a77198e2a30cd60a4c385631e1f3232cc131f4522f237d34d9b5a9cd676537f9

Sharing

Copy URL Twitter E-mail

General

Target

a77198e2a30cd60a4c385631e1f3232cc131f4522f237d34d9b5a9cd676537f9
Size

1.5MB
MD5

6dde194401479a6d1b8e604f62c00bd7
SHA1

d74d5d196bbd94378a0eda3236bd9e42e41d4479
SHA256

a77198e2a30cd60a4c385631e1f3232cc131f4522f237d34d9b5a9cd676537f9
SHA512

94d8fe919c2721d58a440afbf7540e022a793f7a7194af53d881b9afa42dc09a3816f4b257a083c96bb6d837c9ed80aa4382ae1822f2882bc870007c86941cdc
SSDEEP

24576:ChTCroO5VmwOSq8KRqXvUcUMG1KeRPNf5n75:vzE8KRwUvpRRPNf5n

Score

N/A

Malware Config

Signatures

Files

a77198e2a30cd60a4c385631e1f3232cc131f4522f237d34d9b5a9cd676537f9
.exe windows x86

2764e7f5e0e8734b4cab9a56737e9176

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDestroyHash
CryptDestroyKey
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
MakeAbsoluteSD
ConvertStringSecurityDescriptorToSecurityDescriptorW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
SetServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegEnumKeyExW
CreateServiceW
DeleteService
ControlService
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetThreadToken
GetTokenInformation
OpenThreadToken
CheckTokenMembership
CryptGetUserKey
LookupAccountNameW
AllocateAndInitializeSid
GetLengthSid
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
CryptGetKeyParam
CryptDeriveKey
CryptVerifySignatureW
CryptSignHashW
FreeSid
CredWriteDomainCredentialsW
CreateProcessAsUserW
CredReadW
CryptImportKey
CryptExportKey
RegQueryValueExA
RegEnumValueA
OpenProcessToken
EqualSid
GetSidSubAuthorityCount
GetSidLengthRequired
GetSidIdentifierAuthority
InitializeSid
GetSidSubAuthority
CryptCreateHash
CryptDuplicateKey
CryptSetHashParam
CryptGetHashParam
CryptHashData
IsValidSid
ConvertStringSidToSidW
IsWellKnownSid
CryptAcquireContextA
CryptGenKey
RegEnumValueW
CredEnumerateW
CredWriteW
CredDeleteW
CredFree
ConvertSidToStringSidW
CryptDecrypt
CryptEncrypt
RegOpenCurrentUser
DuplicateToken
ImpersonateLoggedOnUser
SetTokenInformation
RevertToSelf
CryptGetProvParam
CryptContextAddRef
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
GetAce
GetAclInformation
AddAccessAllowedAce
AddAce
SetNamedSecurityInfoW
InitializeAcl
GetSecurityDescriptorDacl
GetFileSecurityW
InitializeSecurityDescriptor
AccessCheck
IsValidSecurityDescriptor
CryptSetProvParam

kernel32

GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetSystemInfo
lstrcmpA
CreateFileW
WaitForMultipleObjects
LoadLibraryW
DeleteFileW
GetFileSize
ReadFile
CreateMutexW
ExpandEnvironmentStringsW
ReleaseMutex
ResetEvent
GetComputerNameW
lstrlenW
CreateProcessW
lstrlenA
SetEndOfFile
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
OutputDebugStringW
GlobalAlloc
GlobalFree
EnumResourceNamesW
CreateDirectoryExW
GetSystemDefaultLangID
SetThreadLocale
GetFileAttributesExW
FindFirstFileW
TryEnterCriticalSection
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLastError
GetSystemTimeAsFileTime
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidCodePage
GetOEMCP
GetCPInfo
LoadLibraryA
VirtualAlloc
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
SetLastError
TlsFree
TlsSetValue
FindNextFileW
FindClose
InterlockedIncrement
InterlockedDecrement
TlsAlloc
RaiseException
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
WriteFile
CloseHandle
lstrcmpiW
LocalFree
SetCurrentDirectoryW
GetCurrentDirectoryW
EnterCriticalSection
LocalAlloc
WaitForSingleObject
GetModuleFileNameW
Sleep
GetModuleHandleW
GetCurrentThreadId
CreateThread
CreateEventW
SetEvent
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetProcessHandleCount
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
ExitProcess
GetModuleHandleA
CopyFileW
GetProcAddress
SetUnhandledExceptionFilter
RtlUnwind
GetStartupInfoW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateTimerQueueTimer
DeleteTimerQueueEx
GetCurrentThread
WideCharToMultiByte
GetProcessHeap
HeapSetInformation
GetCommandLineW
CreateTimerQueue
GetCurrentProcess
GetVersionExW

oleaut32

VarBstrCmp
SysStringLen
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VarBstrCat
SysAllocStringByteLen
SysAllocStringLen
VariantChangeType
VariantInit
VariantClear
SysFreeString

shlwapi

PathIsDirectoryW
PathFileExistsW
SHStrDupW
PathCombineW

ole32

IIDFromString
CreateStreamOnHGlobal
CoTaskMemRealloc
CoUninitialize
CoInitializeEx
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoTaskMemAlloc
CoInitializeSecurity
CLSIDFromProgID
CoSuspendClassObjects
StringFromGUID2
CoCreateInstance
CoResumeClassObjects
PropVariantClear
CoImpersonateClient
CoRevertToSelf
CoSetProxyBlanket

user32

LoadStringA
LoadStringW
TranslateMessage
UnregisterClassA
PostThreadMessageW
GetMessageW
CharUpperW
MessageBoxW
DispatchMessageW
CharNextW

rpcrt4

RpcServerUnregisterIf
RpcRevertToSelf
NdrServerCall2
RpcServerUseProtseqEpW
RpcStringFreeW
RpcServerRegisterIf
RpcImpersonateClient
I_RpcBindingInqLocalClientPID
UuidCreate
UuidToStringA
RpcStringFreeA
UuidToStringW
RpcServerListen
RpcMgmtStopServerListening

crypt32

CertFreeCertificateChain
CryptSignMessage
CertGetNameStringA
CryptUnprotectData
CryptProtectData
CryptExportPublicKeyInfo
CryptEncodeObjectEx
CryptSignAndEncodeCertificate
CertSetCertificateContextProperty
CertGetIssuerCertificateFromStore
CertEnumCertificatesInStore
CertCompareCertificate
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertOpenStore
CertFindCertificateInStore
CertDeleteCertificateFromStore
CertCloseStore
CertGetNameStringW
CryptAcquireCertificatePrivateKey
CertCreateCertificateContext
CertVerifySubjectCertificateContext
CertFreeCertificateContext
CryptVerifyMessageSignature
CertVerifyCertificateChainPolicy
CryptImportPublicKeyInfo
CertGetCertificateChain

sensapi

IsNetworkAlive

psapi

GetProcessMemoryInfo

sqmapi

SqmAddToStreamDWord
SqmSet
SqmEndSession
SqmStartSession
SqmStartUpload
SqmSetAppVersion
SqmSetMachineId
SqmWriteSharedMachineId
SqmCreateNewId
SqmReadSharedMachineId
SqmGetSession
SqmSetAppId
SqmAddToStreamString

netapi32

NetUserModalsGet
NetApiBufferFree

secur32

GetUserNameExW

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCreateUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSetOption
WinHttpSendRequest
WinHttpOpen
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpCrackUrl
WinHttpReceiveResponse

iphlpapi

CancelIPChangeNotify
NotifyAddrChange

shell32

SHGetFolderPathW
SHFileOperationW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ws2_32

WSACloseEvent
WSACreateEvent
WSAGetLastError

ntdsapi

DsUnBindW
DsCrackNamesW
DsFreeNameResultW
DsBindW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken

userenv

UnloadUserProfile
CreateEnvironmentBlock
DestroyEnvironmentBlock

wintrust

WinVerifyTrustEx
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2764e7f5e0e8734b4cab9a56737e9176

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

oleaut32

shlwapi

ole32

user32

rpcrt4

crypt32

sensapi

psapi

sqmapi

netapi32

secur32

winhttp

iphlpapi

shell32

ws2_32

ntdsapi

wtsapi32

userenv

wintrust

version

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.data Size: 10KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 98KB - Virtual size: 98KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 10KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 98KB - Virtual size: 98KB