42c2f9858347f1ab34c2e20ee0a4a954844883e564953ef299a511d96df7dd0f

Sharing

Copy URL Twitter E-mail

General

Target

42c2f9858347f1ab34c2e20ee0a4a954844883e564953ef299a511d96df7dd0f
Size

304KB
MD5

41532dfd6081b254f9a121c3f95673ba
SHA1

9728ef116a704cb731627d95dbaa571b2e961955
SHA256

42c2f9858347f1ab34c2e20ee0a4a954844883e564953ef299a511d96df7dd0f
SHA512

fd225d7af47f053631b171ff1b6196da6ccfc7776a9d7812c17c2f1611c6dd45050d9f3b5ea90ab7efaf5b514791f72373a7cbe93aa4dc70212182d2fc82f3a0
SSDEEP

6144:2TFRcjA4yw8aAkQtyLNX13znrNOPtQeGFoh7PL8GW54nRbFwQ/wHl2Vdutss:xQttypX13HwPurSh7YVC5Klyum

Score

N/A

Malware Config

Signatures

Files

42c2f9858347f1ab34c2e20ee0a4a954844883e564953ef299a511d96df7dd0f
.dll windows x86

d039098c362ae6048556a3322d2087cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

activeds

ord3
ord15

advapi32

RegQueryValueExA
ConvertSidToStringSidW
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
SetTokenInformation
RegOpenKeyExA
RegSaveKeyW
GetKernelObjectSecurity
GetSecurityDescriptorDacl
SetKernelObjectSecurity
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
SetServiceStatus
RegEnumValueW
RegDeleteValueW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
RegOpenCurrentUser
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
LookupAccountSidW
GetTokenInformation
OpenThreadToken
RegNotifyChangeKeyValue
RegisterServiceCtrlHandlerW
OpenProcessToken
CloseServiceHandle
ChangeServiceConfigW
OpenServiceW
OpenSCManagerW
LogonUserW
EqualSid
AdjustTokenPrivileges
LookupPrivilegeValueW
AddAce
GetAce
GetAclInformation
IsValidSid

kernel32

SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GlobalFree
GlobalAlloc
DeleteFileW
lstrcatW
GetWindowsDirectoryW
UnhandledExceptionFilter
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
ReleaseMutex
WaitForSingleObject
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetEvent
InterlockedExchange
Sleep
lstrlenW
LocalAlloc
GetSystemTime
CloseHandle
GetLastError
CreateMutexW
DuplicateHandle
GetTickCount
InitializeCriticalSection
DisableThreadLibraryCalls
ResetEvent
HeapAlloc
HeapFree
WriteFile
FreeLibrary
SetThreadPriority
GetCurrentThread
DeleteCriticalSection
lstrcmpiW
GetProcAddress
LoadLibraryW
GetComputerNameExW
CreateEventW
OpenProcess
CreateFileW
GetPrivateProfileIntW
TerminateProcess
CreateThread
ExitThread
lstrcpyW
HeapCompact
GetProcessHeap
WaitForMultipleObjects
WritePrivateProfileStringW
GetPrivateProfileSectionNamesW
HeapDestroy
RegisterWaitForSingleObject
GetSystemInfo
OpenEventW
GetModuleHandleW
HeapCreate
GetCurrentProcess
GetPrivateProfileStringW
GetFileAttributesExW
GetSystemWindowsDirectoryW
UnmapViewOfFile
IsDBCSLeadByte
MapViewOfFile
CreateFileMappingW
GetFileSize
GetCurrentDirectoryW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetUserDefaultUILanguage
FindClose
FindNextFileW
FindFirstFileW
GetSystemDirectoryW
LocalFree
FileTimeToSystemTime
GetSystemTimeAsFileTime
OutputDebugStringA
lstrcatA
lstrlenA
GetLocalTime
QueryPerformanceCounter
GetCurrentProcessId
GetComputerNameW

msvcrt

malloc
wcscpy
wcsstr
wcslen
_wtol
wcschr
_wcsupr
wcsncpy
_wcsicmp
wcscat
memmove
wcscmp
_itow
_adjust_fdiv
_except_handler3
_initterm
free
_vsnprintf
_wcsnicmp
wcsncmp

ntdll

NtClose
RtlOpenCurrentUser

ole32

StringFromGUID2
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
SysFreeString

psapi

EnumProcesses

rpcrt4

RpcRevertToSelf
RpcImpersonateClient
RpcServerUnregisterIf
RpcBindingFree
RpcBindingSetAuthInfoW
RpcStringFreeW
NdrClientCall2
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcCancelThread
RpcMgmtSetCancelTimeout
RpcServerRegisterIfEx
RpcServerListen
RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
NdrServerCall2
I_RpcExceptionFilter

rtutils

TraceDeregisterW
TraceVprintfExA
TraceRegisterExW

secur32

GetComputerObjectNameW

user32

DestroyIcon
LoadStringW
LoadIconW
wsprintfA
wsprintfW

winmm

midiOutMessage
waveOutMessage
waveInMessage
midiInMessage

Exports

Exports

ServiceMain

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d039098c362ae6048556a3322d2087cd

Headers

File Characteristics

Imports

activeds

advapi32

kernel32

msvcrt

ntdll

ole32

oleaut32

psapi

rpcrt4

rtutils

secur32

user32

winmm

Exports

Exports

Sections

.text Size: 206KB - Virtual size: 205KB

.data Size: 62KB - Virtual size: 62KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 206KB - Virtual size: 205KB

.data
Size: 62KB - Virtual size: 62KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 10KB - Virtual size: 10KB