cac1e38c493e6814be7ff63c7cf644e5bcb4ecf74d4e9e195077ae0b93975860

Sharing

Copy URL Twitter E-mail

General

Target

cac1e38c493e6814be7ff63c7cf644e5bcb4ecf74d4e9e195077ae0b93975860
Size

371KB
MD5

5c8922cbbc24035f35681f14e2385410
SHA1

af558871d8b796bf62b02901593951d59e0593f0
SHA256

cac1e38c493e6814be7ff63c7cf644e5bcb4ecf74d4e9e195077ae0b93975860
SHA512

36543eb558f2c1d91039ea8ec646001784ecb897c888546726a5440045265571981a5897763bf61c8f890144b322ad2c534abc7c40c9d2ac43fda45e4bcdafbb
SSDEEP

6144:qaxcFBdI0UznMiUogGIoeg5GkkNeZ9AHrPlZMBLmvVrMZQsuiOeZ1B8fuizk:txcbdknMiX1NkNeZ9ClatdjQuiz

Score

N/A

Malware Config

Signatures

Files

cac1e38c493e6814be7ff63c7cf644e5bcb4ecf74d4e9e195077ae0b93975860
.dll windows x86

65a5ad0b83dbba5a0978b00b1daebcd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
memmove
_wtoi
_purecall
memset
ceil
_ftol2
_wcsicmp
towupper
_wcsnicmp
_vsnwprintf
wcschr
malloc
free
_initterm
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_vsnprintf
_ultow
wcscpy_s
_XcptFilter

rpcrt4

RpcErrorStartEnumeration
RpcBindingFree
RpcBindingReset
RpcBindingCopy
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
UuidCreate
RpcAsyncInitializeHandle
RpcRevertToSelfEx
RpcImpersonateClient
I_RpcBindingInqTransportType
I_RpcBindingInqLocalClientPID
RpcBindingSetOption
I_RpcBindingInqMarshalledTargetInfo
I_RpcBindingInqWireIdForSnego
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcStringFreeW
RpcBindingVectorFree
RpcServerInqBindings
RpcServerRegisterAuthInfoW
RpcBindingFromStringBindingW
RpcAsyncCancelCall
RpcBindingUnbind
RpcBindingBind
RpcBindingCreateW
RpcBindingSetObject
RpcBindingServerFromClient
RpcMgmtEnableIdleCleanup
I_RpcFilterDCOMActivation
RpcRevertToSelf
RpcStringBindingComposeW
NdrServerCall2
RpcRaiseException
I_RpcExceptionFilter
NdrClientCall2
NdrAsyncClientCall
NdrAsyncServerCall
MesEncodeFixedBufferHandleCreate
RpcMgmtIsServerListening
RpcServerListen
RpcMgmtSetServerStackSize
RpcServerUseProtseqEpExW
MesHandleFree
MesDecodeBufferHandleCreate
NdrMesTypeAlignSize2
NdrMesTypeEncode2
NdrMesTypeDecode2
RpcErrorSaveErrorInfo
RpcErrorGetNextRecord
RpcErrorResetEnumeration
RpcErrorEndEnumeration
RpcServerRegisterIfEx

ntdll

NtClose
RtlAllocateAndInitializeSid
WinSqmSetDWORD
RtlGetSaclSecurityDescriptor
RtlLengthSid
RtlCopySid
NtOpenKey
NtQueryKey
RtlNtStatusToDosError
NtQueryInformationFile
RtlInitializeCriticalSectionAndSpinCount
NtQuerySystemInformation
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
NtQueryInformationToken
NtCompareTokens
RtlEqualSid
RtlDeleteCriticalSection
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
RtlInitUnicodeString
RtlEqualUnicodeString
NtOpenFile
RtlFreeUnicodeString
RtlCreateUnicodeString
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
NtAllocateLocallyUniqueId
NtDuplicateToken
RtlInitializeCriticalSection
EtwTraceMessage
NtQueryMutant
RtlCreateVirtualAccountSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl

api-ms-win-core-localregistry-l1-1-0

RegQueryValueExW
RegOpenUserClassesRoot
RegEnumValueW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegGetValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
IsValidSecurityDescriptor
ImpersonateAnonymousToken
RevertToSelf
GetSidSubAuthority
EqualSid
CopySid
GetSidLengthRequired
InitializeSid
GetTokenInformation
IsValidSid
CreateWellKnownSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorLength
AccessCheck
SetTokenInformation
DuplicateTokenEx
CheckTokenMembership
ImpersonateLoggedOnUser
DuplicateToken
GetAce

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

sspicli

LogonUserExExW
EnumerateSecurityPackagesW
FreeContextBuffer

kernel32

MapViewOfFile
InitializeCriticalSectionAndSpinCount
OpenFileMappingW
TlsGetValue
InitializeSListHead
InterlockedPopEntrySList
UnmapViewOfFile
CreateFileMappingW
SearchPathW
SetLastError
GetSystemDirectoryW
GetSystemWow64DirectoryW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseActCtx
FindActCtxSectionGuid
FindActCtxSectionStringW
LoadLibraryExW
AddRefActCtx
OpenEventW
GetComputerNameExW
OpenProcess
InitializeCriticalSection
TlsSetValue
GetDriveTypeW
GetVersionExW
ExpandEnvironmentStringsW
WaitForMultipleObjects
CompareFileTime
GetExitCodeProcess
GetModuleHandleExW
MapViewOfFileEx
CheckElevationEnabled
CreateMutexW
GetProcessIdOfThread
OpenThread
GetFullPathNameW
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
FindClose
FindFirstFileW
ReleaseMutex
UnregisterWait
InterlockedCompareExchange64
EnterCriticalSection
IsWow64Process
HeapFree
HeapAlloc
GetProcessHeap
lstrcmpW
GetLastError
GetSystemInfo
Sleep
TlsAlloc
DelayLoadFailureHook
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualProtect
VirtualAlloc
GetModuleHandleW
VirtualQuery
GetVersion
SleepEx
InterlockedIncrement
InterlockedDecrement
DeleteTimerQueueTimer
CreateTimerQueueTimer
CloseHandle
CreateThread
LocalFree
LocalAlloc
RegisterWaitForSingleObject
lstrlenW
CreateEventW
LeaveCriticalSection
InterlockedPushEntrySList
SetEvent
WaitForSingleObject
QueueUserWorkItem
DuplicateHandle
CompareStringW
GetCurrentThread
InterlockedExchangeAdd
GetModuleFileNameW
DeleteCriticalSection

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
ServiceMain
WhichService

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65a5ad0b83dbba5a0978b00b1daebcd5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-security-sddl-l1-1-0

sspicli

kernel32

Exports

Exports

Sections

.text Size: 342KB - Virtual size: 342KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 342KB - Virtual size: 342KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 19KB - Virtual size: 18KB