094f4f35e0de0c1474b69155693aff921d67c719bac3541762015a12a5e8dfe8

Sharing

Copy URL Twitter E-mail

General

Target

094f4f35e0de0c1474b69155693aff921d67c719bac3541762015a12a5e8dfe8
Size

198KB
MD5

74e2efb9d704bbea3e7c2317071b9e70
SHA1

8ef7b16f23d09ee6c9b00e4643d79127ff034251
SHA256

094f4f35e0de0c1474b69155693aff921d67c719bac3541762015a12a5e8dfe8
SHA512

546417c519d3fc7a8f6057b48330a9c78e2304afc92c9277b7088efa0f5eff91121328f7a1906df16cc5690016a626f2a26b1fd44c2348ec036735a61fab96a6
SSDEEP

3072:7/4uZasR9jCsVKULaUVWp1zHjn+py4fKRvdn+DV7W1zDOkICAm:zzRR9jCs0ULaU29qfKRl+wNom

Score

N/A

Malware Config

Signatures

Files

094f4f35e0de0c1474b69155693aff921d67c719bac3541762015a12a5e8dfe8
.exe windows x86

0cc953d47a8dcc7655e182edcc80d049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
ConvertSidToStringSidW
RegOpenKeyExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
GetSecurityInfo
RegDeleteKeyExW
RegSetValueExW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
GetSecurityDescriptorLength
GetSecurityDescriptorControl
IsValidSecurityDescriptor
MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAce
MapGenericMask
GetAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorDacl
RegCloseKey

kernel32

GetStartupInfoW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetCommandLineW
IsWow64Process
lstrcmpW
WideCharToMultiByte
CreateProcessW
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteCriticalSection
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
WaitForSingleObject
GetFullPathNameW
SetThreadLocale
LocaleNameToLCID
GetThreadLocale
CreateFileW
GetFileSize
ReadFile
GetModuleHandleW
GetFileType
GetConsoleMode
WriteConsoleW
WriteFile
FileTimeToSystemTime
HeapSetInformation
SetThreadUILanguage
FormatMessageW
LocalFree
GetCurrentProcess
CloseHandle
GetLastError
GetStdHandle
lstrcmpiW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
SystemTimeToTzSpecificLocalTime
InitializeCriticalSectionAndSpinCount

msvcrt

_wtoi
_itow_s
towupper
??0exception@@QAE@ABV0@@Z
_vsnwprintf
__CxxFrameHandler3
??0exception@@QAE@XZ
_wcsnicmp
memcpy
setlocale
wcschr
_wcsicmp
memcpy_s
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
memmove_s
_onexit
_purecall
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
fflush
fgetwc
wprintf
swscanf
_iob
memset

oleaut32

SysStringLen
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
SysFreeString

ole32

CoCreateInstance
CoInitialize
CoUninitialize

rpcrt4

RpcStringFreeW
UuidToStringW
UuidFromStringW
UuidCreate

credui

CredUICmdLinePromptForCredentialsW

wevtapi

EvtCreateRenderContext
EvtNext
EvtUpdateBookmark
EvtArchiveExportedLog
EvtExportLog
EvtClearLog
EvtOpenLog
EvtOpenPublisherMetadata
EvtOpenEventMetadataEnum
EvtNextEventMetadata
EvtGetObjectArraySize
EvtOpenPublisherEnum
EvtNextPublisherId
EvtSeek
EvtSetChannelConfigProperty
EvtOpenChannelConfig
EvtOpenChannelEnum
EvtGetExtendedStatus
EvtRender
EvtGetLogInfo
EvtGetObjectArrayProperty
EvtGetChannelConfigProperty
EvtGetEventMetadataProperty
EvtGetPublisherMetadataProperty
EvtNextChannelPath
EvtOpenSession
EvtClose
EvtCreateBookmark
EvtQuery
EvtSaveChannelConfig
EvtFormatMessage

ntdll

EtwTraceMessage
RtlGetVersion

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xyrranc
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0cc953d47a8dcc7655e182edcc80d049

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

oleaut32

ole32

rpcrt4

credui

wevtapi

ntdll

Sections

.text Size: 158KB - Virtual size: 158KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 34KB - Virtual size: 35KB

xyrranc Size: - Virtual size: 4KB

.text
Size: 158KB - Virtual size: 158KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 34KB - Virtual size: 35KB

xyrranc
Size: - Virtual size: 4KB