8d98cd73abf1567a4a70465af8833290217caa184fdc82cd76d2783671b125af

Sharing

Copy URL Twitter E-mail

General

Target

8d98cd73abf1567a4a70465af8833290217caa184fdc82cd76d2783671b125af
Size

330KB
MD5

3a559e7847ae9021a1b8850d8e2b2043
SHA1

1bb8efaccaeb1e2fb441ff6f11df40a4d3fb1c45
SHA256

8d98cd73abf1567a4a70465af8833290217caa184fdc82cd76d2783671b125af
SHA512

895c0770d43af0c07a588a7b3554d600d604f7f9cbbddedc75ea43068f8878843e3a7b261f1d2c44b4c9374c6efb545221b433be1f80b221380cc867a115d3fd
SSDEEP

6144:/1PnmXTop15zMfdAUaj5kdU3C7QShbePRUmhCm/4KeAlWXoys:dOX0t4FJbv7QShbyRUmhCxKhk

Score

N/A

Malware Config

Signatures

Files

8d98cd73abf1567a4a70465af8833290217caa184fdc82cd76d2783671b125af
.exe windows x86

4b36d976285112868b217f8e536015d4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cryptdll

CDBuildIntegrityVect
MD5Update
MD5Init
CDGenerateRandomBits
CDLocateCSystem
CDFindCommonCSystemWithKey
MD5Final
CDLocateCheckSum

msasn1

ASN1intx2int32
ASN1BERDecBool
ASN1_CloseEncoder
ASN1intx_setuint32
ASN1BERDecExplicitTag
ASN1_CreateEncoder
ASN1CEREncGeneralizedTime
ASN1BERDecNotEndOfContents
ASN1octetstring_free
ASN1BEREncBitString
ASN1BERDecEndOfContents
ASN1BERDecU32Val
ASN1BERDecObjectIdentifier
ASN1BERDecSXVal
ASN1BERDecPeekTag
ASN1BEREncOpenType
ASN1bitstring_free
ASN1BERDecOctetString
ASN1_CreateModule
ASN1_Decode
ASN1DecSetError
ASN1_FreeDecoded
ASN1DecAlloc
ASN1BERDecOpenType2
ASN1BEREncExplicitTag
ASN1BERDecS32Val
ASN1_FreeEncoded
ASN1BERDecGeneralizedTime
ASN1charstring_free
ASN1_Encode
ASN1BERDecBitString
ASN1intx2uint32
ASN1_CreateDecoder
ASN1BERDecZeroCharString
ASN1BEREncU32
ASN1BERDecSkip
ASN1BEREncCharString
ASN1objectidentifier_free
ASN1BEREncOctetString
ASN1intxisuint32
ASN1BEREncEndOfContents
ASN1ztcharstring_free
ASN1BEREncBool
ASN1_CloseDecoder
ASN1EncSetError
ASN1BEREncS32
ASN1BEREncSX
ASN1BEREncObjectIdentifier
ASN1BERDecCharString
ASN1intx_free
ASN1Free

secur32

LsaFreeReturnBuffer
LsaGetLogonSessionData
CredUnmarshalTargetInfo
FreeContextBuffer
CredMarshalTargetInfo

msvcrt

wcscpy
_except_handler3
_strcmpi
swprintf
wcsrchr
sprintf
qsort
_vsnprintf
_wcsicmp
wcscat
_initterm
strchr
wcscmp
wcsspn
strrchr
_wcsnicmp
_ultoa
malloc
sscanf
wcstoul
free
_stricmp
wcslen
_strnicmp
_adjust_fdiv

user32

CharLowerBuffW
wsprintfW

ntdll

RtlSystemTimeToLocalTime
RtlAcquireResourceShared
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlDowncaseUnicodeString
RtlSubAuthoritySid
RtlValidSid
RtlIntegerToUnicodeString
NtClose
RtlInitializeSid
RtlInitializeGenericTable
NtQuerySystemTime
RtlUpcaseUnicodeString
RtlEqualDomainName
NtCreateEvent
NtWaitForSingleObject
RtlNtStatusToDosError
RtlLookupElementGenericTable
RtlLookupElementGenericTableAvl
NtOpenEvent
RtlEqualUnicodeString
RtlEnterCriticalSection
RtlCompareMemory
RtlUniform
NtSetSecurityObject
RtlInitUnicodeString
RtlInsertElementGenericTable
RtlInitializeResource
RtlCreateTimer
NtDuplicateObject
RtlAddAccessAllowedAce
RtlRunDecodeUnicodeString
RtlCreateTimerQueue
RtlAllocateAndInitializeSid
RtlDeleteResource
NtOpenProcessToken
RtlDeleteTimerQueue
NtQueryInformationToken
RtlTimeToTimeFields
NtAllocateVirtualMemory
RtlCreateAcl
RtlConvertSharedToExclusive
RtlFreeSid
RtlCopyUnicodeString
RtlDeregisterWait
RtlLeaveCriticalSection
RtlCopySid
RtlInsertElementGenericTableAvl
DbgPrint
RtlDeleteElementGenericTable
RtlVerifyVersionInfo
RtlSetDaclSecurityDescriptor
RtlFreeAnsiString
RtlConvertSidToUnicodeString
RtlOemStringToUnicodeString
NtAllocateLocallyUniqueId
RtlLengthSid
RtlGetElementGenericTable
NtQuerySystemInformation
VerSetConditionMask
RtlAnsiStringToUnicodeString
RtlRegisterWait
RtlSubAuthorityCountSid
RtlInitializeGenericTableAvl
RtlPrefixUnicodeString
RtlEqualSid
RtlCopyLuid
RtlEraseUnicodeString
RtlInitAnsiString
NtOpenThreadToken
RtlAppendUnicodeStringToString
RtlAcquireResourceExclusive
RtlCreateSecurityDescriptor
RtlUnicodeStringToAnsiString
RtlTimeFieldsToTime
RtlReleaseResource
RtlCompareUnicodeString
RtlFreeUnicodeString

kernel32

DeleteCriticalSection
lstrlenW
SetEvent
InterlockedExchange
CreateEventW
UnhandledExceptionFilter
GetProcAddress
UnmapViewOfFile
GetModuleFileNameA
FreeLibrary
GetTickCount
FileTimeToSystemTime
WriteFile
CreateFileA
DebugBreak
RaiseException
LoadLibraryA
lstrcmpW
MapViewOfFileEx
InterlockedIncrement
GetSystemInfo
GetCurrentProcessId
QueryPerformanceCounter
MultiByteToWideChar
TerminateProcess
VirtualAlloc
LoadLibraryW
CreateFileMappingW
OutputDebugStringA
FormatMessageW
EnterCriticalSection
ExpandEnvironmentStringsW
lstrcmpiA
GetLocalTime
InitializeCriticalSection
GetModuleHandleW
GetComputerNameW
LeaveCriticalSection
GetModuleFileNameW
lstrlenA
GetCurrentThreadId
OpenFileMappingW
CreateFileW
SetUnhandledExceptionFilter
LocalAlloc
GetACP
GetEnvironmentVariableW
UnregisterWait
RegisterWaitForSingleObjectEx
LocalFree
GetCurrentProcess
GetSystemTimeAsFileTime
GetLastError
InterlockedExchangeAdd
lstrcpyW
WideCharToMultiByte
Sleep
InterlockedDecrement
GetProfileStringA
DisableThreadLibraryCalls
OpenEventW
GetCurrentThread
GetComputerNameExW
CloseHandle
InterlockedCompareExchange

advapi32

AllocateAndInitializeSid
RegisterTraceGuidsW
RegQueryValueExW
RevertToSelf
RegEnumKeyExW
CredUnmarshalCredentialW
LookupAccountSidW
CredFree
FreeSid
RegCloseKey
RegOpenKeyExW
RegisterEventSourceW
OpenServiceW
CryptHashData
RegCreateKeyExW
RegOpenKeyW
CryptGetHashParam
ReportEventW
RegSetValueExW
SystemFunction007
RegDeleteValueW
GetTraceLoggerHandle
OpenProcessToken
QueryServiceConfigW
QueryServiceStatus
DeregisterEventSource
CryptReleaseContext
RegConnectRegistryW
OpenSCManagerW
TraceEvent
CloseServiceHandle
SetThreadToken
RegQueryInfoKeyW
CryptCreateHash
GetTokenInformation
CryptDestroyHash
RegNotifyChangeKeyValue
CryptAcquireContextW
CryptSetProvParam
OpenThreadToken
CryptGetProvParam
SystemFunction006

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 291KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b36d976285112868b217f8e536015d4

Headers

DLL Characteristics

File Characteristics

Imports

cryptdll

msasn1

secur32

msvcrt

user32

ntdll

kernel32

advapi32

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 21KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 291KB - Virtual size: 291KB

.rdata Size: 3KB - Virtual size: 3KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 21KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 291KB - Virtual size: 291KB

.rdata
Size: 3KB - Virtual size: 3KB