8bfc5fc18b6c13de880baeffdc999b28b7670204d5997d2835a42009163222a0

Sharing

Copy URL Twitter E-mail

General

Target

8bfc5fc18b6c13de880baeffdc999b28b7670204d5997d2835a42009163222a0
Size

334KB
MD5

78f2ad25183ca4091e2b0f0f31e9f111
SHA1

2f943ab48e3c53f0b5bdffb861abd11210d502dc
SHA256

8bfc5fc18b6c13de880baeffdc999b28b7670204d5997d2835a42009163222a0
SHA512

a845440ad75ebd7682d66cc1056d5d16ed88870638d717aa09f08c884543688286e063283aca6eac5a11d9d08678bcf19c73e4d301b643c2fc3947f8410e483a
SSDEEP

6144:asXgKQC+knExgriO0db4EQvVtj2p4NmMt3kvCUi9ao7ozCgifqhZ:1XgvCfEeiFb4EQ9typ4aHiQo8Ox

Score

N/A

Malware Config

Signatures

Files

8bfc5fc18b6c13de880baeffdc999b28b7670204d5997d2835a42009163222a0
.exe windows x86

f855802dcc6b587c7ecfa2702697b916

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenFile
GetUserDefaultUILanguage
SetFilePointer
GetSystemInfo
CloseHandle
GetFileAttributesExW
GetVolumeInformationW
LocalFree
FindResourceExW
CompareFileTime
GetCurrentProcessId
OutputDebugStringW
lstrcmpW
TerminateProcess
GetTickCount
GetDiskFreeSpaceW
RaiseException
MapViewOfFile
CancelIo
EnterCriticalSection
GetFullPathNameA
LocalAlloc
UnhandledExceptionFilter
LoadLibraryExW
InterlockedIncrement
GlobalMemoryStatus
SetUnhandledExceptionFilter
CreateThread
SetLastError
ExitThread
GetVersionExA
FindResourceA
ReadFile
FindFirstFileExW
HeapAlloc
SleepEx
GetProfileStringA
Sleep
InitializeCriticalSection
GetModuleHandleA
GetCurrentProcess
SetNamedPipeHandleState
GetLocalTime
IsBadWritePtr
DuplicateHandle
GetSystemDirectoryW
GetDriveTypeW
LoadLibraryA
GetLogicalDriveStringsW
GetComputerNameA
LoadResource
GetFullPathNameW
CreateEventA
lstrcpyW
GetFileTime
GetTimeZoneInformation
CreateFileW
FindClose
SearchPathW
MoveFileW
CreateEventW
WaitForMultipleObjectsEx
CreateFileA
OpenMutexW
GetDiskFreeSpaceExW
LoadLibraryW
lstrcmpiW
SizeofResource
GetOverlappedResult
WaitNamedPipeW
OpenProcess
InterlockedDecrement
SetEvent
CreateFileMappingA
SetErrorMode
InterlockedExchange
ExpandEnvironmentStringsA
LeaveCriticalSection
GetWindowsDirectoryW
FindNextFileW
SetThreadPriority
_lclose
GetProcessHeap
GetLongPathNameW
lstrcpynW
lstrcatW
GetFileAttributesW
GetCommandLineW
VirtualFree
GetPrivateProfileIntW
WaitForSingleObject
GetFileSize
GetModuleHandleExW
GetCurrentThreadId
DeleteCriticalSection
VirtualAlloc
lstrlenW
GetSystemTime
lstrcpyA
GetProfileIntA
CopyFileW
GetFileSizeEx
MultiByteToWideChar
GetPriorityClass
CreateProcessInternalA
DelayLoadFailureHook
EnumUILanguagesW
AreFileApisANSI
ReleaseMutex
lstrlenA
DeviceIoControl
ResetEvent
WritePrivateProfileStringW
GetPrivateProfileStringW
GetProcAddress
GetModuleFileNameW
ReadProcessMemory
InterlockedExchangeAdd
CreateMutexW
OpenEventW
GetCurrentThread
DeleteFileW
InterlockedCompareExchange
FreeLibrary
GetSystemWindowsDirectoryW
WideCharToMultiByte
GetSystemTimeAsFileTime
GetModuleHandleW
FormatMessageW
LocalReAlloc
CreateFileMappingW
WriteFile
CreateProcessInternalW
ResumeThread
GetComputerNameW
FindFirstFileW
ExpandEnvironmentStringsW
UnmapViewOfFile
GetComputerNameExW
GetLastError
HeapFree
QueryPerformanceCounter

ntdll

NtAccessCheckByTypeResultListAndAuditAlarmByHandle
strstr
NtSetValueKey
NtLoadKey
NtOpenObjectAuditAlarm
NtReadFile
RtlAddAccessAllowedAceEx
NtPrivilegedServiceAuditAlarm
RtlSetSecurityObjectEx
RtlCreateUnicodeString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlSetOwnerSecurityDescriptor
RtlSubAuthorityCountSid
RtlDuplicateUnicodeString
NtQueryInformationFile
NtQuerySystemInformation
NtCreateKey
NtUnloadKey
RtlNtStatusToDosError
_ultow
NtRestoreKey
RtlEqualPrefixSid
RtlUnicodeToMultiByteN
RtlAppendUnicodeToString
NtAccessCheckByTypeResultListAndAuditAlarm
NtEnumerateValueKey
RtlAreAnyAccessesGranted
NtFlushBuffersFile
RtlIsTextUnicode
RtlGetControlSecurityDescriptor
RtlxAnsiStringToUnicodeSize
NtCloseObjectAuditAlarm
NtTerminateProcess
RtlDestroyHandleTable
NtOpenProcessToken
RtlSetDaclSecurityDescriptor
NtQueryPerformanceCounter
NtDuplicateObject
NtDuplicateToken
memmove
wcstol
NtOpenSymbolicLinkObject
NtAllocateVirtualMemory
NtQuerySecurityObject
NtSaveKeyEx
RtlUnwind
NtSetSecurityObject
RtlMapGenericMask
RtlValidAcl
wcscat
_vsnwprintf
NtNotifyChangeKey
NtOpenThreadToken
wcscpy
wcstoul
RtlDeleteSecurityObject
NtFreeVirtualMemory
RtlIdentifierAuthoritySid
RtlCopyUnicodeString
RtlUnicodeStringToInteger
RtlTimeToSecondsSince1970
RtlSelfRelativeToAbsoluteSD
RtlNewSecurityObject
RtlGetFullPathName_U
NtQueryVirtualMemory
RtlNumberGenericTableElements
swprintf
NtOpenProcess
RtlAreAllAccessesGranted
RtlCopyLuid
NtPowerInformation
NtSetInformationProcess
RtlCopySid
NtQueryKey
RtlReAllocateHeap
NtAccessCheckByType
RtlEnterCriticalSection
RtlLengthRequiredSid
atol
RtlAddAccessDeniedAce
RtlGetDaclSecurityDescriptor
RtlDeleteElementGenericTable
RtlRandom
NtWaitForMultipleObjects
NtSaveMergedKeys
RtlCreateQueryDebugBuffer
RtlAddAuditAccessAce
RtlFreeHandle
wcslen
RtlConvertSidToUnicodeString
RtlNewSecurityObjectWithMultipleInheritance
RtlSetSecurityDescriptorRMControl
wcsncpy
RtlIsGenericTableEmpty
RtlDosPathNameToNtPathName_U
RtlCreateUnicodeStringFromAsciiz
_snwprintf
NtAccessCheckByTypeResultList
NtFlushKey
RtlxUnicodeStringToAnsiSize
RtlAllocateAndInitializeSid
RtlAddAccessAllowedAce
_itow
_strnicmp
NtCreateDirectoryObject
RtlGetOwnerSecurityDescriptor
RtlImpersonateSelf
RtlConvertToAutoInheritSecurityObject
RtlAnsiStringToUnicodeString
NtAccessCheck
NtAdjustPrivilegesToken
_wcsicmp
RtlDestroyQueryDebugBuffer
RtlEnumerateGenericTableWithoutSplaying
RtlInitializeHandleTable
RtlPrefixUnicodeString
RtlMultiByteToUnicodeN
RtlFirstFreeAce
RtlInitString
NtQueryInformationToken
NtClearEvent
NtFsControlFile
NtDeleteValueKey
RtlFlushSecureMemoryCache
wcsncmp
strchr
RtlCreateSecurityDescriptor
NtSetInformationThread
RtlUpcaseUnicodeStringToOemString
RtlGetVersion
RtlStringFromGUID
NtQueryInformationProcess
RtlCreateAcl
iswctype
RtlEqualSid
RtlAppendUnicodeStringToString
NtReleaseSemaphore
NtWaitForSingleObject
NtSaveKey
NtAccessCheckAndAuditAlarm
RtlGetAce
RtlValidRelativeSecurityDescriptor
RtlAddAccessDeniedAceEx
RtlSelfRelativeToAbsoluteSD2
strncpy
RtlImageNtHeader
wcsrchr
RtlQueryProcessDebugInformation
NtAdjustGroupsToken
NtSetInformationObject
wcschr
NtWriteFile
RtlQueryRegistryValues
RtlInitializeGenericTable
wcscmp
NtQueryMultipleValueKey
RtlIsValidIndexHandle
NtQuerySystemTime
tolower
NtPrivilegeObjectAuditAlarm
RtlAdjustPrivilege
NtDeleteKey
RtlAddAccessAllowedObjectAce
NtDeleteObjectAuditAlarm
wcstombs
RtlSetInformationAcl
RtlFreeAnsiString
RtlDestroyHeap
RtlAddAce
RtlLeaveCriticalSection
RtlAbsoluteToSelfRelativeSD
RtlSubAuthoritySid
NtTraceEvent
DbgPrint
RtlDetermineDosPathNameType_U
RtlLookupElementGenericTable
NtCreateSemaphore
RtlUpcaseUnicodeChar
RtlLengthSid
sprintf
RtlOemStringToUnicodeString
RtlQuerySecurityObject
NtPrivilegeCheck
NtImpersonateAnonymousToken
_chkstk
NtCreateFile
NtAccessCheckByTypeAndAuditAlarm
RtlInsertElementGenericTable
RtlOpenCurrentUser
RtlInitAnsiString
RtlFreeSid
RtlGetSecurityDescriptorRMControl
mbstowcs
_ftol
RtlSetSecurityObject
RtlInitUnicodeStringEx
RtlAddAccessDeniedObjectAce
_wcsnicmp
RtlGUIDFromString
RtlNewSecurityObjectEx
RtlAddAuditAccessAceEx
RtlGetNtProductType
NtOpenKey
RtlUnicodeToMultiByteSize
NtCreateEvent
_alloca_probe
RtlIntegerToUnicodeString
RtlDeleteCriticalSection
RtlLengthSecurityDescriptor
RtlQueryInformationAcl
NtOpenFile
NtFilterToken
RtlFreeUnicodeString
_wcslwr
NtQueryVolumeInformationFile
RtlGetSaclSecurityDescriptor
RtlCompareUnicodeString
RtlEqualUnicodeString
RtlGetGroupSecurityDescriptor
RtlSetControlSecurityDescriptor
NtQueryValueKey
RtlFreeHeap
NtCompareTokens
NtNotifyChangeMultipleKeys
NtReplaceKey
RtlCreateHeap
RtlCompareMemory
NlsMbCodePageTag
RtlValidSid
NtEnumerateKey
RtlInitializeCriticalSection
NtQuerySymbolicLinkObject
RtlDeleteAce
NtClose
NtSetInformationFile
RtlInitializeSid
RtlMakeSelfRelativeSD
_stricmp
RtlAllocateHeap
RtlFormatCurrentUserKeyPath
wcsstr
RtlSetSaclSecurityDescriptor
RtlValidSecurityDescriptor
NtSetEvent
NtDeviceIoControlFile
NtQueryInformationThread
RtlAllocateHandle
RtlAddAuditAccessObjectAce
NtAllocateLocallyUniqueId
NtSetInformationToken
RtlExpandEnvironmentStrings_U
RtlSetGroupSecurityDescriptor

rpcrt4

UuidCreate
RpcBindingFromStringBindingW
UuidToStringW
RpcBindingSetAuthInfoExA
RpcRaiseException
RpcBindingSetAuthInfoExW
RpcStringFreeW
NDRCContextBinding
NdrClientCall2
RpcStringBindingParseW
RpcBindingSetAuthInfoA
RpcBindingSetAuthInfoW
RpcBindingFree
I_RpcMapWin32Status
RpcBindingToStringBindingW
RpcEpResolveBinding
RpcRevertToSelf
I_RpcBindingIsClientLocal
RpcImpersonateClient
I_RpcExceptionFilter
RpcStringBindingComposeW
RpcSsDestroyClientContext
UuidFromStringW

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f855802dcc6b587c7ecfa2702697b916

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

rpcrt4

Sections

.text Size: 261KB - Virtual size: 261KB

.rsrc Size: 15KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 7.1MB

.rdata Size: 52KB - Virtual size: 52KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 261KB - Virtual size: 261KB

.rsrc
Size: 15KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 7.1MB

.rdata
Size: 52KB - Virtual size: 52KB

.tls
Size: 512B - Virtual size: 4KB