ba0b179fb2f034de797151e93581ac0aec56992f4bc1d356b379c15d82d2e2c9

Sharing

Copy URL

Twitter E-mail

General

Target

ba0b179fb2f034de797151e93581ac0aec56992f4bc1d356b379c15d82d2e2c9
Size

635KB
MD5

615220629769b4f7aab2fc532086bc10
SHA1

b466a16b425ffe1558f6f5f5813bc67cde672e15
SHA256

ba0b179fb2f034de797151e93581ac0aec56992f4bc1d356b379c15d82d2e2c9
SHA512

3a42465d0c260c705cf7b97edc8dbb9050a927835fd667effd70e8ae43b7f588c53ffccab2054242431c4f9d10f7017490b42f3f9a0f8ed5f95b5a7c8e2d7a55
SSDEEP

12288:QlWkE0l5y8DfhVdOe4/YeLQFKa+mjqhnyj0cw:QAkES5yKcL/DmMyjf

Score

N/A

Malware Config

Signatures

Files

ba0b179fb2f034de797151e93581ac0aec56992f4bc1d356b379c15d82d2e2c9
.exe windows x64

c3ad8195768e546a1ef7f69f8c17bcb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorDacl
SetNamedSecurityInfoW
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
RegConnectRegistryW
RegOpenKeyW
RegSetValueExW
ControlService
RegCloseKey
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW

kernel32

FileTimeToSystemTime
GetDateFormatW
LocalAlloc
GetTimeFormatW
GetStdHandle
CreateFileW
GetLastError
OpenEventW
SetEvent
GetProcAddress
GetTimeZoneInformation
Sleep
GetFullPathNameW
MultiByteToWideChar
CreateThread
WaitForSingleObject
CreateEventW
GetModuleHandleW
ExpandEnvironmentStringsW
HeapSetInformation
GetCommandLineW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
FileTimeToLocalFileTime
FreeLibrary
LocalFree
FormatMessageW
LoadLibraryW
CloseHandle
WideCharToMultiByte
GetConsoleMode
WriteConsoleW
GetFileType
WriteFile

msvcrt

__CxxFrameHandler3
__C_specific_handler
memset
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
__set_app_type
_fmode
_commode
_amsg_exit
??0exception@@QEAA@XZ
wcsspn
_ltow
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBV0@@Z
__getmainargs
_acmdln
exit
_cexit
_ismbblead
_exit
_XcptFilter
_CxxThrowException
__setusermatherr
free
??1exception@@UEAA@XZ
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_vsnwprintf
wcstoul
iswalpha
iswdigit
iswspace
wprintf
_wcsicmp
wcschr
_initterm
memcpy

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

user32

EndDialog
SendDlgItemMessageW
GetDlgItem
EnableWindow
DialogBoxParamW
LoadStringW
CharUpperW

ws2_32

WSAGetLastError
WSAEventSelect
recv
socket
closesocket
GetAddrInfoW
WSAStartup
FreeAddrInfoW
connect
WSAIoctl
WSAAddressToStringW
WSACleanup
getnameinfo
send

netapi32

DsGetDcNameW
NetServerEnum
NetApiBufferFree

iphlpapi

Icmp6SendEcho2
IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
Icmp6CreateFile

ntdsapi

DsUnBindW
DsBindW
DsFreeDomainControllerInfoW
DsGetDomainControllerInfoW

shell32

CommandLineToArgvW

cryptdll

MD5Update
MD5Init
MD5Final

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 556KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3ad8195768e546a1ef7f69f8c17bcb4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

user32

ws2_32

netapi32

iphlpapi

ntdsapi

shell32

cryptdll

Sections

.text Size: 72KB - Virtual size: 71KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 556KB - Virtual size: 2.4MB

.text
Size: 72KB - Virtual size: 71KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 556KB - Virtual size: 2.4MB