40374de707a9ddf16b3142409fb8c76f96606a89887519ca4e89ebca2a6a6815

Sharing

Copy URL Twitter E-mail

General

Target

40374de707a9ddf16b3142409fb8c76f96606a89887519ca4e89ebca2a6a6815
Size

508KB
MD5

64f753f4ed8ccc229a4b086778970310
SHA1

fc1029514ab17da0ff378ea599bfa3b06876505f
SHA256

40374de707a9ddf16b3142409fb8c76f96606a89887519ca4e89ebca2a6a6815
SHA512

012727d85d9e6bcb0d114465f79abe8fb9f789a40ae90b726d05a0349af5a07e033ff05232b29a4bdbe7e7f76ac0946f250b751796f99be4e141c60bc34d8513
SSDEEP

12288:dLrgV2bhQxaZRQ1kJASqNQ7H/KL34xqAJQ:ZA2b2oZkkJAJu7fdJQ

Score

N/A

Malware Config

Signatures

Files

40374de707a9ddf16b3142409fb8c76f96606a89887519ca4e89ebca2a6a6815
.dll windows x64

92d42c80597c09f35b90077e57c32f4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_wtoi
memmove
_purecall
wcschr
_wcsicmp
towupper
wcsstr
_wcsnicmp
_vsnwprintf
__C_specific_handler
_unlock
__dllonexit
malloc
_onexit
memset
_vsnprintf
memcpy
memcmp
_ultow
wcscpy_s
_initterm
free
_lock
_amsg_exit
_XcptFilter
ceil

rpcrt4

RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingVectorFree
RpcBindingFromStringBindingW
RpcAsyncCancelCall
RpcBindingSetObject
RpcBindingCreateW
RpcBindingBind
RpcBindingUnbind
RpcBindingServerFromClient
RpcRevertToSelf
I_RpcFilterDCOMActivation
RpcMgmtEnableIdleCleanup
RpcStringBindingComposeW
RpcRaiseException
NdrServerCall2
I_RpcExceptionFilter
NdrClientCall2
Ndr64AsyncClientCall
RpcServerInqBindings
I_RpcBindingInqMarshalledTargetInfo
I_RpcBindingInqWireIdForSnego
RpcBindingSetOption
RpcRevertToSelfEx
RpcImpersonateClient
I_RpcBindingInqLocalClientPID
I_RpcBindingInqTransportType
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
NdrAsyncServerCall
NdrAsyncClientCall
MesEncodeFixedBufferHandleCreate
MesDecodeBufferHandleCreate
MesHandleFree
NdrMesTypeDecode2
NdrMesTypeAlignSize2
NdrMesTypeEncode2
RpcErrorGetNextRecord
RpcErrorEndEnumeration
RpcErrorResetEnumeration
RpcErrorStartEnumeration
RpcErrorSaveErrorInfo
UuidCreate
RpcServerRegisterAuthInfoW
RpcMgmtSetServerStackSize
RpcMgmtIsServerListening
RpcServerListen
RpcServerUseProtseqEpExW
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoExW
RpcBindingReset
RpcBindingCopy
RpcBindingFree
RpcServerRegisterIfEx

ntdll

RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlCreateVirtualAccountSid
NtQueryMutant
NtDuplicateToken
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
NtAllocateLocallyUniqueId
WinSqmSetDWORD
RtlAllocateAndInitializeSid
NtClose
NtQueryInformationFile
NtOpenFile
RtlFreeUnicodeString
RtlCreateUnicodeString
RtlLengthSid
RtlNtStatusToDosError
RtlGetSaclSecurityDescriptor
RtlCopySid
NtOpenKey
NtQueryKey
RtlInitializeCriticalSectionAndSpinCount
NtQuerySystemInformation
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
NtQueryInformationToken
NtCompareTokens
RtlEqualSid
RtlDeleteCriticalSection
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitializeCriticalSection
RtlEqualUnicodeString
RtlInitUnicodeString
EtwTraceMessage

api-ms-win-core-localregistry-l1-1-0

RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegOpenUserClassesRoot
RegLoadMUIStringW
RegGetValueW
RegSetValueExW
RegCloseKey

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
GetAce
GetSidLengthRequired
RevertToSelf
ImpersonateAnonymousToken
CopySid
GetTokenInformation
EqualSid
IsValidSid
CreateWellKnownSid
GetLengthSid
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
GetSecurityDescriptorLength
AccessCheck
SetTokenInformation
DuplicateTokenEx
CheckTokenMembership
ImpersonateLoggedOnUser
DuplicateToken
InitializeSid

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

sspicli

FreeContextBuffer
EnumerateSecurityPackagesW
LogonUserExExW

kernel32

GetSystemWow64DirectoryW
GetSystemDirectoryW
SearchPathW
OpenFileMappingW
CreateFileW
UnmapViewOfFile
MapViewOfFile
InterlockedPushEntrySList
SetLastError
CreateFileMappingW
GetModuleHandleW
LoadLibraryExW
FindActCtxSectionGuid
GetModuleHandleExW
MapViewOfFileEx
ReleaseActCtx
FindActCtxSectionStringW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockShared
AddRefActCtx
GetDriveTypeW
TlsSetValue
OpenProcess
InitializeCriticalSection
IsWow64Process
GetComputerNameExW
OpenEventW
ExpandEnvironmentStringsW
GetVersionExW
WaitForMultipleObjects
GetExitCodeProcess
CompareFileTime
CheckElevationEnabled
GetFullPathNameW
CreateMutexW
SetThreadpoolWait
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CloseThreadpool
CreateThreadpoolWait
OpenThread
GetProcessIdOfThread
ReleaseMutex
FindFirstFileW
FindClose
UnregisterWait
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
InterlockedPopEntrySList
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
lstrcmpW
Sleep
GetLastError
GetSystemInfo
TlsAlloc
FreeLibrary
GetProcAddress
LoadLibraryExA
DelayLoadFailureHook
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualQuery
VirtualAlloc
VirtualProtect
SetThreadStackGuarantee
CreateThread
CloseHandle
SleepEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
lstrlenW
RegisterWaitForSingleObject
LocalAlloc
LocalFree
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
TlsGetValue
QueueUserWorkItem
DuplicateHandle
CompareStringW
GetCurrentThread
GetModuleFileNameW
DeleteCriticalSection

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
ServiceMain
WhichService

Sections

.text
Size: 409KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92d42c80597c09f35b90077e57c32f4f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-security-sddl-l1-1-0

sspicli

kernel32

Exports

Exports

Sections

.text Size: 409KB - Virtual size: 408KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 8KB - Virtual size: 8KB

.pdata Size: 22KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 409KB - Virtual size: 408KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 8KB - Virtual size: 8KB

.pdata
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 3KB - Virtual size: 2KB