e4584d0245bbde2129a6e9fdd4ec649d8e1be7d3d78682b2d1da05e804e95108

Sharing

Copy URL

Twitter E-mail

General

Target

e4584d0245bbde2129a6e9fdd4ec649d8e1be7d3d78682b2d1da05e804e95108
Size

767KB
MD5

4303354b7fb4e4cc193dbee5ba2f40b6
SHA1

45fbc08b5b19287d418c00322e5c128eb4c4847d
SHA256

e4584d0245bbde2129a6e9fdd4ec649d8e1be7d3d78682b2d1da05e804e95108
SHA512

f8dac2506f0a1c1e2a0f0e8e0ad73e4b7a378b3ce330f9b5a21f561dbb3c84d4611e339a8a858ab3ae5682b88a25b29f68e8e9665c0a90529878dbf8ce48bfc9
SSDEEP

12288:JdsZzYs2vHfb/I3fscfCf5ES7B/6UWz31n7wv4iI1:Jdb1b/I37fCf5EK6f1n7d

Score

N/A

Malware Config

Signatures

Files

e4584d0245bbde2129a6e9fdd4ec649d8e1be7d3d78682b2d1da05e804e95108
.dll windows x64

34e8584e24257d6bed14f9803f883a4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_CxxThrowException
memcpy
memcmp
floorf
realloc
_errno
__CxxFrameHandler3
_onexit
__dllonexit
_purecall
_unlock
_lock
??1type_info@@UEAA@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
__C_specific_handler
memset
_wtoi
_wcsupr_s
wcsstr
towlower
_wcsicoll
wcschr
vswprintf_s
_vscwprintf
wcscspn
wcsspn
wcstoul
_wmakepath_s
_wsplitpath_s
_resetstkoflw
calloc
memmove_s
_vsnwprintf
memcpy_s
malloc
free
_wcsicmp
log10
pow

ntdll

RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
RtlAllocateHeap
RtlFreeHeap
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EtwEventUnregister
EtwEventRegister
ShipAssertMsgW
EtwGetTraceLoggerHandle
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
NtPowerInformation
RtlInitUnicodeString
RtlAcquireResourceShared
RtlReleaseResource
RtlAcquireResourceExclusive
RtlDeleteResource
RtlInitializeResource
ShipAssert
WinSqmAddToStreamEx
RtlSetLastWin32ErrorAndNtStatusFromNtStatus
NtQueryInformationProcess
EtwEventWrite
EtwTraceMessage
EtwLogTraceEvent
NtQueryInformationToken

api-ms-win-core-heap-l1-2-0

HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
HeapDestroy
HeapSize

oleaut32

SafeArrayDestroy
SafeArrayLock
SafeArrayCreate
BSTR_UserSize
LPSAFEARRAY_UserUnmarshal64
LPSAFEARRAY_UserFree64
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserSize64
BSTR_UserMarshal
SafeArrayUnlock
LPSAFEARRAY_UserFree
LPSAFEARRAY_UserUnmarshal
BSTR_UserSize64
BSTR_UserFree64
LPSAFEARRAY_UserMarshal64
LPSAFEARRAY_UserMarshal
SafeArrayCopy
SafeArrayGetVartype
SafeArrayGetUBound
SafeArrayGetLBound
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayGetElement
SysAllocString
SysFreeString
BSTR_UserUnmarshal64
BSTR_UserMarshal64
BSTR_UserUnmarshal
BSTR_UserFree

rpcrt4

RpcStringFreeW
I_RpcBindingInqTransportType
RpcServerInqBindings
NdrServerCallAll
NdrServerCall2
UuidCreate
RpcServerInqCallAttributesW
I_RpcBindingInqLocalClientPID
RpcImpersonateClient
I_RpcExceptionFilter
RpcBindingFree
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingVectorFree
RpcRevertToSelf
RpcServerUseProtseqEpW
UuidEqual
RpcServerUnregisterIfEx
NdrClientCall3
RpcServerRegisterIf3

api-ms-win-core-synch-l1-2-0

LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ResetEvent
CreateEventExW
SetEvent
Sleep
EnterCriticalSection
TryEnterCriticalSection
WaitForSingleObject
WaitForSingleObjectEx
CreateEventW
WaitForMultipleObjectsEx

api-ms-win-security-base-l1-2-0

GetLengthSid
CopySid
GetSidSubAuthority
InitializeSid
GetSecurityDescriptorControl
GetSidLengthRequired
MakeAbsoluteSD
IsValidSid
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
CheckTokenMembership
GetSecurityDescriptorGroup
AllocateAndInitializeSid
AddAccessAllowedAce
MakeSelfRelativeSD
InitializeAcl
GetSecurityDescriptorLength
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
FreeSid
GetAce
GetKernelObjectSecurity
SetKernelObjectSecurity
SetSecurityDescriptorDacl
GetAclInformation
AddAccessAllowedAceEx
GetTokenInformation
AddAce
SetSecurityDescriptorSacl

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
RaiseException

api-ms-win-core-processthreads-l1-1-1

OpenProcessToken
CreateProcessW
CreateThread
ProcessIdToSessionId
OpenProcess
OpenThreadToken
GetCurrentProcess
SetThreadPriority
GetCurrentThread
TerminateProcess
GetExitCodeProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegOpenKeyExW
RegSetKeySecurity
RegGetKeySecurity
RegEnumKeyExW
RegCloseKey
RegOpenCurrentUser
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegGetValueW

api-ms-win-core-libraryloader-l1-1-1

LockResource
FindResourceExW
DisableThreadLibraryCalls
LoadResource
SizeofResource

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-sysinfo-l1-2-0

GetTickCount
GetComputerNameExW
GetSystemTime
GetVersionExW
GetSystemTimeAsFileTime
GetSystemDirectoryW

api-ms-win-core-debug-l1-1-1

OutputDebugStringA
OutputDebugStringW

api-ms-win-core-file-l1-2-0

CreateFileW
FileTimeToLocalFileTime

api-ms-win-core-memory-l1-1-1

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
SubmitThreadpoolWork
CreateThreadpoolTimer
SetEventWhenCallbackReturns
CloseThreadpoolWork
CloseThreadpoolWait
CreateThreadpoolCleanupGroup
WaitForThreadpoolTimerCallbacks
CreateThreadpoolWait
SetThreadpoolWait
CreateThreadpoolWork
WaitForThreadpoolWaitCallbacks
WaitForThreadpoolWorkCallbacks
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
CloseThreadpoolTimer

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessage

api-ms-win-eventing-provider-l1-1-0

EventWrite

api-ms-win-service-core-l1-1-1

SetServiceStatus
RegisterServiceCtrlHandlerExW

api-ms-win-core-io-l1-1-1

GetQueuedCompletionStatus
CreateIoCompletionPort
PostQueuedCompletionStatus

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrlenW
lstrcmpW

api-ms-win-core-windowserrorreporting-l1-1-0

WerRegisterMemoryBlock

api-ms-win-core-kernel32-legacy-l1-1-0

WaitForMultipleObjects
GetSystemPowerStatus

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

hid

HidP_GetCaps
HidD_GetPreparsedData
HidD_GetAttributes
HidD_FreePreparsedData
HidD_GetHidGuid

mmdevapi

ord2
ord12
ord9
ord7
ord15

avrt

AvSetMmThreadCharacteristicsA
AvQuerySystemResponsiveness
AvRevertMmThreadCharacteristics
AvSetMmThreadPriority

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

DelayLoadFailureHook
ResolveDelayLoadedAPI

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 627KB - Virtual size: 626KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 379B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 32B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

RT_DATA
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

34e8584e24257d6bed14f9803f883a4f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-heap-l1-2-0

oleaut32

rpcrt4

api-ms-win-core-synch-l1-2-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-libraryloader-l1-1-1

api-ms-win-core-string-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-file-l1-2-0

api-ms-win-core-memory-l1-1-1

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-core-io-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

hid

mmdevapi

avrt

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

Exports

Exports

Sections

.text Size: 627KB - Virtual size: 626KB

RT_CODE Size: 512B - Virtual size: 379B

RT_BSS Size: - Virtual size: 32B

.data Size: 5KB - Virtual size: 5KB

.pdata Size: 37KB - Virtual size: 37KB

.idata Size: 12KB - Virtual size: 11KB

RT_DATA Size: 512B - Virtual size: 64B

.rsrc Size: 78KB - Virtual size: 77KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 627KB - Virtual size: 626KB

RT_CODE
Size: 512B - Virtual size: 379B

RT_BSS
Size: - Virtual size: 32B

.data
Size: 5KB - Virtual size: 5KB

.pdata
Size: 37KB - Virtual size: 37KB

.idata
Size: 12KB - Virtual size: 11KB

RT_DATA
Size: 512B - Virtual size: 64B

.rsrc
Size: 78KB - Virtual size: 77KB

.reloc
Size: 5KB - Virtual size: 5KB