24846baf8f326faa6d6e1449dc73c5c3ab570de874b3aa7f2f305eebcfe99465

Sharing

Copy URL Twitter E-mail

General

Target

24846baf8f326faa6d6e1449dc73c5c3ab570de874b3aa7f2f305eebcfe99465
Size

423KB
MD5

70c18587d0b917fe6d2c4081db8b2c66
SHA1

1261071fe2a9e785e798f0e1e7fb07bcef616a83
SHA256

24846baf8f326faa6d6e1449dc73c5c3ab570de874b3aa7f2f305eebcfe99465
SHA512

2b8eff758cacfba8516850d521e37fe782232a461d23558e360724d620d8e82758cfe84e9107301b6a1ab67ee5f7b0a81e7ca141068b393c9b4b3b3b04484e4b
SSDEEP

12288:FtKrN54CNDCHzcVF4wyYrQ9mh2ikO5RoK2vEyTyo4ZiSAGKdcyHx:FEfOzc/4wyYrQjiku6KOEmyotSAdx

Score

N/A

Malware Config

Signatures

Files

24846baf8f326faa6d6e1449dc73c5c3ab570de874b3aa7f2f305eebcfe99465
.dll windows x86

a9ce724b76f12b9845fb0cfd37a39f1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateAndInitializeSid
LookupAccountSidW
FreeSid
OpenThreadToken
SetThreadToken
CredFree
RevertToSelf
CredUnmarshalCredentialW
RegQueryInfoKeyW
RegConnectRegistryW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptAcquireContextW
OpenProcessToken
GetTokenInformation
RegDeleteValueW
RegSetValueExW
CryptReleaseContext
CryptGetProvParam
CryptSetProvParam
RegCreateKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyW
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
CloseServiceHandle
RegisterTraceGuidsW
GetTraceLoggerHandle
SystemFunction006
RegOpenKeyExW
RegNotifyChangeKeyValue
RegQueryValueExW
TraceEvent
SystemFunction007

cryptdll

CDLocateCSystem
CDFindCommonCSystemWithKey
CDGenerateRandomBits
MD5Final
MD5Update
MD5Init
CDLocateCheckSum
CDBuildIntegrityVect

kernel32

RaiseException
lstrlenW
FormatMessageW
lstrcmpiA
lstrlenA
GetCurrentThread
OutputDebugStringA
GetLocalTime
WriteFile
DebugBreak
DeleteCriticalSection
LoadLibraryW
GetSystemInfo
OpenFileMappingW
MapViewOfFileEx
UnmapViewOfFile
CreateFileMappingW
InitializeCriticalSection
EnterCriticalSection
CreateFileW
LeaveCriticalSection
GetModuleFileNameA
GetProfileStringA
CreateFileA
VirtualAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
InterlockedExchangeAdd
GetACP
WideCharToMultiByte
RegisterWaitForSingleObjectEx
UnregisterWait
OpenEventW
SetEvent
LoadLibraryA
GetProcAddress
FreeLibrary
GetComputerNameW
GetComputerNameExW
Sleep
GetLastError
MultiByteToWideChar
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
FileTimeToSystemTime
InterlockedIncrement
InterlockedExchange
InterlockedCompareExchange
CreateEventW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
GetCurrentProcessId
LocalAlloc
lstrcmpW
LocalFree
CloseHandle
GetSystemTimeAsFileTime

msasn1

ASN1BEREncOpenType
ASN1BEREncObjectIdentifier
ASN1BERDecOpenType2
ASN1BERDecObjectIdentifier
ASN1objectidentifier_free
ASN1BERDecBitString
ASN1bitstring_free
ASN1EncSetError
ASN1DecSetError
ASN1BERDecSkip
ASN1BEREncBool
ASN1BERDecBool
ASN1BEREncSX
ASN1BERDecSXVal
ASN1charstring_free
ASN1BERDecCharString
ASN1BERDecU32Val
ASN1BEREncU32
ASN1BERDecGeneralizedTime
ASN1ztcharstring_free
ASN1BERDecZeroCharString
ASN1octetstring_free
ASN1BERDecOctetString
ASN1Free
ASN1BERDecExplicitTag
ASN1BERDecNotEndOfContents
ASN1BERDecPeekTag
ASN1DecAlloc
ASN1BERDecS32Val
ASN1BERDecEndOfContents
ASN1BEREncExplicitTag
ASN1BEREncS32
ASN1BEREncEndOfContents
ASN1_CreateModule
ASN1BEREncOctetString
ASN1BEREncBitString
ASN1BEREncCharString
ASN1CEREncGeneralizedTime
ASN1intx_setuint32
ASN1intx_free
ASN1_FreeDecoded
ASN1_Decode
ASN1_Encode
ASN1_FreeEncoded
ASN1_CloseEncoder
ASN1_CloseDecoder
ASN1_CreateEncoder
ASN1_CreateDecoder
ASN1intxisuint32
ASN1intx2uint32
ASN1intx2int32

msvcrt

free
_initterm
malloc
_adjust_fdiv
_wcsicmp
_ultoa
qsort
wcscat
wcstoul
wcsspn
_wcsnicmp
_vsnprintf
strrchr
_strnicmp
strchr
_strcmpi
sscanf
wcslen
wcscpy
wcsrchr
_stricmp
sprintf
swprintf
wcscmp
_except_handler3

ntdll

RtlEqualSid
RtlCreateAcl
RtlAddAccessAllowedAce
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQueryInformationToken
RtlDeleteTimerQueue
RtlCompareMemory
RtlInitializeResource
RtlDeleteResource
NtClose
RtlAcquireResourceExclusive
NtOpenThreadToken
RtlDeleteCriticalSection
RtlAcquireResourceShared
RtlReleaseResource
RtlFreeUnicodeString
RtlInitUnicodeString
RtlCopyLuid
RtlAnsiStringToUnicodeString
RtlEqualUnicodeString
RtlEnterCriticalSection
RtlLengthSid
NtOpenProcessToken
RtlConvertSharedToExclusive
RtlCreateTimer
RtlCreateTimerQueue
RtlDeregisterWait
RtlIntegerToUnicodeString
RtlInitializeCriticalSection
RtlEraseUnicodeString
NtAllocateLocallyUniqueId
RtlRunDecodeUnicodeString
RtlUpcaseUnicodeString
NtWaitForSingleObject
NtOpenEvent
NtCreateEvent
RtlSystemTimeToLocalTime
RtlDowncaseUnicodeString
RtlVerifyVersionInfo
VerSetConditionMask
RtlSubAuthoritySid
RtlCopySid
RtlLengthRequiredSid
RtlSubAuthorityCountSid
RtlInitializeSid
RtlCopyUnicodeString
NtQuerySystemInformation
RtlConvertSidToUnicodeString
RtlAppendUnicodeStringToString
RtlTimeFieldsToTime
RtlTimeToTimeFields
RtlInitializeGenericTable
RtlDeleteElementGenericTable
RtlGetElementGenericTable
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlNtStatusToDosError
RtlUniform
NtQuerySystemTime
RtlOemStringToUnicodeString
DbgPrint
RtlLeaveCriticalSection
RtlEqualDomainName
RtlPrefixUnicodeString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
RtlValidSid
RtlFreeSid
RtlAllocateAndInitializeSid
NtDuplicateObject
RtlCompareUnicodeString
RtlInsertElementGenericTableAvl
RtlLookupElementGenericTableAvl
RtlInitializeGenericTableAvl
RtlRegisterWait

secur32

CredMarshalTargetInfo
LsaFreeReturnBuffer
FreeContextBuffer
LsaGetLogonSessionData
CredUnmarshalTargetInfo

user32

wsprintfW
CharLowerBuffW

Exports

Exports

KerbCreateTokenFromTicket
KerbDomainChangeCallback
KerbFree
KerbIsInitialized
KerbKdcCallBack
KerbMakeKdcCall
SpInitialize
SpInstanceInit
SpLsaModeInitialize
SpUserModeInitialize
SupportsChannelBinding

Sections

.text
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a9ce724b76f12b9845fb0cfd37a39f1c

Headers

File Characteristics

Imports

advapi32

cryptdll

kernel32

msasn1

msvcrt

ntdll

secur32

user32

Exports

Exports

Sections

.text Size: 267KB - Virtual size: 266KB

.data Size: 6KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 11KB - Virtual size: 11KB

.rmnet Size: 67KB - Virtual size: 68KB

.text Size: 62KB - Virtual size: 64KB

.text
Size: 267KB - Virtual size: 266KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 11KB - Virtual size: 11KB

.rmnet
Size: 67KB - Virtual size: 68KB

.text
Size: 62KB - Virtual size: 64KB