458d8295e7942e259c1f9191bcaadd2bffd6720f9a09549cc0efc7a75c7ebb51

Sharing

Copy URL Twitter E-mail

General

Target

458d8295e7942e259c1f9191bcaadd2bffd6720f9a09549cc0efc7a75c7ebb51
Size

289KB
MD5

37a40aad3a2b43c4434557a4d042f3a0
SHA1

c2c3781e8a9fa80610ee2a963183885d4ac44596
SHA256

458d8295e7942e259c1f9191bcaadd2bffd6720f9a09549cc0efc7a75c7ebb51
SHA512

e349e78a4dbb2df52dafbeb98d97c1f4e9fd249183720400634688ad5638c0ab5e491c91a1faa1502717fb9af480d452723c4fc98be8de325320c47aecfc1bb0
SSDEEP

6144:YvgD9QAG2q2TM6s+t8BA8jcxmZkClvEauLSVpbX9:YvgD9s2GvYARHu4N

Score

N/A

Malware Config

Signatures

Files

458d8295e7942e259c1f9191bcaadd2bffd6720f9a09549cc0efc7a75c7ebb51
.dll windows x86

3198e754144284d77928b0b090afe141

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtMapViewOfSection
NtCreateSection
NtUnmapViewOfSection
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtQuerySystemInformation
NtQueryVirtualMemory
_alloca_probe
NtQueryDirectoryFile
NtOpenFile
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlUnicodeStringToInteger
DbgPrint
NtQueryInformationProcess
RtlGetVersion
NtEnumerateValueKey
NtQueryKey
NtCreateKey
NtSetValueKey
NtDeleteValueKey
RtlDowncaseUnicodeString
RtlGetFullPathName_U
NtSetInformationKey
NtDeleteKey
strpbrk
strspn
_wcsupr
RtlUpcaseUnicodeChar
toupper
RtlUpcaseUnicodeString
NtWriteFile
RtlSecondsSince1970ToTime
RtlImageRvaToVa
RtlGUIDFromString
strchr
isdigit
LdrResFindResource
LdrResSearchResource
RtlUnwind
NtReadFile
qsort
NtDeleteFile
NtCreateFile
RtlDoesFileExists_U
NtOpenProcessToken
NtQueryInformationToken
RtlGetFileMUIPath
NtQueryInformationFile
RtlCreateUnicodeString
_vscwprintf
EtwEventRegister
EtwEventUnregister
EtwEventWrite
RtlAppendUnicodeStringToString
DbgPrintEx
wcsstr
strncmp
wcspbrk
wcsspn
wcschr
_vsnwprintf
ord7
RtlGetNativeSystemInformation
ord3
ord4
RtlEnterCriticalSection
LdrInitShimEngineDynamic
RtlLeaveCriticalSection
LdrLoadDll
LdrGetProcedureAddress
LdrUnloadDll
RtlTimeToTimeFields
RtlCompareUnicodeString
strrchr
LdrLockLoaderLock
LdrUnlockLoaderLock
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlInitString
LdrGetProcedureAddressEx
NtFlushInstructionCache
LdrFindEntryForAddress
RtlImageDirectoryEntryToData
_stricmp
NtSetEvent
RtlDeleteCriticalSection
RtlInitializeCriticalSection
_wcsnicmp
NtProtectVirtualMemory
RtlDosPathNameToNtPathName_U
LdrGetDllHandle
NtOpenKey
NtQueryValueKey
RtlExpandEnvironmentStrings_U
NtClose
RtlFormatCurrentUserKeyPath
RtlCopyUnicodeString
RtlAppendUnicodeToString
RtlStringFromGUID
RtlDuplicateUnicodeString
RtlQueryEnvironmentVariable_U
RtlSetEnvironmentVariable
RtlUnicodeStringToAnsiString
RtlFreeHeap
RtlFreeAnsiString
RtlDosPathNameToRelativeNtPathName_U
WinSqmIsOptedIn
RtlRandom
RtlCompareMemory
wcsnlen
RtlCaptureStackBackTrace
RtlNtStatusToDosError
RtlCreateServiceSid
RtlLengthRequiredSid
NtOpenEvent
RtlGetOwnerSecurityDescriptor
NtQuerySecurityObject
ord6
_strnicmp
RtlCreateUnicodeStringFromAsciiz
NtQueryObject
_strupr
_itoa_s
strcpy_s
LdrEnumerateLoadedModules
wcscat_s
wcscpy_s
RtlComputeCrc32
memset
NtApphelpCacheControl
wcsrchr
_wcsicmp
memcpy
RtlInitUnicodeString
RtlNtPathNameToDosPathName
RtlpEnsureBufferSize
RtlFreeUnicodeString
RtlAllocateHeap
RtlUpcaseUnicodeToMultiByteN
memmove
RtlReleaseRelativeName
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtOpenSection

kernel32

RegOpenKeyExA
RegOpenKeyExW
RegGetKeySecurity
RegCloseKey
GetModuleFileNameW
WideCharToMultiByte
CompareStringW
CompareStringA
lstrlenA
LoadLibraryExW
SetLastError
GetFileSizeEx
LocalAlloc
LocalFree
GetSystemDirectoryW
GetFileAttributesW
GetCurrentDirectoryW
WriteFile
IsDBCSLeadByte
VerLanguageNameW
OutputDebugStringW
GetLongPathNameW
ReadProcessMemory
GetSystemWindowsDirectoryW
Wow64DisableWow64FsRedirection
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
Wow64RevertWow64FsRedirection
GetUserDefaultUILanguage
FreeLibrary
GetTempPathW
GetTempFileNameW
LoadLibraryW
SetErrorMode
GetProcessTimes
FindNextFileW
FindClose
FindFirstFileW
SetFilePointerEx
SetFilePointer
ReadFile
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
TerminateProcess
GetProcessHeap
GetCurrentProcess
IsWow64Process
GetModuleHandleW
GetProcAddress
GetCurrentProcessId
OutputDebugStringA
FindResourceW
LoadResource
LockResource
SizeofResource
BaseDumpAppcompatCache
BaseFlushAppcompatCache
GetDriveTypeW
BaseCheckAppcompatCacheEx
BaseUpdateAppcompatCache
BaseIsAppcompatInfrastructureDisabled
OpenProcess
CreateFileW
GetLastError
CloseHandle
DisableThreadLibraryCalls
CompareFileTime

api-ms-win-security-base-l1-1-0

GetAclInformation
GetAce
GetSecurityDescriptorDacl

Sections

.text
Size: 236KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3198e754144284d77928b0b090afe141

Headers

File Characteristics

Imports

ntdll

kernel32

api-ms-win-security-base-l1-1-0

Sections

.text Size: 236KB - Virtual size: 236KB

.data Size: 7KB - Virtual size: 8KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 236KB - Virtual size: 236KB

.data
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 9KB - Virtual size: 9KB