41f1fc1e4cfc041cc6878eb4463d552f996908e97dc5676ea0c86e53423c3392

Sharing

Copy URL Twitter E-mail

General

Target

41f1fc1e4cfc041cc6878eb4463d552f996908e97dc5676ea0c86e53423c3392
Size

368KB
MD5

218758ebbdb6a485ec427a575f5ace30
SHA1

c623dd235d3eb1c69defd0d075dbc46e11494e44
SHA256

41f1fc1e4cfc041cc6878eb4463d552f996908e97dc5676ea0c86e53423c3392
SHA512

5d7843224a09c6a0a615abea06be6c45263d09a35a86b0da3d2c969f73406cfa95092c9ba9caed7f9dc0ca0b0dbe5c4a53d9c3ac127546e67af9aff9a36a70f2
SSDEEP

6144:NaxcFBdI0UznMiUogGIoeg5GkkNeZ9AHrPlZMBLmvVrMZQsuiOeZ1B8funUk:QxcbdknMiX1NkNeZ9ClatdjQunU

Score

N/A

Malware Config

Signatures

Files

41f1fc1e4cfc041cc6878eb4463d552f996908e97dc5676ea0c86e53423c3392
.dll windows x86

65a5ad0b83dbba5a0978b00b1daebcd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
memmove
_wtoi
_purecall
memset
ceil
_ftol2
_wcsicmp
towupper
_wcsnicmp
_vsnwprintf
wcschr
malloc
free
_initterm
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_vsnprintf
_ultow
wcscpy_s
_XcptFilter

rpcrt4

RpcErrorStartEnumeration
RpcBindingFree
RpcBindingReset
RpcBindingCopy
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
UuidCreate
RpcAsyncInitializeHandle
RpcRevertToSelfEx
RpcImpersonateClient
I_RpcBindingInqTransportType
I_RpcBindingInqLocalClientPID
RpcBindingSetOption
I_RpcBindingInqMarshalledTargetInfo
I_RpcBindingInqWireIdForSnego
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcStringFreeW
RpcBindingVectorFree
RpcServerInqBindings
RpcServerRegisterAuthInfoW
RpcBindingFromStringBindingW
RpcAsyncCancelCall
RpcBindingUnbind
RpcBindingBind
RpcBindingCreateW
RpcBindingSetObject
RpcBindingServerFromClient
RpcMgmtEnableIdleCleanup
I_RpcFilterDCOMActivation
RpcRevertToSelf
RpcStringBindingComposeW
NdrServerCall2
RpcRaiseException
I_RpcExceptionFilter
NdrClientCall2
NdrAsyncClientCall
NdrAsyncServerCall
MesEncodeFixedBufferHandleCreate
RpcMgmtIsServerListening
RpcServerListen
RpcMgmtSetServerStackSize
RpcServerUseProtseqEpExW
MesHandleFree
MesDecodeBufferHandleCreate
NdrMesTypeAlignSize2
NdrMesTypeEncode2
NdrMesTypeDecode2
RpcErrorSaveErrorInfo
RpcErrorGetNextRecord
RpcErrorResetEnumeration
RpcErrorEndEnumeration
RpcServerRegisterIfEx

ntdll

NtClose
RtlAllocateAndInitializeSid
WinSqmSetDWORD
RtlGetSaclSecurityDescriptor
RtlLengthSid
RtlCopySid
NtOpenKey
NtQueryKey
RtlNtStatusToDosError
NtQueryInformationFile
RtlInitializeCriticalSectionAndSpinCount
NtQuerySystemInformation
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
NtQueryInformationToken
NtCompareTokens
RtlEqualSid
RtlDeleteCriticalSection
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
RtlInitUnicodeString
RtlEqualUnicodeString
NtOpenFile
RtlFreeUnicodeString
RtlCreateUnicodeString
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
NtAllocateLocallyUniqueId
NtDuplicateToken
RtlInitializeCriticalSection
EtwTraceMessage
NtQueryMutant
RtlCreateVirtualAccountSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl

api-ms-win-core-localregistry-l1-1-0

RegQueryValueExW
RegOpenUserClassesRoot
RegEnumValueW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegGetValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
IsValidSecurityDescriptor
ImpersonateAnonymousToken
RevertToSelf
GetSidSubAuthority
EqualSid
CopySid
GetSidLengthRequired
InitializeSid
GetTokenInformation
IsValidSid
CreateWellKnownSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorLength
AccessCheck
SetTokenInformation
DuplicateTokenEx
CheckTokenMembership
ImpersonateLoggedOnUser
DuplicateToken
GetAce

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

sspicli

LogonUserExExW
EnumerateSecurityPackagesW
FreeContextBuffer

kernel32

MapViewOfFile
InitializeCriticalSectionAndSpinCount
OpenFileMappingW
TlsGetValue
InitializeSListHead
InterlockedPopEntrySList
UnmapViewOfFile
CreateFileMappingW
SearchPathW
SetLastError
GetSystemDirectoryW
GetSystemWow64DirectoryW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseActCtx
FindActCtxSectionGuid
FindActCtxSectionStringW
LoadLibraryExW
AddRefActCtx
OpenEventW
GetComputerNameExW
OpenProcess
InitializeCriticalSection
TlsSetValue
GetDriveTypeW
GetVersionExW
ExpandEnvironmentStringsW
WaitForMultipleObjects
CompareFileTime
GetExitCodeProcess
GetModuleHandleExW
MapViewOfFileEx
CheckElevationEnabled
CreateMutexW
GetProcessIdOfThread
OpenThread
GetFullPathNameW
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
FindClose
FindFirstFileW
ReleaseMutex
UnregisterWait
InterlockedCompareExchange64
EnterCriticalSection
IsWow64Process
HeapFree
HeapAlloc
GetProcessHeap
lstrcmpW
GetLastError
GetSystemInfo
Sleep
TlsAlloc
DelayLoadFailureHook
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualProtect
VirtualAlloc
GetModuleHandleW
VirtualQuery
GetVersion
SleepEx
InterlockedIncrement
InterlockedDecrement
DeleteTimerQueueTimer
CreateTimerQueueTimer
CloseHandle
CreateThread
LocalFree
LocalAlloc
RegisterWaitForSingleObject
lstrlenW
CreateEventW
LeaveCriticalSection
InterlockedPushEntrySList
SetEvent
WaitForSingleObject
QueueUserWorkItem
DuplicateHandle
CompareStringW
GetCurrentThread
InterlockedExchangeAdd
GetModuleFileNameW
DeleteCriticalSection

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
ServiceMain
WhichService

Sections

.text
Size: 341KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65a5ad0b83dbba5a0978b00b1daebcd5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-security-sddl-l1-1-0

sspicli

kernel32

Exports

Exports

Sections

.text Size: 341KB - Virtual size: 341KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 341KB - Virtual size: 341KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 19KB - Virtual size: 18KB