35df0c83b253d4302dc6a38196bdb1b5fddf19c553d3e073cec00f60c6550e2e

Sharing

Copy URL Twitter E-mail

General

Target

35df0c83b253d4302dc6a38196bdb1b5fddf19c553d3e073cec00f60c6550e2e
Size

724KB
MD5

651d352c8b018753e09d4b05d3190f50
SHA1

c28f7f76163a588b44db4c5aa1dbe56a9ba664d4
SHA256

35df0c83b253d4302dc6a38196bdb1b5fddf19c553d3e073cec00f60c6550e2e
SHA512

09a64fbc3acfa91fa8bfcd80823a00ff8405af419854653904dc19c55a7cae003dcfc895b5cb83f9807cf3cac372dbb03c3479b9e359e89b44bfdf9925b254b5
SSDEEP

12288:VSHWeVTkeeRQ+eUF+bZnHD2kUQf3zyJQ/aVy+W27lIhyeNnCZ:I2eVTFeRQxA+bZjXUQfDyqC/NehygnCZ

Score

N/A

Malware Config

Signatures

Files

35df0c83b253d4302dc6a38196bdb1b5fddf19c553d3e073cec00f60c6550e2e
.exe windows x86

09d85acc5cae4ce08ad89d8299958f16

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegNotifyChangeKeyValue
AdjustTokenPrivileges
CloseServiceHandle
OpenSCManagerW
LogonUserW
OpenServiceW
NotifyServiceStatusChangeW
SetThreadToken
DuplicateTokenEx
GetSecurityDescriptorLength
AuditFree
AuditQuerySystemPolicy
QueryServiceStatus
PerfSetCounterRefValue
PerfCreateInstance
PerfStopProvider
PerfSetCounterSetInfo
PerfStartProvider
CreateWellKnownSid
MakeSelfRelativeSD
MakeAbsoluteSD
CheckTokenMembership
QueryServiceConfigW
StartServiceW
DuplicateToken
LookupAccountSidW
AddAce
GetAce
InitializeAcl
CopySid
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
LsaFreeMemory
LsaGetUserName
ReportEventW
DeregisterEventSource
RegisterEventSourceW
ControlTraceW
StartTraceW
EnableTrace
QueryTraceW
RevertToSelf
ImpersonateLoggedOnUser
AccessCheckAndAuditAlarmW
IsValidSecurityDescriptor
RegCreateKeyExW
RegConnectRegistryW
I_ScSendTSMessage
RegOpenCurrentUser
RegEnumKeyExW
RegDeleteKeyW

kernel32

DebugBreak
GetVersionExW
SleepEx
LocalSize
RtlCaptureStackBackTrace
OutputDebugStringA
SetLastError
ExpandEnvironmentStringsW
HeapFree
GetProcessHeap
HeapAlloc
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
CreateProcessW
IsDebuggerPresent
FormatMessageW
GetSystemDirectoryW
VerifyVersionInfoW
LoadLibraryW
DeleteCriticalSection
GetProcAddress
InitializeCriticalSection
InterlockedCompareExchange
GetProcessId
RegisterWaitForSingleObject
UnregisterWaitEx
WaitForMultipleObjects
GetComputerNameW
OpenProcess
DuplicateHandle
InterlockedExchange
LocalAlloc
ProcessIdToSessionId
HeapSetInformation
SetUnhandledExceptionFilter
CreateEventW
QueueUserWorkItem
Sleep
InterlockedDecrement
InterlockedIncrement
WaitForMultipleObjectsEx
GetCurrentThread
GetCurrentProcess
LocalFree
ResetEvent
GetLastError
SetEvent
OpenEventW
WaitForSingleObject
CloseHandle
FreeLibrary
VerSetConditionMask

msvcrt

wcscpy_s
?terminate@@YAXXZ
wcscat_s
qsort
wcsrchr
_vsnprintf
??2@YAPAXI@Z
_purecall
_resetstkoflw
_wcsicmp
memset
memcpy
_vsnwprintf
memmove
__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
??3@YAXPAX@Z
_controlfp

ntdll

RtlDeleteResource
RtlInitializeResource
NtDelayExecution
RtlUnhandledExceptionFilter
DbgBreakPoint
RtlInsertElementGenericTable
RtlLookupElementGenericTable
RtlDeleteElementGenericTable
NtOpenEvent
RtlInitUnicodeString
RtlInitializeGenericTable
RtlEnumerateGenericTable
NtSetSystemInformation
NtQuerySystemTime
NtFreeVirtualMemory
NtAllocateVirtualMemory
NtClose
NtCreateEvent
RtlNumberGenericTableElements
RtlFreeSid
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlLengthSid
RtlAllocateAndInitializeSid
NtCreatePort
NtCompleteConnectPort
NtAcceptConnectPort
NtReplyPort
DbgPrint
NtOpenProcess
NtCreateSection
NtReplyWaitReceivePort
RtlNtStatusToDosError
NtQueryLicenseValue
RtlConnectToSm
RtlSendMsgToSm
NtDuplicateToken
RtlRaiseException
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlReleaseResource
NtQuerySystemInformation
RtlEqualSid
NtSetSecurityObject
NtQuerySecurityObject
NtOpenSymbolicLinkObject
NtQueryDirectoryObject
NtCreateDirectoryObject
NtQueryValueKey
NtOpenKey
NtDuplicateObject
NtQueryInformationProcess
RtlMapGenericMask
RtlGetAce
RtlQueryInformationAcl
RtlGetDaclSecurityDescriptor
RtlCreateUserSecurityObject
RtlGetOwnerSecurityDescriptor
RtlDeleteAce
RtlSetGroupSecurityDescriptor
RtlCopySecurityDescriptor
RtlGetGroupSecurityDescriptor
NtTerminateProcess
NtWaitForSingleObject
RtlPrefixUnicodeString
NtQueryInformationToken
RtlAdjustPrivilege
RtlLeaveCriticalSection
RtlEnterCriticalSection

rpcrt4

I_RpcBindingInqLocalClientPID
NdrAsyncServerCall
NdrServerCall2
I_RpcMapWin32Status
RpcMgmtWaitServerListen
RpcRevertToSelf
RpcImpersonateClient
RpcServerInqCallAttributesW
RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerListen
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
UuidCreate
I_RpcBindingIsClientLocal
RpcServerUnsubscribeForNotification
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcServerTestCancel
RpcServerSubscribeForNotification
RpcAsyncCompleteCall
UuidToStringW

sysntfy

SysNotifyStartServer

wmsgapi

WmsgSendMessage

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

09d85acc5cae4ce08ad89d8299958f16

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

sysntfy

wmsgapi

Sections

.text Size: 198KB - Virtual size: 198KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 9KB - Virtual size: 9KB

.vmp0 Size: 500KB - Virtual size: 1.6MB

.text
Size: 198KB - Virtual size: 198KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 9KB

.vmp0
Size: 500KB - Virtual size: 1.6MB