifyTrustEx
WVTAsn1SpcPeImageDataDecode
WTHelperGetKnownUsages
CryptCATPersistStore
WTHelperGetProvCertFromChain
WVTAsn1SpcSpOpusInfoEncode
TrustIsCertificateSelfSigned
WintrustCertificateTrust
IsCatalogFile
CryptCATEnumerateAttr
WinVerifyTrust
TrustOpenStores
CryptSIPCreateIndirectData
WTHelperCheckCertUsage
MsCatFreeHashTag
CryptCATAdminCalcHashFromFileHandle
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1SpcMinimalCriteriaInfoEncode
CryptCATGetCatAttrInfo
WVTAsn1CatNameValueEncode
CryptSIPVerifyIndirectData
WVTAsn1SpcIndirectDataContentDecode
CryptCATAdminAddCatalog
SoftpubDllUnregisterServer
CryptCATPutCatAttrInfo
DriverCleanupPolicy

ntdll

NtListenPort
NtAllocateUuids
DbgBreakPoint
NtClose
NtSetSystemTime
ZwOpenObjectAuditAlarm
ZwCreateWaitablePort
RtlSubAuthoritySid
NtMapUserPhysicalPages
LdrFindResourceDirectory_U
RtlSetThreadPoolStartFunc
ZwFlushVirtualMemory
NtSetHighWaitLowEventPair
RtlNewSecurityObject
ZwCancelTimer
ZwSetQuotaInformationFile
ZwOpenIoCompletion
RtlAddAccessDeniedObjectAce
ZwPlugPlayControl
RtlCreateHeap
RtlSetGroupSecurityDescriptor
NtPlugPlayControl
NtWaitForSingleObject
ZwCreatePort
NtStartProfile
RtlUnicodeStringToInteger
RtlReleasePebLock
ZwOpenEvent
NtWriteVirtualMemory
ZwDuplicateObject
NtDeleteFile
NtSecureConnectPort

msacm32

acmGetVersion
acmStreamOpen
acmFormatChooseW
acmDriverMessage
acmStreamReset
acmDriverAddW
acmMessage32
acmFormatDetailsA
acmFilterTagEnumW
acmFilterChooseW

secur32

SaslInitializeSecurityContextA
GetUserNameExA
GetComputerObjectNameA
QuerySecurityPackageInfoW
UnsealMessage
SealMessage
InitSecurityInterfaceA
GetUserNameExW
AddSecurityPackageA
LsaDeregisterLogonProcess
CompleteAuthToken
LsaEnumerateLogonSessions
LsaCallAuthenticationPackage
ImportSecurityContextW
LsaRegisterPolicyChangeNotification
DecryptMessage
QueryContextAttributesA
ApplyControlToken
LsaLookupAuthenticationPackage
AddSecurityPackageW
EncryptMessage
SaslEnumerateProfilesA

crypt32

CryptFindCertificateKeyProvInfo
CertSetStoreProperty
CryptQueryObject
CertGetStoreProperty
CertDeleteCRLFromStore
CryptGetDefaultOIDDllList
CertIsRDNAttrsInCertificateName
CertRDNValueToStrA
CryptMsgDuplicate
CertDuplicateCertificateChain
CertEnumSubjectInSortedCTL
CryptMsgOpenToEncode
CryptSIPRemoveProvider
CryptDecryptMessage
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CryptEnumKeyIdentifierProperties
CertFindSubjectInCTL
CertSetCertificateContextProperty
CryptSetOIDFunctionValue
CryptDecodeObject
CertVerifyCTLUsage
CryptMemAlloc
PFXVerifyPassword
CertSerializeCRLStoreElement
CryptSignMessage
CertDuplicateCertificateContext
CertSerializeCertificateStoreElement
CertStrToNameA

clusapi

ClusterRegOpenKey
GetClusterResourceState
ClusterRegQueryValue
ClusterEnum
ClusterRegEnumKey
SetClusterNetworkPriorityOrder
ClusterResourceCloseEnum
GetClusterFromNetInterface
GetClusterNodeKey
ClusterControl
BackupClusterDatabase
GetClusterResourceKey
ClusterRegSetKeySecurity
ChangeClusterResourceGroup
OnlineClusterResource
CloseClusterGroup
ClusterOpenEnum
CloseCluster
ClusterResourceTypeControl
GetClusterNodeState
ClusterGroupOpenEnum
CloseClusterNetInterface
GetClusterNetInterfaceKey
OpenClusterNetwork
ClusterGroupCloseEnum
GetClusterNetworkId
CreateClusterResource

mscms

EnumColorProfilesA
AssociateColorProfileWithDeviceA
SetStandardColorSpaceProfileW
UninstallColorProfileA
GetPS2ColorRenderingDictionary
TranslateBitmapBits
GetColorDirectoryA
SetColorProfileElementReference
GetCMMInfo
GetPS2ColorSpaceArray
CreateProfileFromLogColorSpaceW
AssociateColorProfileWithDeviceW
SetColorProfileHeader
DisassociateColorProfileFromDeviceW
GetColorDirectoryW
GetCountColorProfileElements
DeleteColorTransform
UnregisterCMMA
IsColorProfileValid
GetColorProfileFromHandle
RegisterCMMA
InternalGetPS2ColorSpaceArray
SetStandardColorSpaceProfileA
CreateMultiProfileTransform
RegisterCMMW

wininet

HttpQueryInfoA
GopherCreateLocatorA
HttpSendRequestExA
InternetAutodial
InternetCombineUrlW
InternetReadFileExA
InternetInitializeAutoProxyDll
InternetConfirmZoneCrossingA
HttpAddRequestHeadersW
FindFirstUrlCacheEntryExA
InternetCrackUrlW
InternetLockRequestFile
FindFirstUrlCacheContainerW
InternetQueryOptionW
DeleteUrlCacheContainerA
InternetGetConnectedStateExW
CreateUrlCacheEntryW
InternetGetLastResponseInfoW
InternetReadFileExW
InternetSetCookieA
GetUrlCacheEntryInfoW
FtpSetCurrentDirectoryW
UnlockUrlCacheEntryStream
InternetGetLastResponseInfoA
InternetWriteFileExA
GopherGetLocatorTypeA
FtpCommandA
InternetQueryDataAvailable
InternetCheckConnectionA

resutils

ResUtilPropertyListFromParameterBlock
ResUtilGetSzProperty
ResUtilSetResourceServiceEnvironment
ResUtilGetBinaryProperty
ResUtilResourceTypesEqual
ResUtilGetBinaryValue
ResUtilSetPropertyParameterBlockEx
ResUtilExpandEnvironmentStrings
ResUtilGetResourceDependency
ResUtilGetResourceNameDependency
ResUtilEnumProperties
ResUtilFindDependentDiskResourceDriveLetter
ResUtilGetResourceDependencyByClass
ResUtilSetBinaryValue
ResUtilGetDwordProperty
ResUtilSetPropertyTable
ResUtilFindLongProperty
ResUtilSetSzValue
ResUtilSetPropertyParameterBlock
ResUtilSetPropertyTableEx
ResUtilStopService
ResUtilIsPathValid
ResUtilDupString

gdi32

CreateICW
GetICMProfileA
SetDCBrushColor
SetTextColor
GetDIBColorTable
GetPath
GetStretchBltMode
GetMiterLimit
ExtEscape
GetWindowOrgEx
ExtSelectClipRgn
RealizePalette
GetTextAlign
CreatePen
EndFormPage
SwapBuffers
GetColorSpace
CheckColorsInGamut
CreateFontIndirectA
DeviceCapabilitiesExA
PlgBlt
EqualRgn
Escape
GetMetaFileW
GetCharWidthI
CreateSolidBrush
GdiSetBatchLimit
PlayEnhMetaFileRecord
PlayMetaFile
SetRelAbs

advpack

NeedRebootInit
RegInstall
CloseINFEngine
IsNTAdmin
LaunchINFSectionEx
FileSaveMarkNotExist
SetPerUserSecValues
ExtractFiles
TranslateInfStringEx
OpenINFEngine
AdvInstallFile
RegisterOCX
LaunchINFSection
RegRestoreAll

setupapi

SetupDiGetDeviceRegistryPropertyA
SetupInstallServicesFromInfSectionW
CM_Register_Device_Interface_ExW
CM_Get_Device_Interface_AliasW
SetupLogErrorW
SetupDiOpenDevRegKey
SetupDiGetClassInstallParamsA
SetupGetInfInformationA
SetupQueueCopySectionA
SetupQuerySourceListW
SetupDiEnumDeviceInfo
CM_Locate_DevNodeW
SetupDiClassNameFromGuidA
SetupDiSetDriverInstallParamsW
CM_Get_Class_Key_Name_ExA
SetupDuplicateDiskSpaceListW
SetupInstallFilesFromInfSectionW
SetupRemoveFileLogEntryW
SetupInstallFilesFromInfSectionA
CM_Free_Resource_Conflict_Handle
CM_Set_HW_Prof_FlagsA
CM_Request_Device_EjectW
CM_Get_Device_Interface_Alias_ExW
CM_Disable_DevNode_Ex
CM_Get_Hardware_Profile_Info_ExW
CM_Unregister_Device_Interface_ExW
SetupGetTargetPathW
SetupDiCancelDriverInfoSearch
SetupDiInstallClassExA
SetupDiCreateDeviceInterfaceW
CM_Query_And_Remove_SubTreeA
CM_Get_Parent_Ex

kernel32

SetEnvironmentVariableA
UnhandledExceptionFilter
ResetEvent
GetExitCodeProcess
OpenSemaphoreW
CreateTimerQueueTimer

comctl32

LBItemFromPt
ImageList_Remove
GetEffectiveClientRect
MenuHelp
InitializeFlatSB
GetMUILanguage
FlatSB_ShowScrollBar
DrawInsert
ImageList_LoadImageA
ImageList_Destroy
MakeDragList
ImageList_SetDragCursorImage
CreateStatusWindowW
ImageList_DragLeave
CreateToolbarEx
FlatSB_GetScrollInfo
ImageList_Read
ImageList_Copy

shlwapi

StrRChrIW
StrRStrIW
PathMakePrettyA
AssocQueryKeyA
SHRegGetBoolUSValueA
SHDeleteKeyW
PathIsUNCServerW
StrStrIA
UrlUnescapeW
SHRegCloseUSKey
UrlApplySchemeW
StrToIntExA
UrlEscapeA
PathMakeSystemFolderW
StrCmpNIA
IntlStrEqWorkerW
SHSetThreadRef
StrFormatByteSizeW
AssocQueryStringByKeyA
StrFormatKBSizeA
PathFileExistsW
PathAppendW
StrRChrA
PathUnmakeSystemFolderW
UrlIsW
SHIsLowMemoryMachine
SHRegCreateUSKeyW
ColorAdjustLuma
StrFromTimeIntervalA
PathRenameExtensionA
PathIsUNCA

user32

IntersectRect
GetDesktopWindow
DialogBoxParamW
SetDebugErrorLevel
DlgDirListW
VkKeyScanA
MapDialogRect
GetShellWindow
DdeFreeDataHandle
BroadcastSystemMessageA
GetClassInfoExW
DdeQueryConvInfo
SetWindowRgn
RemovePropA
DdeSetUserHandle
GetProcessDefaultLayout
DdeDisconnect
PostMessageA
SetClipboardData
GetMenuCheckMarkDimensions
EnumDisplayDevicesW
SetMenuItemInfoW
MonitorFromRect
GetWindowInfo
EnumPropsA
SetParent
SetWindowPos
CharLowerBuffA
EnumDesktopWindows
FindWindowExW
GetIconInfo

urlmon

FindMimeFromData
UrlMkSetSessionOption
CoInternetGetSession
CreateAsyncBindCtx
HlinkSimpleNavigateToString
CoInternetParseUrl
URLOpenStreamW
URLDownloadToFileA
URLDownloadToCacheFileW
HlinkGoBack
GetClassFileOrMime
URLDownloadA
RegisterMediaTypeClass
CoInternetGetSecurityUrl
IsAsyncMoniker
IsValidURL
HlinkSimpleNavigateToMoniker
HlinkNavigateString
FindMediaType
CoInternetCreateZoneManager
ObtainUserAgentString
URLOpenPullStreamW
GetSoftwareUpdateInfo
CoInternetGetProtocolFlags

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

591e839ccd372054e71cc5c4639f0a18

Headers

File Characteristics

Imports

ntdsapi

mpr

wintrust

ntdll

msacm32

secur32

crypt32

clusapi

mscms

wininet

resutils

gdi32

advpack

setupapi

kernel32

comctl32

shlwapi

user32

urlmon

Sections

.text Size: 129KB - Virtual size: 128KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 78KB - Virtual size: 250KB

.rsrc Size: 1024B - Virtual size: 884B

.idata Size: 6KB - Virtual size: 6KB

.text
Size: 129KB - Virtual size: 128KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 78KB - Virtual size: 250KB

.rsrc
Size: 1024B - Virtual size: 884B

.idata
Size: 6KB - Virtual size: 6KB