87ace4305f6bdfe75a24e187527820c1517672094c98cba73aafd47497cddcc0

Sharing

Copy URL

Twitter E-mail

General

Target

87ace4305f6bdfe75a24e187527820c1517672094c98cba73aafd47497cddcc0
Size

745KB
MD5

6ff0ebf8cf1d5f0ea00beab8e134a1f5
SHA1

7c534a4f93ce9896cbb3d54ae003bc1bede7cad9
SHA256

87ace4305f6bdfe75a24e187527820c1517672094c98cba73aafd47497cddcc0
SHA512

ae4fb6e836488ba91a665dff16a18ae1bf2dae8889a9623cfecf4248e9e912d4b320d5a79823a5810979700dbeaca846d68b5cac6153e9fbcc0c71dbf69fac9c
SSDEEP

12288:mvhwZNlHoVNP4nakObDzBm/8G17Y+gdDhFmG3PT01VKzODttahi8zTjFaRJqtsAF:mYKNP4nakObDzBm/8G1U+M9FmG3PT0wT

Score

N/A

Malware Config

Signatures

Files

87ace4305f6bdfe75a24e187527820c1517672094c98cba73aafd47497cddcc0
.exe windows x86

8890d3604b9d6230d8244d84599aa8ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memmove
_strnicoll
iswcntrl
_controlfp
_onexit
_errno
remove
_open
_read
_write
_close
_lseek
_tempnam
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcschr
wcsncpy
_wcsnicmp
wcsrchr
_wtoi
_stricmp
_wcsdup
memchr
wcscat
wcscpy
iswspace
_ftol
_beginthreadex
_vsnwprintf
_CxxThrowException
wcscmp
swscanf
swprintf
_purecall
_wcsicmp
wcslen
realloc
free
malloc
__CxxFrameHandler
__doserrno

advapi32

SetSecurityDescriptorDacl
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptEncrypt
CryptDecrypt
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
ReportEventW
DeregisterEventSource
RegisterEventSourceW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidW
RegGetKeySecurity
GetFileSecurityW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
LsaOpenPolicy
LsaAddAccountRights
LsaNtStatusToWinError
CryptVerifySignatureW
CryptImportKey
LogonUserW
CreateProcessAsUserW
DuplicateTokenEx
CreateServiceW
ChangeServiceConfig2W
ControlService
DeleteService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RevertToSelf
LsaClose
RegSetKeySecurity
SetFileSecurityW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
InitializeAcl
InitializeSecurityDescriptor
MakeAbsoluteSD
RegQueryValueExW
IsValidSecurityDescriptor
MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
AddAccessDeniedAce
GetAce
AddAccessAllowedAce
GetLengthSid
GetAclInformation
IsValidAcl
GetSecurityDescriptorDacl
DeleteAce
EqualSid
LookupAccountNameW
FreeSid
AllocateAndInitializeSid
RegConnectRegistryW
RegEnumKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
AddAce
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorControl
SetSecurityDescriptorControl
SetThreadToken
AccessCheck
MapGenericMask
CopySid
GetTokenInformation
OpenThreadToken
ConvertStringSidToSidW
LookupAccountSidW
AddAccessAllowedAceEx
AddAccessDeniedAceEx
AddAuditAccessAceEx
AddAccessAllowedObjectAce
AddAccessDeniedObjectAce
AddAuditAccessObjectAce

kernel32

CreateFileMappingW
OpenFileMappingW
MapViewOfFile
lstrcpyW
lstrcatW
GetProcAddress
CreateThread
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetLocaleInfoW
IsDBCSLeadByte
CompareStringA
SetThreadPriority
FormatMessageW
GetWindowsDirectoryW
LocalAlloc
LoadLibraryA
RaiseException
ResetEvent
MoveFileW
ReleaseMutex
FlushViewOfFile
UnmapViewOfFile
OpenMutexW
SetLastError
lstrcmpiA
MultiByteToWideChar
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
lstrcpynW
HeapDestroy
InterlockedIncrement
InterlockedDecrement
FreeLibrary
lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
GetShortPathNameW
GetModuleFileNameW
GetVersionExW
GetCommandLineW
GetPrivateProfileStringW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedExchange
Sleep
LoadLibraryW
WaitForMultipleObjects
SetEvent
CloseHandle
CreateEventW
WaitForSingleObject
GetCurrentThread
SetEnvironmentVariableW
GetTempPathW
GetEnvironmentVariableW
CopyFileW
SetFileAttributesW
DeleteFileW
MoveFileExW
GetFileAttributesExW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
RemoveDirectoryW
CreateFileW
CompareFileTime
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemTime
GetLocalTime
OpenProcess
GlobalMemoryStatusEx
GetSystemDirectoryW
GlobalUnlock
GlobalLock
GlobalSize
GlobalAlloc
FileTimeToSystemTime
GetUserDefaultLCID
GetTimeZoneInformation
GetCurrentDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
GetDiskFreeSpaceW
GetTempFileNameW
WideCharToMultiByte
LocalFree
DuplicateHandle
WriteFile
SetFilePointer
ReadFile
GetFileInformationByHandle
GlobalFree
GetModuleHandleA
GetStartupInfoW
GetFileAttributesA
FileTimeToDosDateTime
FileTimeToLocalFileTime
CreateFileA
HeapAlloc
HeapReAlloc
GetThreadPriority
IsDBCSLeadByteEx
GetSystemDefaultLangID
GetLocaleInfoA
GetACP
HeapFree
GetProcessHeap
CreateMutexW

user32

CharUpperBuffW
CharUpperW
CharNextA
GetSystemMetrics
GetMessageW
DispatchMessageW
MsgWaitForMultipleObjects
LoadStringW
CharNextW
PostThreadMessageW
TranslateMessage
PeekMessageW

ole32

CLSIDFromString
CoSuspendClassObjects
CoRegisterClassObject
StringFromCLSID
CoSetProxyBlanket
GetHGlobalFromStream
StgOpenStorageEx
StgCreateStorageEx
CoGetCallContext
CreateStreamOnHGlobal
CoCreateGuid
StringFromGUID2
CoCreateInstanceEx
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoRevokeClassObject

oleaut32

SysAllocStringByteLen
GetErrorInfo
SysStringByteLen
CreateErrorInfo
SetErrorInfo
RegisterTypeLi
LoadTypeLi
VariantInit
VariantTimeToSystemTime
VariantChangeTypeEx
SafeArrayCreateVector
SysFreeString
SysAllocString
VarUI4FromStr
LoadRegTypeLi
SysStringLen
VariantClear
VariantCopy
VariantChangeType
SystemTimeToVariantTime
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen

ntdll

wcsncmp
sprintf
strrchr
tolower
strchr
_wtol
_itow
_ltow
wcsstr
_snwprintf
towlower
strtoul
wcstoul
NtQueryInformationProcess
strncpy

rpcrt4

I_RpcBindingInqLocalClientPID

Sections

.text
Size: 637KB - Virtual size: 637KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 22KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8890d3604b9d6230d8244d84599aa8ac

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

ntdll

rpcrt4

Sections

.text Size: 637KB - Virtual size: 637KB

.data Size: 22KB - Virtual size: 23KB

.rsrc Size: 84KB - Virtual size: 90KB

.text
Size: 637KB - Virtual size: 637KB

.data
Size: 22KB - Virtual size: 23KB

.rsrc
Size: 84KB - Virtual size: 90KB