e96f496e448fed596b7545c7580171c7de08eb93bf5bd6cbfbbfc643d565397f

Sharing

Copy URL Twitter E-mail

General

Target

e96f496e448fed596b7545c7580171c7de08eb93bf5bd6cbfbbfc643d565397f
Size

369KB
MD5

7d164167544686e3ada0bca1da6cbb50
SHA1

77b8cbacc538cdef02690c1a2cc09ee65c530f1f
SHA256

e96f496e448fed596b7545c7580171c7de08eb93bf5bd6cbfbbfc643d565397f
SHA512

5c262278c803eb4f632713a3df34402ea251d622a3c85c288a83f18051f30790e1963f74224fb87f81194b25bfd36fc156f9daeccb1f2017ad313a4a94045d51
SSDEEP

6144:gaxcFBdI0UznMiUogGIoeg5GkkNeZ9AHrPlZMBLmvVrMZQsuiOeZ1B8fudzk:jxcbdknMiX1NkNeZ9ClatdjQudz

Score

N/A

Malware Config

Signatures

Files

e96f496e448fed596b7545c7580171c7de08eb93bf5bd6cbfbbfc643d565397f
.dll windows x86

65a5ad0b83dbba5a0978b00b1daebcd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
memmove
_wtoi
_purecall
memset
ceil
_ftol2
_wcsicmp
towupper
_wcsnicmp
_vsnwprintf
wcschr
malloc
free
_initterm
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_vsnprintf
_ultow
wcscpy_s
_XcptFilter

rpcrt4

RpcErrorStartEnumeration
RpcBindingFree
RpcBindingReset
RpcBindingCopy
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
UuidCreate
RpcAsyncInitializeHandle
RpcRevertToSelfEx
RpcImpersonateClient
I_RpcBindingInqTransportType
I_RpcBindingInqLocalClientPID
RpcBindingSetOption
I_RpcBindingInqMarshalledTargetInfo
I_RpcBindingInqWireIdForSnego
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcStringFreeW
RpcBindingVectorFree
RpcServerInqBindings
RpcServerRegisterAuthInfoW
RpcBindingFromStringBindingW
RpcAsyncCancelCall
RpcBindingUnbind
RpcBindingBind
RpcBindingCreateW
RpcBindingSetObject
RpcBindingServerFromClient
RpcMgmtEnableIdleCleanup
I_RpcFilterDCOMActivation
RpcRevertToSelf
RpcStringBindingComposeW
NdrServerCall2
RpcRaiseException
I_RpcExceptionFilter
NdrClientCall2
NdrAsyncClientCall
NdrAsyncServerCall
MesEncodeFixedBufferHandleCreate
RpcMgmtIsServerListening
RpcServerListen
RpcMgmtSetServerStackSize
RpcServerUseProtseqEpExW
MesHandleFree
MesDecodeBufferHandleCreate
NdrMesTypeAlignSize2
NdrMesTypeEncode2
NdrMesTypeDecode2
RpcErrorSaveErrorInfo
RpcErrorGetNextRecord
RpcErrorResetEnumeration
RpcErrorEndEnumeration
RpcServerRegisterIfEx

ntdll

NtClose
RtlAllocateAndInitializeSid
WinSqmSetDWORD
RtlGetSaclSecurityDescriptor
RtlLengthSid
RtlCopySid
NtOpenKey
NtQueryKey
RtlNtStatusToDosError
NtQueryInformationFile
RtlInitializeCriticalSectionAndSpinCount
NtQuerySystemInformation
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
NtQueryInformationToken
NtCompareTokens
RtlEqualSid
RtlDeleteCriticalSection
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
RtlInitUnicodeString
RtlEqualUnicodeString
NtOpenFile
RtlFreeUnicodeString
RtlCreateUnicodeString
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
NtAllocateLocallyUniqueId
NtDuplicateToken
RtlInitializeCriticalSection
EtwTraceMessage
NtQueryMutant
RtlCreateVirtualAccountSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl

api-ms-win-core-localregistry-l1-1-0

RegQueryValueExW
RegOpenUserClassesRoot
RegEnumValueW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegGetValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
IsValidSecurityDescriptor
ImpersonateAnonymousToken
RevertToSelf
GetSidSubAuthority
EqualSid
CopySid
GetSidLengthRequired
InitializeSid
GetTokenInformation
IsValidSid
CreateWellKnownSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorLength
AccessCheck
SetTokenInformation
DuplicateTokenEx
CheckTokenMembership
ImpersonateLoggedOnUser
DuplicateToken
GetAce

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

sspicli

LogonUserExExW
EnumerateSecurityPackagesW
FreeContextBuffer

kernel32

MapViewOfFile
InitializeCriticalSectionAndSpinCount
OpenFileMappingW
TlsGetValue
InitializeSListHead
InterlockedPopEntrySList
UnmapViewOfFile
CreateFileMappingW
SearchPathW
SetLastError
GetSystemDirectoryW
GetSystemWow64DirectoryW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseActCtx
FindActCtxSectionGuid
FindActCtxSectionStringW
LoadLibraryExW
AddRefActCtx
OpenEventW
GetComputerNameExW
OpenProcess
InitializeCriticalSection
TlsSetValue
GetDriveTypeW
GetVersionExW
ExpandEnvironmentStringsW
WaitForMultipleObjects
CompareFileTime
GetExitCodeProcess
GetModuleHandleExW
MapViewOfFileEx
CheckElevationEnabled
CreateMutexW
GetProcessIdOfThread
OpenThread
GetFullPathNameW
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
FindClose
FindFirstFileW
ReleaseMutex
UnregisterWait
InterlockedCompareExchange64
EnterCriticalSection
IsWow64Process
HeapFree
HeapAlloc
GetProcessHeap
lstrcmpW
GetLastError
GetSystemInfo
Sleep
TlsAlloc
DelayLoadFailureHook
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualProtect
VirtualAlloc
GetModuleHandleW
VirtualQuery
GetVersion
SleepEx
InterlockedIncrement
InterlockedDecrement
DeleteTimerQueueTimer
CreateTimerQueueTimer
CloseHandle
CreateThread
LocalFree
LocalAlloc
RegisterWaitForSingleObject
lstrlenW
CreateEventW
LeaveCriticalSection
InterlockedPushEntrySList
SetEvent
WaitForSingleObject
QueueUserWorkItem
DuplicateHandle
CompareStringW
GetCurrentThread
InterlockedExchangeAdd
GetModuleFileNameW
DeleteCriticalSection

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
ServiceMain
WhichService

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65a5ad0b83dbba5a0978b00b1daebcd5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-security-sddl-l1-1-0

sspicli

kernel32

Exports

Exports

Sections

.text Size: 342KB - Virtual size: 342KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 342KB - Virtual size: 342KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 19KB - Virtual size: 18KB