1d26595e35588f14cdf42e46c996ee511fcdc97a3b0568b70b3a3a3a873ef132

Sharing

Copy URL Twitter E-mail

General

Target

1d26595e35588f14cdf42e46c996ee511fcdc97a3b0568b70b3a3a3a873ef132
Size

897KB
MD5

70b8fded9cab10cb33f250630572f350
SHA1

d03409973e83d738cbbcbbd7e6c01718fd608df8
SHA256

1d26595e35588f14cdf42e46c996ee511fcdc97a3b0568b70b3a3a3a873ef132
SHA512

5a71ed3309ca7ad5c857515fde070faddb10dba8efc4561aa1b927308135ea2fb5a325e987fbb5da63b74e86145f22e2ca3b8782796653339eaa2a810beac87b
SSDEEP

24576:iNAif0WhiKQIH3FXH3nXH3nKIn62vWo16lI6egvvSir7mMBsrk0gaVnN:iNAicW0IH3FXH3nXH3n6JeUvSy50gS

Score

N/A

Malware Config

Signatures

Files

1d26595e35588f14cdf42e46c996ee511fcdc97a3b0568b70b3a3a3a873ef132
.exe windows x86

669877872fcb400dee1ec1a2b6f80a5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
RegCloseKey
RegSetKeySecurity
EqualSid
GetAce
GetAclInformation
GetSecurityDescriptorDacl
AllocateAndInitializeSid
RegGetKeySecurity
RegOpenKeyExA
SystemFunction025
SystemFunction027
RegQueryValueExA
RegQueryValueExW
RegConnectRegistryW
RegSetValueExA
AbortSystemShutdownA
InitiateSystemShutdownExA
CryptAcquireContextW

kernel32

CreateThread
CreateEventW
SetMailslotInfo
GetComputerNameW
InitializeCriticalSection
Sleep
LocalFree
GetModuleHandleW
LeaveCriticalSection
SetThreadUILanguage
GetConsoleOutputCP
GetProcessHeap
HeapAlloc
SetEvent
HeapFree
lstrlenA
CreateMailslotA
CreateFileW
WriteFile
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
InterlockedExchange
CloseHandle
DeleteCriticalSection
ReadFile
GetLastError
EnterCriticalSection
GetLocalTime
GetOverlappedResult
WaitForMultipleObjects
WaitForSingleObject
GetStdHandle

msvcrt

?terminate@@YAXXZ
_controlfp
free
isleadbyte
_iob
_snprintf
_itoa
printf
_wsetlocale
_vsnwprintf
time
srand
wctomb
rand
memcpy
strchr
iswctype
strtol
strtoul
_strnicmp
_stricmp
fprintf
__iob_func
_errno
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
malloc
fwprintf
memmove
memset
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs

ntdsapi

DsBindW
DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW
DsUnBindW

logoncli

DsGetForestTrustInformationW
DsGetDcNameWithAccountW
I_NetLogonControl
I_NetLogonControl2
NetLogonGetTimeServiceParentDomain
NetGetDCName
I_NetGetDCList
DsEnumerateDomainTrustsA
DsGetDcNameW
DsAddressToSiteNamesExA
DsGetDcNameA
DsGetDcSiteCoverageA
DsGetSiteNameA
I_NetlogonComputeServerDigest
DsDeregisterDnsHostRecordsA
DsGetDcOpenA
DsGetDcNextA
DsGetDcCloseW
I_NetlogonGetTrustRid
I_NetlogonComputeClientDigest

rpcrt4

RpcStringFreeW
UuidToStringW
RpcStringFreeA
UuidToStringA
UuidFromStringA

ws2_32

htonl
ntohs
WSAStartup
WSACleanup
getaddrinfo
WSAAddressToStringA
freeaddrinfo
WSAStringToAddressA
WSAGetLastError

ntdll

RtlInitAnsiString
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlxUnicodeStringToOemSize
RtlUpcaseUnicodeStringToOemString
RtlInitString
NlsMbOemCodePageTag
RtlOemStringToUnicodeString
RtlLengthSid
RtlUnwind
RtlSystemTimeToLocalTime
RtlTimeToTimeFields
RtlConvertSidToUnicodeString
RtlFreeUnicodeString

netutils

NetApiBufferAllocate
NetApiBufferFree
NetpwNameCompare

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptDecrypt
BCryptDestroyHash

user32

LoadStringW

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 596KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

669877872fcb400dee1ec1a2b6f80a5b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdsapi

logoncli

rpcrt4

ws2_32

ntdll

netutils

bcrypt

user32

Sections

.text Size: 242KB - Virtual size: 241KB

.data Size: 56KB - Virtual size: 93KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 596KB - Virtual size: 1.8MB

.text
Size: 242KB - Virtual size: 241KB

.data
Size: 56KB - Virtual size: 93KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 596KB - Virtual size: 1.8MB