d771fc8f9ac0e7b8b4d8de8103b00ea889da9e56537e784da7a78bedc2452ffb

Sharing

Copy URL Twitter E-mail

General

Target

d771fc8f9ac0e7b8b4d8de8103b00ea889da9e56537e784da7a78bedc2452ffb
Size

867KB
MD5

24dafde11d36ba3dc6dc86fe39aeb2d1
SHA1

9b10ee63188eccf65a68e02b5c84be7de70a8504
SHA256

d771fc8f9ac0e7b8b4d8de8103b00ea889da9e56537e784da7a78bedc2452ffb
SHA512

72c1795269cefd2fe420714b7df9353a61c42b61cfde902843ed348f8d985dc448115f56e7f999a8622bb8aa439ca3d637696f6083d6a540aea0eb818321c70f
SSDEEP

24576:OYH0V2ssYIwJpQ4TxHI0wUjGjwp/+i0fOHq:x0VCYIT4rwbwp2ia

Score

N/A

Malware Config

Signatures

Files

d771fc8f9ac0e7b8b4d8de8103b00ea889da9e56537e784da7a78bedc2452ffb
.exe windows x86

8d78afd35cd13884be90ceea607a1813

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtTraceEvent
_wcslwr
RtlSetInformationAcl
RtlNumberOfClearBits
NtCompressKey
RtlAddAuditAccessObjectAce
NtInitializeRegistry
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
RtlInitCodePageTable
_memccpy
RtlQuerySecurityObject
RtlCancelTimer
RtlAreAnyAccessesGranted
ZwQueryDefaultLocale
ZwResetEvent
NtQueryPerformanceCounter
_alldiv
RtlEqualString
cos
ZwSetUuidSeed
LdrVerifyImageMatchesChecksum
RtlAssert
ZwCloseObjectAuditAlarm
ZwQuerySemaphore
NtOpenDirectoryObject
RtlProtectHeap
NlsAnsiCodePage
RtlFreeSid
ZwGetPlugPlayEvent
LdrGetDllHandleEx
ZwInitializeRegistry
NtRestoreKey
LdrLoadAlternateResourceModule
NtOpenSymbolicLinkObject
ZwUnlockFile
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
ZwCreateSection
ZwQuerySecurityObject
NtUnlockFile
RtlCharToInteger
NtDebugActiveProcess
RtlLargeIntegerSubtract
ZwWriteFileGather
ZwLockFile
ZwMapUserPhysicalPagesScatter
NtSetInformationJobObject
RtlLargeIntegerToChar
ZwSetInformationThread
ZwWaitForSingleObject
NtRemoveIoCompletion
NtFreeVirtualMemory
RtlIsNameLegalDOS8Dot3
NtAddBootEntry
RtlAreBitsClear
ZwAllocateLocallyUniqueId
RtlConvertToAutoInheritSecurityObject
NtRequestPort
qsort
NtQueryBootOptions
RtlGenerate8dot3Name
ZwSetBootEntryOrder
ZwMapViewOfSection
ZwRaiseHardError
RtlFindMessage
CsrAllocateMessagePointer
RtlAppendUnicodeStringToString
RtlpWaitForCriticalSection
RtlGetCompressionWorkSpaceSize
isalpha

ntdsapi

DsIsMangledRdnValueA
DsIsMangledDnA
DsReplicaAddW
DsClientMakeSpnForTargetServerW
DsReplicaVerifyObjectsA
DsGetRdnW
DsReplicaConsistencyCheck
DsaopUnBind
DsListSitesA
DsListServersForDomainInSiteW
DsReplicaUpdateRefsW
DsServerRegisterSpnW
DsListDomainsInSiteA
DsListServersInSiteW
DsListServersForDomainInSiteA
DsReplicaFreeInfo
DsFreeNameResultA
DsReplicaSyncAllA
DsMakePasswordCredentialsW
DsGetSpnW
DsRemoveDsDomainA
DsReplicaGetInfo2W
DsBindWithSpnW
DsListSitesW
DsReplicaDelW
DsBindWithCredW
DsFreeSpnArrayA
DsWriteAccountSpnW
DsaopBindWithCred
DsCrackNamesA
DsaopBind
DsListRolesW
DsRemoveDsDomainW
DsaopBindWithSpn
DsUnquoteRdnValueA
DsUnquoteRdnValueW
DsFreeDomainControllerInfoW
DsQuoteRdnValueW
DsCrackUnquotedMangledRdnA
DsFreeSchemaGuidMapW
DsGetDomainControllerInfoA
DsListDomainsInSiteW
DsCrackSpn3W

crypt32

CryptMsgSignCTL
I_CryptDisableLruOfEntries
PFXExportCertStore
CryptCreateKeyIdentifierFromCSP
CryptSIPRetrieveSubjectGuid
CryptUnregisterOIDFunction
RegEnumValueU
CryptCreateAsyncHandle
I_CryptAllocTls
CertFindRDNAttr
CryptSignHashU
CryptSIPRemoveSignedDataMsg
CertGetCRLContextProperty
CryptFindLocalizedName
CertCloseStore
CertRegisterPhysicalStore
CertFreeCertificateChain
CertAddEnhancedKeyUsageIdentifier
CryptRegisterDefaultOIDFunction
CertCreateCTLContext
CertAddEncodedCertificateToStore
CertDuplicateCertificateContext
CertGetCRLFromStore
CertEnumCTLsInStore
CryptFormatObject
CryptDecodeMessage
CryptAcquireCertificatePrivateKey
CryptGetDefaultOIDFunctionAddress
CryptRegisterOIDInfo
CryptQueryObject
CryptVerifyMessageSignatureWithKey
CryptMsgVerifyCountersignatureEncoded
CertAddEncodedCertificateToSystemStoreW
CertStrToNameA
CertGetPublicKeyLength
CryptMsgClose
CryptSIPGetSignedDataMsg
I_CryptGetOssGlobal
PFXVerifyPassword

mswsock

StartWsdpService
TransmitFile
MigrateWinsockConfiguration
dn_expand
NPLoadNameSpaces
GetAcceptExSockaddrs
EnumProtocolsA
WSARecvEx
GetNameByTypeA
StopWsdpService
GetTypeByNameA
GetServiceA
WSPStartup
SetServiceW
GetServiceW
GetAddressByNameA
SetServiceA
GetAddressByNameW
GetTypeByNameW
s_perror
GetNameByTypeW
EnumProtocolsW
NSPStartup
AcceptEx

kernel32

SetThreadContext
GetLocaleInfoW
ReplaceFile
CreateRemoteThread
ReadConsoleW
GetConsoleFontInfo
BackupWrite
FindNextFileW
LoadLibraryA
FreeEnvironmentStringsW
_llseek
FormatMessageA
EnumResourceNamesW
BaseUpdateAppcompatCache
QueryPerformanceCounter
OpenMutexA
VirtualAlloc
GetThreadTimes
GetTempPathW
VDMOperationStarted
SetWaitableTimer
GetBinaryTypeA
SetFileShortNameW
WaitNamedPipeA
SetConsoleHardwareState
FindFirstVolumeMountPointA
GetEnvironmentStringsA
CommConfigDialogA
TransactNamedPipe

Sections

.text
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 330KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d78afd35cd13884be90ceea607a1813

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

ntdsapi

crypt32

mswsock

kernel32

Sections

.text Size: 346KB - Virtual size: 346KB

.rdata Size: 187KB - Virtual size: 187KB

.data Size: 330KB - Virtual size: 1.8MB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 346KB - Virtual size: 346KB

.rdata
Size: 187KB - Virtual size: 187KB

.data
Size: 330KB - Virtual size: 1.8MB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB