69e229fac1fd637763578783bcd22ca63a77e35b76b20f509f47a26cec38885d

Sharing

Copy URL Twitter E-mail

General

Target

69e229fac1fd637763578783bcd22ca63a77e35b76b20f509f47a26cec38885d
Size

618KB
MD5

3d858ef2c5c303745effeb26b2463e10
SHA1

36d312e54b0d5a3fc1bf6bfa72e5e3e246bd70b0
SHA256

69e229fac1fd637763578783bcd22ca63a77e35b76b20f509f47a26cec38885d
SHA512

025c1ab84056768faa2332bd0d8118581fed9be8a3eb0874a69472369bab5b894b3f416bf5d25b2ddb359fd1c54fb2a3a7b2782130e4ecdf0e55e9801a2ba101
SSDEEP

12288:QhrUc6FdSspHNyLihTPVjol9BFy6PIUuiAMDWX0G+tpU:GrU1dSspHNzhTPVUy1EG+t

Score

N/A

Malware Config

Signatures

Files

69e229fac1fd637763578783bcd22ca63a77e35b76b20f509f47a26cec38885d
.exe windows x64

83c46dc15d8771fded6e97827a48e350

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
SetServiceStatus
RegisterServiceCtrlHandlerW
EventWrite
OpenSCManagerW
OpenServiceW
StartServiceW
CloseServiceHandle
EventRegister
StartServiceCtrlDispatcherW
EventUnregister
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ConvertStringSidToSidW
GetLengthSid
InitializeSecurityDescriptor
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
GetTraceLoggerHandle
IsValidSecurityDescriptor
MakeSelfRelativeSD
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
MakeAbsoluteSD
GetAclInformation
GetAce
EqualSid
DeleteAce
SetSecurityDescriptorControl
GetSecurityDescriptorLength
LookupAccountNameW
EventActivityIdControl
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetValueExW
RegNotifyChangeKeyValue
ConvertSidToStringSidW
SetSecurityDescriptorOwner
TraceMessage
CryptGenRandom
CryptAcquireContextW
RevertToSelf
CreateWellKnownSid
OpenThreadToken
CheckTokenMembership
DuplicateTokenEx
ImpersonateLoggedOnUser
AddAccessAllowedAceEx
AddAce
IsValidAcl
RegEnumValueW
RegFlushKey

kernel32

GetQueuedCompletionStatus
DeleteFileW
GetSystemTime
GetFileTime
CreateDirectoryW
GetComputerNameExW
SwitchToThread
TlsFree
PostQueuedCompletionStatus
TlsAlloc
lstrcmpiW
DeleteCriticalSection
GetSystemInfo
DeviceIoControl
EnterCriticalSection
GetProcAddress
MultiByteToWideChar
CreateFileW
LeaveCriticalSection
LoadLibraryW
InitializeCriticalSection
GetComputerNameW
HeapAlloc
FreeLibrary
lstrlenW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThread
InitializeSRWLock
QueueUserWorkItem
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
CreateTimerQueueTimer
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetEvent
CloseHandle
SetLastError
GetLastError
FindFirstFileW
FindClose
FindNextFileW
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
LocalFree
WaitForSingleObjectEx
HeapSetInformation
GetCommandLineW
HeapFree
CreateIoCompletionPort
SetWaitableTimer
LocalFileTimeToFileTime
SystemTimeToFileTime
GetLocalTime
CancelWaitableTimer
WaitForMultipleObjects
WaitForSingleObject
TerminateThread
GetThreadId
GetCurrentThreadId
CreateWaitableTimerW
CreateThread
LocalAlloc
SetCurrentDirectoryW
GetModuleHandleW
CreateEventW
GetProcessHeap

msvcrt

wcstoul
_wtoi
_beginthreadex
time
wcsnlen
memcpy_s
memmove_s
?terminate@@YAXXZ
??1type_info@@UEAA@XZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
wcsncat_s
swprintf_s
iswdigit
iswascii
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
??_V@YAXPEAX@Z
wcsncpy_s
malloc
??_U@YAPEAX_K@Z
free
_purecall
_wgetenv
_wcsicmp
??2@YAPEAX_K@Z
_vsnwprintf
wcsncmp
_ultow
__CxxFrameHandler3
memset
memcpy
??3@YAXPEAX@Z
wcsstr
_CxxThrowException

ws2_32

FreeAddrInfoW
WSAAddressToStringW
ntohl
htonl
htons
ntohs
GetAddrInfoW
WSAStringToAddressW

ole32

CoTaskMemAlloc
CLSIDFromString
CoEnableCallCancellation
CoDisableCallCancellation
CoCancelCall
CoTaskMemFree
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromCLSID

ntdll

RtlSelfRelativeToAbsoluteSD
RtlNtStatusToDosError
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

shell32

CommandLineToArgvW

oleaut32

SafeArrayPutElement
VarBstrCmp
SysStringByteLen
VariantCopy
SysAllocStringLen
SysStringLen
SafeArrayGetElement
SafeArrayLock
SafeArrayUnlock
SafeArrayCreate
VarBstrCat
SysAllocStringByteLen
SafeArrayRedim
SysAllocString
SysFreeString
VariantClear
SafeArrayGetVartype
SafeArrayCopy
VariantInit
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy

rpcrt4

NdrAsyncServerCall
NdrServerCall2
Ndr64AsyncServerCallAll
NdrServerCallAll
NdrClientCall3
RpcAsyncCompleteCall
RpcBindingServerFromClient
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingFree
RpcStringFreeW
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcEpResolveBinding
RpcBindingSetAuthInfoW
RpcServerUseProtseqEpW
RpcBindingVectorFree
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcBindingSetAuthInfoExW
RpcEpRegisterW
RpcServerInqBindings
RpcServerRegisterIfEx
RpcServerUseProtseqExW
RpcServerUnregisterIf
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcServerListen
RpcServerSubscribeForNotification
RpcServerUnsubscribeForNotification
RpcServerTestCancel
RpcBindingReset
RpcMgmtIsServerListening
RpcBindingCopy
RpcBindingSetOption
RpcImpersonateClient
RpcAsyncAbortCall
RpcRevertToSelf
RpcBindingInqAuthClientW

user32

LoadStringW
UnregisterClassW

esent

JetEndSession
JetCloseDatabase
JetCloseTable
JetCommitTransaction
JetRetrieveColumn
JetMove
JetIndexRecordCount
JetSeek
JetCreateIndexA
JetCreateTableColumnIndexA
JetGetColumnInfoA
JetAttachDatabaseA
JetCreateDatabaseA
JetInit
JetSetSystemParameterA
JetSetColumns
JetDelete
JetUpdate
JetSetColumn
JetPrepareUpdate
JetMakeKey
JetSetCurrentIndexA
JetOpenTableA
JetOpenDatabaseA
JetBeginTransaction
JetBeginSessionA
JetTerm2
JetRollback

netapi32

NetLocalGroupGetMembers
NetLocalGroupDel
NetLocalGroupAdd
NetLocalGroupSetInfo
NetLocalGroupGetInfo
NetApiBufferFree
DsGetDcNameW

ntdsapi

DsMakeSpnW

crypt32

CryptUnprotectData
CryptProtectData
CryptBinaryToStringW

clusapi

ClusterCloseEnum
CloseCluster
CloseClusterResource
ClusterOpenEnum
ClusterGetEnumCount
ClusterEnum
OpenClusterResource
ClusterResourceControl
GetNodeClusterState
OpenCluster

resutils

ResUtilGetResourceDependency
ResUtilFindDependentDiskResourceDriveLetter
ResUtilFindSzProperty

propsys

VariantToBuffer
InitVariantFromBuffer

activeds

ord3

Sections

.text
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

83c46dc15d8771fded6e97827a48e350

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ws2_32

ole32

ntdll

shell32

oleaut32

rpcrt4

user32

esent

netapi32

ntdsapi

crypt32

clusapi

resutils

propsys

activeds

Sections

.text Size: 548KB - Virtual size: 547KB

.data Size: 512B - Virtual size: 3KB

.pdata Size: 19KB - Virtual size: 18KB

.rsrc Size: 17KB - Virtual size: 17KB

.reloc Size: 32KB - Virtual size: 33KB

.text
Size: 548KB - Virtual size: 547KB

.data
Size: 512B - Virtual size: 3KB

.pdata
Size: 19KB - Virtual size: 18KB

.rsrc
Size: 17KB - Virtual size: 17KB

.reloc
Size: 32KB - Virtual size: 33KB