4c57eb6076a2c484ff5a33ca10b3c2674d71a518315d5902f27fbe723c0d5f0f

Sharing

Copy URL Twitter E-mail

General

Target

4c57eb6076a2c484ff5a33ca10b3c2674d71a518315d5902f27fbe723c0d5f0f
Size

638KB
MD5

4c2ab6ac5870a407c3530a4100bd81f0
SHA1

aef2288b4416aafbcee72258e33d226bc0282f95
SHA256

4c57eb6076a2c484ff5a33ca10b3c2674d71a518315d5902f27fbe723c0d5f0f
SHA512

9a1f9024f4e70dec7885af617df93867c161cf5e413a16912a61e3f4cd8f57ab1a8be6f6a1f457aa06b82d7865212ebc35801af06266131658be4008869ae6a9
SSDEEP

12288:m6PQUx/hvTZHJxdRXQNXH2bcQDA1HOFab6DPN0G1m:mrUx/XrgN36ctpOF/qGY

Score

N/A

Malware Config

Signatures

Files

4c57eb6076a2c484ff5a33ca10b3c2674d71a518315d5902f27fbe723c0d5f0f
.exe windows x64

c566b375306679fb51b1e5ba65a50f8d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

powrprof

PowerSetActiveScheme
PowerWriteDCValueIndex
PowerReadDCValueIndex
PowerWriteACValueIndex
PowerDeterminePlatformRole
PowerGetActiveScheme
PowerReadACValueIndex
GetPwrCapabilities
SetSuspendState

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo

kernel32

DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
CreateFileA
CreateFileW
DeviceIoControl
CloseHandle
OpenProcess
QueryFullProcessImageNameA
FormatMessageA
LocalFree
lstrlenA
SizeofResource
GetModuleFileNameA
ExitThread
ReadFile
TerminateProcess
LockResource
ResetEvent
EnterCriticalSection
GetProcAddress
EncodePointer
MultiByteToWideChar
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetHandleInformation
K32GetModuleFileNameExA
ExpandEnvironmentStringsA
TlsFree
WriteFile
GetProcessHeap
ConnectNamedPipe
HeapFree
HeapAlloc
GetTickCount64
CreateThread
CreateWaitableTimerA
GetCurrentThreadId
LoadLibraryA
GetLocalTime
FileTimeToSystemTime
InitializeCriticalSection
WaitForMultipleObjectsEx
GetSystemTimeAsFileTime
GetTickCount
SetThreadExecutionState
CancelWaitableTimer
SystemTimeToFileTime
SetWaitableTimer
FreeLibrary
GetCurrentProcess
DeleteCriticalSection
TlsAlloc
OutputDebugStringA
QueryPerformanceFrequency
TlsSetValue
QueryPerformanceCounter
TlsGetValue
SetFilePointer
GetLastError
RaiseException
LeaveCriticalSection
GetSystemPowerStatus
Sleep
WideCharToMultiByte
SetEvent
WaitForSingleObject
LoadResource
FindResourceW
FindResourceExW
DecodePointer
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentProcessId
CreateEventA
SetUnhandledExceptionFilter

lserv

StartLogger
StopLogger

psapi

EnumProcesses

networkheuristic

?StopNetworkMonitor@CNetworkMonitor@@QEAAXXZ
?StartNetworkMonitor@CNetworkMonitor@@QEAAHH@Z
?InitializeWinPCapDLL@CNetworkMonitor@@QEAAHXZ
??1CNetworkMonitor@@UEAA@XZ
??0CNetworkMonitor@@QEAA@XZ
?IsNetworkMonitorDone@CNetworkMonitor@@QEAAHXZ

isctnetdetect

??1AOACNetDetect@netDetect@@QEAA@XZ
?WakeByNetDetect@AOACNetDetect@netDetect@@QEAAHXZ
?ClearNetDetectConfig@AOACNetDetect@netDetect@@QEAAJXZ
?ConfigB2BFeature@AOACNetDetect@netDetect@@QEAAJII@Z
?ConfigNetDetectFeature@AOACNetDetect@netDetect@@QEAAJII@Z
?IsRWWoWLANSupported@AOACNetDetect@netDetect@@QEAAHXZ
?IsNDWoWLANSupported@AOACNetDetect@netDetect@@QEAAHXZ
?NetDetectSupported@AOACNetDetect@netDetect@@QEAAHXZ
?Uninitialize@AOACNetDetect@netDetect@@QEAAJXZ
??0AOACNetDetect@netDetect@@QEAA@XZ
?NetDetectInitializationDone@AOACNetDetect@netDetect@@QEAAHXZ
?Initialize@AOACNetDetect@netDetect@@QEAAJP6AJIPEAI@Z@Z

isctremotewake

?SystemIsSuspending@ISCTRemoteWakeAgent@remoteWake@@QEAAXXZ
?IsWLANSelectedForRemoteWake@ISCTRemoteWakeAgent@remoteWake@@QEAAHXZ
?SetRemoteWakeParam@ISCTRemoteWakeAgent@remoteWake@@QEAAJW4_RemoteWakeParam@12@H@Z
?GetWakeReason@ISCTRemoteWakeAgent@remoteWake@@QEAA?AW4_REMOTE_WAKE_REASON@@XZ
?RemoteWakeSupported@ISCTRemoteWakeAgent@remoteWake@@QEAAHXZ
?Uninitialize@ISCTRemoteWakeAgent@remoteWake@@QEAAJXZ
?Initialize@ISCTRemoteWakeAgent@remoteWake@@QEAAJP6AJH@Z_N@Z
??1ISCTRemoteWakeAgent@remoteWake@@QEAA@XZ
??0ISCTRemoteWakeAgent@remoteWake@@QEAA@PEAVAOACNetDetect@netDetect@@@Z

wlanapi

WlanFreeMemory
WlanEnumInterfaces
WlanOpenHandle
WlanQueryInterface
WlanCloseHandle

user32

GetMessageA
SetTimer
KillTimer
TranslateMessage
CreateWindowExA
PostMessageA
RegisterRawInputDevices
RegisterClassExA
RegisterPowerSettingNotification
DispatchMessageA

advapi32

OpenSCManagerA
CloseServiceHandle
RegDeleteValueA
ReportEventA
RegDeleteKeyA
DeregisterEventSource
RegisterEventSourceA
RegCloseKey
RegOpenKeyA
RegGetValueA
RegOpenKeyExA
RegCreateKeyA
RegSetValueExA
OpenServiceA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
DeleteService
ChangeServiceConfig2A
RegisterServiceCtrlHandlerA
CreateServiceA
QueryServiceStatus
SetServiceStatus
ControlService
StartServiceCtrlDispatcherA

ole32

CoInitializeEx
CoCreateInstance
CoCreateGuid
CoTaskMemFree
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear

shlwapi

StrStrIA

msvcr100

ceil
__setusermatherr
_commode
_fmode
__set_app_type
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_exit
_XcptFilter
__getmainargs
_amsg_exit
_configthreadlocale
_lock
__dllonexit
_unlock
__C_specific_handler
?terminate@@YAXXZ
_CxxThrowException
__CxxFrameHandler3
memset
malloc
_stat64i32
_initterm_e
_initterm
__initenv
memcpy
strrchr
_vsnprintf_s
exit
_onexit
_cexit
??3@YAXPEAX@Z
memmove_s
sprintf_s
free
??_V@YAXPEAX@Z
memcpy_s
??2@YAPEAX_K@Z
strchr
_popen
fgets
printf
fclose
_wcsicmp
wcscpy_s
strcpy_s
_strlwr_s
strstr
_vsnwprintf
_vsnprintf
_stricmp
_mktime64
_localtime64_s
strftime
_time64
strncpy_s
isspace
isalnum
isdigit
iscntrl
_strset_s
_snprintf_s

iphlpapi

GetAdaptersAddresses
CancelIPChangeNotify
NotifyAddrChange

ws2_32

WSAResetEvent
WSACreateEvent
WSAGetLastError
inet_ntop

Exports

Exports

?ReadyToSuspend@ISCTRemoteWakeAgent@remoteWake@@QEAAHXZ

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 862B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.8MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c566b375306679fb51b1e5ba65a50f8d

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

wtsapi32

setupapi

kernel32

lserv

psapi

networkheuristic

isctnetdetect

isctremotewake

wlanapi

user32

advapi32

ole32

oleaut32

shlwapi

msvcr100

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 2KB - Virtual size: 26KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 862B

.vmp0 Size: 500KB - Virtual size: 1.8MB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 2KB - Virtual size: 26KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 862B

.vmp0
Size: 500KB - Virtual size: 1.8MB