f4b14cecd5354429724883eb0d84ff618147eb8598bb0798efdbe747143da292

Sharing

Copy URL

Twitter E-mail

General

Target

f4b14cecd5354429724883eb0d84ff618147eb8598bb0798efdbe747143da292
Size

500KB
MD5

5831bb1804186234eac4df822b0d6630
SHA1

9345d68d4d0fe9f50162e0989c4541186c4a7e98
SHA256

f4b14cecd5354429724883eb0d84ff618147eb8598bb0798efdbe747143da292
SHA512

ebd576794fa3603967fdfd76e40c004a2951d239f799a361c5d72611719ae46ecc8bc4d44554be44ffe03bd752fc38e0a85aaa99adc6e225337bb78ed28506b8
SSDEEP

12288:PLrgV2bhQxaZRQ1kJASqNQ7H/KL34OfJbDWN:DA2b2oZkkJAJu7fWJb

Score

N/A

Malware Config

Signatures

Files

f4b14cecd5354429724883eb0d84ff618147eb8598bb0798efdbe747143da292
.dll windows x64

92d42c80597c09f35b90077e57c32f4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_wtoi
memmove
_purecall
wcschr
_wcsicmp
towupper
wcsstr
_wcsnicmp
_vsnwprintf
__C_specific_handler
_unlock
__dllonexit
malloc
_onexit
memset
_vsnprintf
memcpy
memcmp
_ultow
wcscpy_s
_initterm
free
_lock
_amsg_exit
_XcptFilter
ceil

rpcrt4

RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingVectorFree
RpcBindingFromStringBindingW
RpcAsyncCancelCall
RpcBindingSetObject
RpcBindingCreateW
RpcBindingBind
RpcBindingUnbind
RpcBindingServerFromClient
RpcRevertToSelf
I_RpcFilterDCOMActivation
RpcMgmtEnableIdleCleanup
RpcStringBindingComposeW
RpcRaiseException
NdrServerCall2
I_RpcExceptionFilter
NdrClientCall2
Ndr64AsyncClientCall
RpcServerInqBindings
I_RpcBindingInqMarshalledTargetInfo
I_RpcBindingInqWireIdForSnego
RpcBindingSetOption
RpcRevertToSelfEx
RpcImpersonateClient
I_RpcBindingInqLocalClientPID
I_RpcBindingInqTransportType
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
NdrAsyncServerCall
NdrAsyncClientCall
MesEncodeFixedBufferHandleCreate
MesDecodeBufferHandleCreate
MesHandleFree
NdrMesTypeDecode2
NdrMesTypeAlignSize2
NdrMesTypeEncode2
RpcErrorGetNextRecord
RpcErrorEndEnumeration
RpcErrorResetEnumeration
RpcErrorStartEnumeration
RpcErrorSaveErrorInfo
UuidCreate
RpcServerRegisterAuthInfoW
RpcMgmtSetServerStackSize
RpcMgmtIsServerListening
RpcServerListen
RpcServerUseProtseqEpExW
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoExW
RpcBindingReset
RpcBindingCopy
RpcBindingFree
RpcServerRegisterIfEx

ntdll

RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlCreateVirtualAccountSid
NtQueryMutant
NtDuplicateToken
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
NtAllocateLocallyUniqueId
WinSqmSetDWORD
RtlAllocateAndInitializeSid
NtClose
NtQueryInformationFile
NtOpenFile
RtlFreeUnicodeString
RtlCreateUnicodeString
RtlLengthSid
RtlNtStatusToDosError
RtlGetSaclSecurityDescriptor
RtlCopySid
NtOpenKey
NtQueryKey
RtlInitializeCriticalSectionAndSpinCount
NtQuerySystemInformation
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
NtQueryInformationToken
NtCompareTokens
RtlEqualSid
RtlDeleteCriticalSection
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitializeCriticalSection
RtlEqualUnicodeString
RtlInitUnicodeString
EtwTraceMessage

api-ms-win-core-localregistry-l1-1-0

RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegOpenUserClassesRoot
RegLoadMUIStringW
RegGetValueW
RegSetValueExW
RegCloseKey

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
GetAce
GetSidLengthRequired
RevertToSelf
ImpersonateAnonymousToken
CopySid
GetTokenInformation
EqualSid
IsValidSid
CreateWellKnownSid
GetLengthSid
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
GetSecurityDescriptorLength
AccessCheck
SetTokenInformation
DuplicateTokenEx
CheckTokenMembership
ImpersonateLoggedOnUser
DuplicateToken
InitializeSid

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

sspicli

FreeContextBuffer
EnumerateSecurityPackagesW
LogonUserExExW

kernel32

GetSystemWow64DirectoryW
GetSystemDirectoryW
SearchPathW
OpenFileMappingW
CreateFileW
UnmapViewOfFile
MapViewOfFile
InterlockedPushEntrySList
SetLastError
CreateFileMappingW
GetModuleHandleW
LoadLibraryExW
FindActCtxSectionGuid
GetModuleHandleExW
MapViewOfFileEx
ReleaseActCtx
FindActCtxSectionStringW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockShared
AddRefActCtx
GetDriveTypeW
TlsSetValue
OpenProcess
InitializeCriticalSection
IsWow64Process
GetComputerNameExW
OpenEventW
ExpandEnvironmentStringsW
GetVersionExW
WaitForMultipleObjects
GetExitCodeProcess
CompareFileTime
CheckElevationEnabled
GetFullPathNameW
CreateMutexW
SetThreadpoolWait
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CloseThreadpool
CreateThreadpoolWait
OpenThread
GetProcessIdOfThread
ReleaseMutex
FindFirstFileW
FindClose
UnregisterWait
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
InterlockedPopEntrySList
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
lstrcmpW
Sleep
GetLastError
GetSystemInfo
TlsAlloc
FreeLibrary
GetProcAddress
LoadLibraryExA
DelayLoadFailureHook
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualQuery
VirtualAlloc
VirtualProtect
SetThreadStackGuarantee
CreateThread
CloseHandle
SleepEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
lstrlenW
RegisterWaitForSingleObject
LocalAlloc
LocalFree
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
TlsGetValue
QueueUserWorkItem
DuplicateHandle
CompareStringW
GetCurrentThread
GetModuleFileNameW
DeleteCriticalSection

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
ServiceMain
WhichService

Sections

.text
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92d42c80597c09f35b90077e57c32f4f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-security-sddl-l1-1-0

sspicli

kernel32

Exports

Exports

Sections

.text Size: 401KB - Virtual size: 401KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 8KB - Virtual size: 8KB

.pdata Size: 22KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 401KB - Virtual size: 401KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 8KB - Virtual size: 8KB

.pdata
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 3KB - Virtual size: 2KB