2e4cfa856bedf223d0377fc5e3452f4d2dd5a6ceee121da363e1758b9903ed1a

Sharing

Copy URL Twitter E-mail

General

Target

2e4cfa856bedf223d0377fc5e3452f4d2dd5a6ceee121da363e1758b9903ed1a
Size

501KB
MD5

6083f69207c0c60a03708507ea5f9370
SHA1

6f0fad38f3379e74f31b3542d5a39c290de96c36
SHA256

2e4cfa856bedf223d0377fc5e3452f4d2dd5a6ceee121da363e1758b9903ed1a
SHA512

b4fe980c3be1d75bae13a0c1a3874be5cd04e06796c2991a6a936b8a30273c505f20bbbba67e1dce0bcd0ad77a8f1293d019fe0f28111784bd429a1c195c62a7
SSDEEP

12288:YLrgV2bhQxaZRQ1kJASqNQ7H/KL34qfJWWN:6A2b2oZkkJAJu7fqJ

Score

N/A

Malware Config

Signatures

Files

2e4cfa856bedf223d0377fc5e3452f4d2dd5a6ceee121da363e1758b9903ed1a
.dll windows x64

92d42c80597c09f35b90077e57c32f4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_wtoi
memmove
_purecall
wcschr
_wcsicmp
towupper
wcsstr
_wcsnicmp
_vsnwprintf
__C_specific_handler
_unlock
__dllonexit
malloc
_onexit
memset
_vsnprintf
memcpy
memcmp
_ultow
wcscpy_s
_initterm
free
_lock
_amsg_exit
_XcptFilter
ceil

rpcrt4

RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingVectorFree
RpcBindingFromStringBindingW
RpcAsyncCancelCall
RpcBindingSetObject
RpcBindingCreateW
RpcBindingBind
RpcBindingUnbind
RpcBindingServerFromClient
RpcRevertToSelf
I_RpcFilterDCOMActivation
RpcMgmtEnableIdleCleanup
RpcStringBindingComposeW
RpcRaiseException
NdrServerCall2
I_RpcExceptionFilter
NdrClientCall2
Ndr64AsyncClientCall
RpcServerInqBindings
I_RpcBindingInqMarshalledTargetInfo
I_RpcBindingInqWireIdForSnego
RpcBindingSetOption
RpcRevertToSelfEx
RpcImpersonateClient
I_RpcBindingInqLocalClientPID
I_RpcBindingInqTransportType
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
NdrAsyncServerCall
NdrAsyncClientCall
MesEncodeFixedBufferHandleCreate
MesDecodeBufferHandleCreate
MesHandleFree
NdrMesTypeDecode2
NdrMesTypeAlignSize2
NdrMesTypeEncode2
RpcErrorGetNextRecord
RpcErrorEndEnumeration
RpcErrorResetEnumeration
RpcErrorStartEnumeration
RpcErrorSaveErrorInfo
UuidCreate
RpcServerRegisterAuthInfoW
RpcMgmtSetServerStackSize
RpcMgmtIsServerListening
RpcServerListen
RpcServerUseProtseqEpExW
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoExW
RpcBindingReset
RpcBindingCopy
RpcBindingFree
RpcServerRegisterIfEx

ntdll

RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlCreateVirtualAccountSid
NtQueryMutant
NtDuplicateToken
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
NtAllocateLocallyUniqueId
WinSqmSetDWORD
RtlAllocateAndInitializeSid
NtClose
NtQueryInformationFile
NtOpenFile
RtlFreeUnicodeString
RtlCreateUnicodeString
RtlLengthSid
RtlNtStatusToDosError
RtlGetSaclSecurityDescriptor
RtlCopySid
NtOpenKey
NtQueryKey
RtlInitializeCriticalSectionAndSpinCount
NtQuerySystemInformation
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
NtQueryInformationToken
NtCompareTokens
RtlEqualSid
RtlDeleteCriticalSection
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitializeCriticalSection
RtlEqualUnicodeString
RtlInitUnicodeString
EtwTraceMessage

api-ms-win-core-localregistry-l1-1-0

RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegOpenUserClassesRoot
RegLoadMUIStringW
RegGetValueW
RegSetValueExW
RegCloseKey

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
GetAce
GetSidLengthRequired
RevertToSelf
ImpersonateAnonymousToken
CopySid
GetTokenInformation
EqualSid
IsValidSid
CreateWellKnownSid
GetLengthSid
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
GetSecurityDescriptorLength
AccessCheck
SetTokenInformation
DuplicateTokenEx
CheckTokenMembership
ImpersonateLoggedOnUser
DuplicateToken
InitializeSid

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

sspicli

FreeContextBuffer
EnumerateSecurityPackagesW
LogonUserExExW

kernel32

GetSystemWow64DirectoryW
GetSystemDirectoryW
SearchPathW
OpenFileMappingW
CreateFileW
UnmapViewOfFile
MapViewOfFile
InterlockedPushEntrySList
SetLastError
CreateFileMappingW
GetModuleHandleW
LoadLibraryExW
FindActCtxSectionGuid
GetModuleHandleExW
MapViewOfFileEx
ReleaseActCtx
FindActCtxSectionStringW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockShared
AddRefActCtx
GetDriveTypeW
TlsSetValue
OpenProcess
InitializeCriticalSection
IsWow64Process
GetComputerNameExW
OpenEventW
ExpandEnvironmentStringsW
GetVersionExW
WaitForMultipleObjects
GetExitCodeProcess
CompareFileTime
CheckElevationEnabled
GetFullPathNameW
CreateMutexW
SetThreadpoolWait
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CloseThreadpool
CreateThreadpoolWait
OpenThread
GetProcessIdOfThread
ReleaseMutex
FindFirstFileW
FindClose
UnregisterWait
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
InterlockedPopEntrySList
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
lstrcmpW
Sleep
GetLastError
GetSystemInfo
TlsAlloc
FreeLibrary
GetProcAddress
LoadLibraryExA
DelayLoadFailureHook
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualQuery
VirtualAlloc
VirtualProtect
SetThreadStackGuarantee
CreateThread
CloseHandle
SleepEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
lstrlenW
RegisterWaitForSingleObject
LocalAlloc
LocalFree
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
TlsGetValue
QueueUserWorkItem
DuplicateHandle
CompareStringW
GetCurrentThread
GetModuleFileNameW
DeleteCriticalSection

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
ServiceMain
WhichService

Sections

.text
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92d42c80597c09f35b90077e57c32f4f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-security-sddl-l1-1-0

sspicli

kernel32

Exports

Exports

Sections

.text Size: 402KB - Virtual size: 402KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 8KB - Virtual size: 8KB

.pdata Size: 22KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 402KB - Virtual size: 402KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 8KB - Virtual size: 8KB

.pdata
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 3KB - Virtual size: 2KB