3428f80c6eb94729499feb774de101b788be30cec96c6b155a40509481e75911

Sharing

Copy URL

Twitter E-mail

General

Target

3428f80c6eb94729499feb774de101b788be30cec96c6b155a40509481e75911
Size

295KB
MD5

641209714a877af2bb54aac2924b3600
SHA1

abd938a240046acc3bf249d36f3747e81d01e856
SHA256

3428f80c6eb94729499feb774de101b788be30cec96c6b155a40509481e75911
SHA512

4865ba98a02dcc834ca61ead74fb759bf23a4bf125bb40672a4911905223ea47a0d3c32e87f4959013bcbf68933f2d46b549957bcbc324e6c1552ac0ee48fe0c
SSDEEP

6144:JWORZV/YJPmz+VOHi0XI57NnLoFf4mQrNJPCodyd7JqHnmoVjTV5JFyTi/I2Y81I:JdF/4DWL6vjTzJqOYuIh

Score

N/A

Malware Config

Signatures

Files

3428f80c6eb94729499feb774de101b788be30cec96c6b155a40509481e75911
.exe windows x64

20fc8d03bc9547e4cff953bd4fd58c99

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ControlTraceW
EnableTrace
RegCreateKeyExW
RegQueryValueExW
StartTraceW
RegOpenKeyExW
ConvertSidToStringSidW
RegCloseKey
RegSetValueExW
RegisterTraceGuidsW
GetTraceEnableLevel
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
GetTraceEnableFlags

kernel32

ReadFile
GetFileAttributesW
OpenEventW
SetEvent
WaitForSingleObject
SetLastError
CreateDirectoryW
GetFullPathNameW
DeleteCriticalSection
EnterCriticalSection
GetProcAddress
GetModuleFileNameW
LeaveCriticalSection
LoadLibraryW
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetFileSize
CreateEventW
GetVersionExW
GetTickCount
WriteFile
Sleep
FormatMessageW
CreateFileW
GetConsoleOutputCP
SetThreadPreferredUILanguages
GetModuleHandleW
ExpandEnvironmentStringsW
LocalFree
GetWindowsDirectoryW
CloseHandle
HeapSetInformation
LocalAlloc
GetLastError

msvcrt

wcsrchr
_wcsnicmp
free
malloc
_wtoi
memset
_wcsicmp
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
wprintf
fwprintf
swprintf_s
wcscpy_s
setlocale
_iob
_vsnprintf
_vsnwprintf
printf
wcschr
memcpy

user32

LoadStringW

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlGetNtProductType
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
DbgPrint
RtlNtStatusToDosError

logoncli

DsGetDcNameW

wkscli

NetJoinDomain
NetUseDel
NetUseAdd

netutils

NetApiBufferAllocate
NetApiBufferFree

rpcrt4

UuidToStringW
RpcStringFreeW

netjoin

NetRequestOfflineDomainJoin
NetProvisionComputerAccount
NetpDecodeProvisioningBlob

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20fc8d03bc9547e4cff953bd4fd58c99

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

ntdll

logoncli

wkscli

netutils

rpcrt4

netjoin

Sections

.text Size: 39KB - Virtual size: 39KB

.data Size: 2KB - Virtual size: 36KB

.pdata Size: 1024B - Virtual size: 816B

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 236KB - Virtual size: 460KB

.text
Size: 39KB - Virtual size: 39KB

.data
Size: 2KB - Virtual size: 36KB

.pdata
Size: 1024B - Virtual size: 816B

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 236KB - Virtual size: 460KB