8e955502c4abfdb7a40c57122e7268531232142ec5250a1de1161d3be539985b

Sharing

Copy URL Twitter E-mail

General

Target

8e955502c4abfdb7a40c57122e7268531232142ec5250a1de1161d3be539985b
Size

894KB
MD5

4f91c00d2e07ca19b2da0fc351a6a690
SHA1

009331827732f84ac3357092ed2441cc423b039e
SHA256

8e955502c4abfdb7a40c57122e7268531232142ec5250a1de1161d3be539985b
SHA512

dd5affccb8e30b181b3979ff0d9af8ef3bde65a78c305261ce63928aa4ecc1c38f81e59d1f9180ec726fb3ef85948c3eb50a1d2f1d402bd8a482ba302e610f11
SSDEEP

24576:A9AiB6/Pj4SKDDlvzUn0QyE86ZquRPsa0Y:A9AiB6k+GccY

Score

N/A

Malware Config

Signatures

Files

8e955502c4abfdb7a40c57122e7268531232142ec5250a1de1161d3be539985b
.exe windows x64

9a8d75839015888b00768f2cfdbdaaf3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

CryptAcquireContextW
GetAclInformation
RegSetValueExA
EqualSid
RegQueryValueExA
RegQueryValueExW
AbortSystemShutdownA
GetAce
RegOpenKeyExA
RegGetKeySecurity
RegConnectRegistryW
AllocateAndInitializeSid
SystemFunction025
FreeSid
RegSetKeySecurity
RegCloseKey
SystemFunction027
GetSecurityDescriptorDacl
InitiateSystemShutdownExA

kernel32

EnterCriticalSection
GetLocalTime
CreateEventW
WaitForMultipleObjects
DeleteCriticalSection
CloseHandle
LocalFree
CreateThread
SetMailslotInfo
GetStdHandle
GetLastError
SetThreadUILanguage
GetProcessHeap
HeapFree
HeapAlloc
lstrlenA
CreateMailslotA
CreateFileW
WriteFile
LocalAlloc
MultiByteToWideChar
WideCharToMultiByte
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
OutputDebugStringA
GetOverlappedResult
ReadFile
LeaveCriticalSection
Sleep
WaitForSingleObject
GetComputerNameW
SetEvent
GetModuleHandleW
InitializeCriticalSection
GetConsoleOutputCP

msvcrt

memmove
memset
memcpy
?terminate@@YAXXZ
free
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
_stricmp
_wsetlocale
_vsnwprintf
fwprintf
time
srand
rand
_strnicmp
__iob_func
strchr
strtol
printf
fprintf
iswctype
strtoul
_errno
__getmainargs
__C_specific_handler
_XcptFilter
_exit
malloc
wctomb
_itoa
_snprintf
_iob
isleadbyte
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit

ntdsapi

DsGetDomainControllerInfoW
DsUnBindW
DsBindW
DsFreeDomainControllerInfoW

logoncli

I_NetLogonControl2
DsGetDcNextA
I_NetlogonGetTrustRid
DsDeregisterDnsHostRecordsA
I_NetlogonComputeClientDigest
DsGetDcNameWithAccountW
DsGetDcNameW
DsGetDcOpenA
DsGetDcNameA
I_NetGetDCList
NetGetDCName
DsEnumerateDomainTrustsA
DsGetDcCloseW
DsGetForestTrustInformationW
I_NetlogonComputeServerDigest
NetLogonGetTimeServiceParentDomain
I_NetLogonControl
DsAddressToSiteNamesExA
DsGetSiteNameA
DsGetDcSiteCoverageA

rpcrt4

UuidFromStringA
UuidToStringW
UuidToStringA
RpcStringFreeA
RpcStringFreeW

ws2_32

htonl
ntohs
WSAStringToAddressA
WSAStartup
WSAGetLastError
getaddrinfo
WSACleanup
freeaddrinfo
WSAAddressToStringA

ntdll

RtlInitAnsiString
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlInitString
RtlOemStringToUnicodeString
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlTimeToTimeFields
RtlFreeUnicodeString
RtlSystemTimeToLocalTime
RtlConvertSidToUnicodeString

netutils

NetApiBufferAllocate
NetpwNameCompare
NetApiBufferFree

user32

LoadStringW

Sections

.text
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 508KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a8d75839015888b00768f2cfdbdaaf3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdsapi

logoncli

rpcrt4

ws2_32

ntdll

netutils

user32

Sections

.text Size: 259KB - Virtual size: 258KB

.data Size: 108KB - Virtual size: 147KB

.pdata Size: 1024B - Virtual size: 864B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 14KB - Virtual size: 14KB

.vmp0 Size: 508KB - Virtual size: 1.8MB

.text
Size: 259KB - Virtual size: 258KB

.data
Size: 108KB - Virtual size: 147KB

.pdata
Size: 1024B - Virtual size: 864B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 14KB - Virtual size: 14KB

.vmp0
Size: 508KB - Virtual size: 1.8MB