f1f971423bdd9279d7ce0342dba13d7e3d957d05e91139382fdd2cd8e809f100

Sharing

Copy URL Twitter E-mail

General

Target

f1f971423bdd9279d7ce0342dba13d7e3d957d05e91139382fdd2cd8e809f100
Size

683KB
MD5

68919852c13a11372c4418181f73a370
SHA1

ac38a12152bcba4f6b91fdd47debdf1181537af1
SHA256

f1f971423bdd9279d7ce0342dba13d7e3d957d05e91139382fdd2cd8e809f100
SHA512

a0a0d4b355e94263049ba34146fb7822cf0e7803557f0564ba091b23bbbef1cac0bc140dc604402fccc80150b26b8dda6a62d18f04b5d6ace39186f96e69adaa
SSDEEP

6144:qPyNOrpEpwlIz/c3IkXyv/6igM1KyVgfqQ+z/OAD8jtP0itsqlSpGfJYUyY4yv2:qkpwSaIkFigM1y8zHRjqdJYlY4

Score

N/A

Malware Config

Signatures

Files

f1f971423bdd9279d7ce0342dba13d7e3d957d05e91139382fdd2cd8e809f100
.exe windows x86

a0b01ec4c765c1c651d6ef764b7f99c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_errno
__RTDynamicCast
_wsplitpath
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_beginthread
wcscmp
swprintf
wcscat
malloc
free
_except_handler3
wcscpy
_CxxThrowException
wcschr
_purecall
wcslen
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler

msvcp60

?assign@?$char_traits@D@std@@SAPADPADIABD@Z
?copy@?$char_traits@D@std@@SAPADPADPBDI@Z
?assign@?$char_traits@D@std@@SAXAADABD@Z
??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
?assign@?$char_traits@G@std@@SAXAAGABG@Z
?copy@?$char_traits@G@std@@SAPAGPAGPBGI@Z
?_Xlen@std@@YAXXZ
?length@?$char_traits@G@std@@SAIPBG@Z
?compare@?$char_traits@G@std@@SAHPBG0I@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?assign@?$char_traits@G@std@@SAPAGPAGIABG@Z
?find@?$char_traits@G@std@@SAPBGPBGIABG@Z
?move@?$char_traits@G@std@@SAPAGPAGPBGI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Xran@std@@YAXXZ
?move@?$char_traits@D@std@@SAPADPADPBDI@Z

advapi32

RegOpenKeyExA
RegQueryValueExA
InitiateSystemShutdownExW
CheckTokenMembership
OpenThreadToken
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
CloseServiceHandle
FreeSid
LookupPrivilegeValueW
OpenProcessToken
QueryServiceStatus
AdjustTokenPrivileges
AllocateAndInitializeSid
OpenServiceW
RegConnectRegistryW
OpenSCManagerW

kernel32

LoadLibraryExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
TlsFree
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetSystemWindowsDirectoryW
CreateFileW
SetFilePointerEx
TlsGetValue
OutputDebugStringA
GetModuleFileNameW
SetLastError
GetLastError
GetVersion
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
LoadLibraryW
LoadLibraryA
LocalFree
LocalAlloc
TlsSetValue
InitializeCriticalSection
WriteFile
OutputDebugStringW
MulDiv
GetPrivateProfileStringW
DeleteCriticalSection
FindClose
FindNextFileW
FindFirstFileW
MoveFileW
DeleteFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExW
GetVersionExW
TlsAlloc
WideCharToMultiByte
GetStringTypeExW
MultiByteToWideChar
lstrlenA
FormatMessageW
GetCurrentThread
GetFileType
GetLogicalDriveStringsW
GlobalFree
CreateDirectoryW
CreateMutexW
GetDiskFreeSpaceExW
WritePrivateProfileStringW
SetCurrentDirectoryW
ResetEvent
SetEvent
WaitForSingleObject
SetFileAttributesW
GetVolumeInformationW
GetCommandLineW
GetExitCodeProcess
GetWindowsDirectoryW
ExpandEnvironmentStringsW
CreateProcessW
GetComputerNameExW
GetCurrentDirectoryW
GetDriveTypeW
GetFullPathNameW
CreateEventW
CompareStringW
DnsHostnameToComputerNameW
GetVolumePathNameW
SetErrorMode
GetSystemDirectoryW

user32

WinHelpW
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
DialogBoxParamW
CreateDialogParamW
GetDC
DestroyWindow
EndDialog
UnregisterClassW
GetClientRect
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetWindowDC
DefDlgProcW
LockSetForegroundWindow
GetKeyState
GetDlgCtrlID
wsprintfW
MapWindowPoints
SendMessageW
MessageBoxW
GetDesktopWindow
LoadStringW
CheckDlgButton
CheckRadioButton
EnableWindow
GetDlgItem
GetParent
GetSysColor
GetWindowRect
GetWindowLongW
IsDlgButtonChecked
IsWindow
IsWindowEnabled
LoadCursorW
LoadImageW
MoveWindow
PostMessageW
ReleaseDC
ScreenToClient
SetCursor
SetDlgItemTextW
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
GetFocus
SetFocus
SetWindowLongW
ShowWindow
SystemParametersInfoW
SetWindowPos
CallWindowProcW
DestroyIcon

activeds

ord3

dnsapi

DnsUpdateTest_W
DnsRecordListFree
DnsStatusString
DnsNameCompareEx_W
DnsQuery_W
DnsValidateName_W
DnsQueryConfig

netapi32

DsRoleDnsNameToFlatName
I_NetNameValidate
NetJoinDomain
NetWkstaGetInfo
I_NetPathType
DsGetDcNameWithAccountW
DsRoleGetPrimaryDomainInformation
DsGetDcNameW
DsRoleIfmHandleFree
NetApiBufferFree
NetValidatePasswordPolicy
DsRoleFreeMemory
DsRoleGetDcOperationProgress
NetUnjoinDomain
DsRoleCancel
DsRoleAbortDownlevelServerUpgrade
DsRoleGetDcOperationResults
DsRoleDcAsReplica
DsRoleDcAsDc
DsRoleUpgradeDownlevelServer
DsRoleDemoteDc
DsRoleGetDatabaseFacts
NetValidateName

ntdsapi

DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW
DsBindW
DsUnBindW
DsCrackNamesW
DsFreeNameResultW

ole32

StringFromGUID2
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocString
SafeArrayGetUBound
SysFreeString
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetVartype
SafeArrayGetDim

iphlpapi

GetIpAddrTable

shell32

SHGetMalloc
SHGetFolderPathW
SHSetLocalizedName
SHGetPathFromIDListW
CommandLineToArgvW
SHBrowseForFolderW
SHGetSpecialFolderLocation

ws2_32

htonl
gethostbyname
WSAGetLastError
WSACleanup
WSAStartup
inet_ntoa

wldap32

ord224
ord41
ord140
ord21
ord26
ord208
ord147
ord133
ord13
ord73
ord145
ord18
ord203
ord97
ord170

credui

CredUIInitControls

ntdll

RtlInitUnicodeString
RtlUpcaseUnicodeStringToOemString
RtlFreeOemString
RtlGetNtProductType
_wcsupr
wcstoul
wcstol

crypt32

CryptProtectMemory
CryptUnprotectMemory

gdi32

DeleteObject
CreateFontIndirectW
GetTextExtentPoint32W
GetDeviceCaps

Sections

.text
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

geiqagv
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a0b01ec4c765c1c651d6ef764b7f99c4

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

msvcp60

advapi32

kernel32

user32

activeds

dnsapi

netapi32

ntdsapi

ole32

oleaut32

iphlpapi

shell32

ws2_32

wldap32

credui

ntdll

crypt32

gdi32

Sections

.text Size: 400KB - Virtual size: 399KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 280KB - Virtual size: 281KB

geiqagv Size: - Virtual size: 4KB

.text
Size: 400KB - Virtual size: 399KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 280KB - Virtual size: 281KB

geiqagv
Size: - Virtual size: 4KB