898b08a0ed529a254ec4e75f2b3f299ea52e19dff8a1c465080c7415f62524d4

Sharing

Copy URL Twitter E-mail

General

Target

898b08a0ed529a254ec4e75f2b3f299ea52e19dff8a1c465080c7415f62524d4
Size

57KB
MD5

784d20d3c04821369d9fd46f24a297f6
SHA1

dc43068fe27751d3594ccd4fb806be7dcbcaee1b
SHA256

898b08a0ed529a254ec4e75f2b3f299ea52e19dff8a1c465080c7415f62524d4
SHA512

9a5f49b5d07d82831f1e422575b3cef64d8e8e01127a25697d2c38dff62013a8ebec587755595468070169141f81af72fc4bf9139713515cce11722570c4cda7
SSDEEP

1536:/1ts4ZTtIUA+cfoC+uWnvVrdNkTleSgn:/1245tIb00e

Score

N/A

Malware Config

Signatures

Files

898b08a0ed529a254ec4e75f2b3f299ea52e19dff8a1c465080c7415f62524d4
.exe windows x86

d0cba3f13b6dd140b7e3614d1b81ea55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

samlib

SamDeleteAlias
SamCreateUser2InDomain
SamQuerySecurityObject
SamLookupDomainInSamServer
SamDeleteGroup
SamGetGroupsForUser
SamAddMultipleMembersToAlias
SamiOemChangePasswordUser2
SamTestPrivateFunctionsDomain
SamOpenUser
SamSetInformationAlias
SamQueryDisplayInformation
SamRemoveMemberFromGroup
SamCreateAliasInDomain
SamiChangeKeys
SamChangePasswordUser2
SamOpenDomain
SamQueryInformationGroup
SamShutdownSamServer
SamSetInformationDomain

kernel32

GetPrivateProfileIntW
SetConsoleMode
SetLocalTime
BackupSeek
SetThreadPriority
SetVolumeLabelW
FatalAppExitW
LZStart
LocalFileTimeToFileTime
GetComputerNameA
SetThreadLocale
VirtualAlloc
FindFirstFileExA
ScrollConsoleScreenBufferA
DuplicateConsoleHandle
HeapCreate
GetSystemWindowsDirectoryW
GetNativeSystemInfo
AddConsoleAliasW
FlushConsoleInputBuffer
LoadLibraryA
CreateTimerQueue
RemoveVectoredExceptionHandler
GetConsoleInputExeNameW
OutputDebugStringA
GetProcessHeaps
GetStartupInfoA
AddLocalAlternateComputerNameW

advapi32

SaferiPopulateDefaultsInRegistry
LsaRemoveAccountRights
DuplicateToken
LsaCreateSecret
IsValidSid
CredFree
QueryRecoveryAgentsOnEncryptedFile
SystemFunction013
LsaQueryTrustedDomainInfoByName
ControlTraceA
ConvertSecurityDescriptorToAccessNamedW
RegCreateKeyA
GetTraceEnableFlags
CloseEventLog
EncryptFileW
WmiEnumerateGuids
LsaClose
ImpersonateNamedPipeClient
ElfOpenBackupEventLogA
LsaICLookupNamesWithCreds
MakeSelfRelativeSD
RegSaveKeyExW
RevertToSelf
GetPrivateObjectSecurity
ElfClearEventLogFileW
LsaSetQuotasForAccount

ntdll

RtlImpersonateSelf
NtQueryAttributesFile
NtDisplayString
RtlSetBits
RtlGetCurrentDirectory_U
ZwOpenThreadTokenEx
RtlActivateActivationContextUnsafeFast
ZwEnumerateValueKey
ZwRemoveIoCompletion
isgraph
RtlLargeIntegerShiftLeft
ZwSuspendThread
ceil
RtlApplyRXact
NtLockVirtualMemory
RtlDeleteRegistryValue
RtlRealSuccessor
ZwSetLowEventPair
wcsspn
RtlTraceDatabaseEnumerate
NtCloseObjectAuditAlarm

expsrv

__vbaEnd
__vbaCySub
rtcPackDate
rtcFileLen
rtcCommandVar
__vbaFpCmpCy
rtcFileSeek
Zombie_Invoke
__vbaVarPow
rtcGetMonthOfYear
rtcIsEmpty
__vbaBoolVarNull
rtcVarDateFromVar
__vbaUbound
rtcLenCharVar
Zombie_Release
rtcIMEStatus
__vbaVarTextCmpLt
__vbaFileClose
rtcImmediateIf
rtcGetErl
__vbaHresultCheckObj
__vbaStrToUnicode
__vbaAryVar
__vbaUdtVar
rtcInputCharCount
__vbaDerefAry1

webcheck

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0cba3f13b6dd140b7e3614d1b81ea55

Headers

DLL Characteristics

File Characteristics

Imports

samlib

kernel32

advapi32

ntdll

expsrv

webcheck

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 13KB - Virtual size: 72KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 256B

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 13KB - Virtual size: 72KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 256B