8bb1c687beebe1e26f8a5daf226a360c7964cf8197eecaa50da3e8adae1d1148

Sharing

Copy URL Twitter E-mail

General

Target

8bb1c687beebe1e26f8a5daf226a360c7964cf8197eecaa50da3e8adae1d1148
Size

334KB
MD5

6a2f0cc1007be727d7d1205ffd314570
SHA1

5b5a96c9d3e24ff515ad5032ad1826e67dfc189c
SHA256

8bb1c687beebe1e26f8a5daf226a360c7964cf8197eecaa50da3e8adae1d1148
SHA512

5e2dde17c7fd1c0b53a9403be5fdfe3fd760edc9a5506f4098ae69e4e017e9a939a66610ed1a4de8466ce6f4d0561c1da41d6d2963c57bc0bf04f4f9085c68b1
SSDEEP

6144:Du6/zhN5s9eUQCoJSmS6OaQPe1rLJQeURCrJAkoqGcT66ODSPj+:i67hNqmMYHxLJRF1AnqlyDua

Score

N/A

Malware Config

Signatures

Files

8bb1c687beebe1e26f8a5daf226a360c7964cf8197eecaa50da3e8adae1d1148
.exe windows x86

47b3e2cb7b1b0b027483480d7a72fa46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtOpenSymbolicLinkObject
RtlOemStringToUnicodeString
NtDeleteValueKey
strncpy
NtPrivilegeCheck
NlsMbCodePageTag
RtlSetSecurityObject
NtOpenFile
NtTerminateProcess
RtlNtStatusToDosError
NtQueryInformationThread
RtlUpcaseUnicodeChar
NtQuerySymbolicLinkObject
NtPowerInformation
RtlFormatCurrentUserKeyPath
RtlAbsoluteToSelfRelativeSD
NtQueryInformationFile
RtlGetDaclSecurityDescriptor
NtReadFile
NtFsControlFile
RtlDestroyHeap
NtSetInformationProcess
RtlCreateUnicodeString
wcsncpy
RtlCompareUnicodeString
atol
RtlAllocateHeap
NtAllocateVirtualMemory
wcscmp
RtlIdentifierAuthoritySid
RtlConvertSidToUnicodeString
NtCreateKey
NtSetInformationFile
RtlInitUnicodeStringEx
NtReplaceKey
wcscpy
NtAccessCheck
RtlFreeHeap
NtFlushBuffersFile
RtlQueryInformationAcl
NtQueryValueKey
RtlDeleteAce
RtlInitializeCriticalSection
RtlIntegerToUnicodeString
NtAllocateLocallyUniqueId
strstr
RtlInitializeSid
RtlLengthSecurityDescriptor
RtlGetAce
NtPrivilegedServiceAuditAlarm
_itow
_wcsnicmp
RtlInsertElementGenericTable
RtlDeleteSecurityObject
RtlRandom
RtlDeleteElementGenericTable
NtQueryVolumeInformationFile
RtlNewSecurityObjectEx
RtlSubAuthorityCountSid
NtOpenThreadToken
RtlNumberGenericTableElements
RtlAllocateHandle
RtlStringFromGUID
RtlDeleteCriticalSection
DbgPrint
_ultow
RtlUnicodeStringToAnsiString
NtNotifyChangeKey
RtlInitAnsiString
RtlxUnicodeStringToAnsiSize
NtSetEvent
RtlOpenCurrentUser
NtClose
NtCreateFile
RtlImageNtHeader
RtlGetNtProductType
NtCloseObjectAuditAlarm
NtNotifyChangeMultipleKeys
RtlMakeSelfRelativeSD
RtlEnumerateGenericTableWithoutSplaying
wcsncmp
memmove
NtClearEvent
NtReleaseSemaphore
NtFreeVirtualMemory
RtlEnterCriticalSection
RtlSetGroupSecurityDescriptor
RtlMapGenericMask
NtCompareTokens
RtlUnwind
swprintf
NtCreateEvent
NtQuerySystemTime
NtWaitForSingleObject
wcstoul
_strnicmp
RtlAddAccessAllowedAce
wcstol
NtWriteFile
NtOpenProcessToken
NtDeviceIoControlFile
RtlExpandEnvironmentStrings_U
RtlUnicodeToMultiByteN
RtlInitializeHandleTable
wcsstr
_snwprintf
tolower
RtlUnicodeStringToInteger
NtTraceEvent
NtAccessCheckByTypeResultListAndAuditAlarm
RtlGetSecurityDescriptorRMControl
NtOpenKey
_stricmp
RtlFlushSecureMemoryCache
RtlDuplicateUnicodeString
RtlAddAccessDeniedAce
RtlLeaveCriticalSection
NtLoadKey
RtlInitializeGenericTable
RtlValidAcl
RtlAddAccessDeniedObjectAce
RtlLengthRequiredSid
RtlCreateUnicodeStringFromAsciiz
RtlValidSecurityDescriptor
NtSaveMergedKeys
RtlSetSecurityDescriptorRMControl
RtlInitUnicodeString
NtQueryInformationProcess
NtSetInformationThread
RtlAddAce
RtlQuerySecurityObject
RtlInitString
RtlxAnsiStringToUnicodeSize
RtlGetFullPathName_U
NtCreateDirectoryObject
_wcsicmp
wcschr
NtDuplicateToken
RtlSetSaclSecurityDescriptor
RtlAppendUnicodeStringToString
RtlUpcaseUnicodeStringToOemString
RtlGetControlSecurityDescriptor
RtlIsValidIndexHandle
RtlUnicodeToMultiByteSize
RtlQueryRegistryValues
_wcslwr
RtlAreAllAccessesGranted
RtlValidSid
_alloca_probe
NtSetValueKey
NtUnloadKey
RtlCreateHeap
RtlSetControlSecurityDescriptor
RtlCreateQueryDebugBuffer
RtlLengthSid
NtDeleteKey
RtlGetVersion
NtImpersonateAnonymousToken
NtAccessCheckByTypeAndAuditAlarm
NtFilterToken
NtOpenObjectAuditAlarm
NtSetInformationObject
NtQueryMultipleValueKey
RtlGetSaclSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
NtSetSecurityObject
NtAdjustGroupsToken
NtAdjustPrivilegesToken
NtQueryVirtualMemory
RtlCompareMemory
RtlGUIDFromString
RtlAddAuditAccessAce
RtlDestroyHandleTable
RtlAppendUnicodeToString
NtQuerySystemInformation
NtWaitForMultipleObjects
RtlFreeAnsiString
RtlConvertToAutoInheritSecurityObject
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
RtlIsGenericTableEmpty
RtlCreateAcl
RtlAddAuditAccessObjectAce
RtlFirstFreeAce
_vsnwprintf
RtlAddAccessAllowedAceEx
_chkstk
wcsrchr
NtDeleteObjectAuditAlarm
NtRestoreKey
NtCreateSemaphore
RtlAdjustPrivilege
RtlNewSecurityObject
NtAccessCheckByType
NtQueryKey
RtlAnsiStringToUnicodeString
RtlFreeSid
_ftol
RtlAllocateAndInitializeSid
RtlReAllocateHeap
RtlCopyUnicodeString
mbstowcs
strchr
RtlSubAuthoritySid
RtlImpersonateSelf
RtlGetGroupSecurityDescriptor
RtlIsTextUnicode
RtlFreeUnicodeString
RtlFreeHandle
RtlAddAccessAllowedObjectAce
RtlDetermineDosPathNameType_U
RtlTimeToSecondsSince1970
wcslen
RtlAddAuditAccessAceEx
NtQuerySecurityObject
NtOpenProcess
NtAccessCheckByTypeResultList
RtlEqualSid
RtlAreAnyAccessesGranted
RtlSetSecurityObjectEx
RtlSetInformationAcl
NtFlushKey
NtEnumerateValueKey
RtlLookupElementGenericTable
RtlQueryProcessDebugInformation
NtQueryPerformanceCounter
RtlCreateSecurityDescriptor
RtlNewSecurityObjectWithMultipleInheritance
RtlValidRelativeSecurityDescriptor
NtAccessCheckAndAuditAlarm
iswctype
NtSetInformationToken
RtlCopySid
RtlPrefixUnicodeString
NtEnumerateKey
NtSaveKeyEx
sprintf
RtlEqualUnicodeString
RtlGetOwnerSecurityDescriptor
NtQueryInformationToken
RtlMultiByteToUnicodeN
RtlEqualPrefixSid
RtlSetDaclSecurityDescriptor
RtlAddAccessDeniedAceEx
RtlCopyLuid
wcscat
RtlDosPathNameToNtPathName_U
RtlSetOwnerSecurityDescriptor
NtPrivilegeObjectAuditAlarm
RtlDestroyQueryDebugBuffer
NtDuplicateObject
RtlSelfRelativeToAbsoluteSD
wcstombs
NtSaveKey

rpcrt4

RpcBindingFree
I_RpcBindingIsClientLocal
RpcEpResolveBinding
UuidFromStringW
NDRCContextBinding
RpcRaiseException
RpcBindingSetAuthInfoExW
RpcStringBindingParseW
UuidCreate
RpcSsDestroyClientContext
RpcBindingSetAuthInfoA
RpcBindingFromStringBindingW
RpcStringFreeW
RpcBindingToStringBindingW
UuidToStringW
I_RpcMapWin32Status
RpcBindingSetAuthInfoExA
RpcBindingSetAuthInfoW
I_RpcExceptionFilter
RpcImpersonateClient
NdrClientCall2
RpcRevertToSelf
RpcStringBindingComposeW

kernel32

lstrcpyA
InterlockedExchangeAdd
ReadFile
GetProcessHeap
GetPrivateProfileStringW
Sleep
VirtualFree
FindClose
GetFullPathNameW
GetSystemInfo
GetCurrentProcessId
GetWindowsDirectoryW
HeapAlloc
UnmapViewOfFile
CreateProcessInternalA
VirtualAlloc
GetFileSize
GetSystemDirectoryW
WriteFile
OutputDebugStringW
TerminateProcess
CreateFileA
OpenMutexW
GetCurrentProcess
_lclose
QueryPerformanceCounter
SizeofResource
GetProcAddress
SetLastError
lstrlenW
GetTimeZoneInformation
GetSystemTime
SetUnhandledExceptionFilter
CreateProcessInternalW
MapViewOfFile
IsBadWritePtr
CreateFileMappingW
MultiByteToWideChar
GetCurrentThreadId
AreFileApisANSI
GetPrivateProfileIntW
FindFirstFileExW
lstrlenA
GetVersionExA
GetDiskFreeSpaceExW
DeleteFileW
GetComputerNameW
GetCurrentThread
SetThreadPriority
OpenEventW
LocalReAlloc
lstrcpyW
ExitThread
InitializeCriticalSection
GetLastError
CreateEventW
OpenFile
CreateFileMappingA
RaiseException
CancelIo
InterlockedExchange
GetOverlappedResult
DuplicateHandle
WaitNamedPipeW
GetCommandLineW
LoadResource
GetModuleHandleW
InterlockedDecrement
GetLongPathNameW
LeaveCriticalSection
OpenProcess
SleepEx
ExpandEnvironmentStringsA
SetEvent
FreeLibrary
GetDiskFreeSpaceW
GetModuleHandleA
SetNamedPipeHandleState
lstrcmpiW
GetModuleHandleExW
GetFileSizeEx
GetFileAttributesW
SetErrorMode
WaitForSingleObject
FormatMessageW
CreateEventA
DeleteCriticalSection
CreateThread
WaitForMultipleObjectsEx
GetFileTime
CreateFileW
GetSystemTimeAsFileTime
EnumUILanguagesW
GetPriorityClass
FindFirstFileW
FindResourceExW
GetLocalTime
GetComputerNameA
GlobalMemoryStatus
CopyFileW
LoadLibraryA
FindNextFileW
SetFilePointer
ReadProcessMemory
HeapFree
GetVolumeInformationW
GetProfileStringA
UnhandledExceptionFilter
ResumeThread
lstrcmpW
LocalFree
GetLogicalDriveStringsW
GetProfileIntA
EnterCriticalSection
ExpandEnvironmentStringsW
MoveFileW
CompareFileTime
lstrcatW
GetFileAttributesExW
WritePrivateProfileStringW
GetFullPathNameA
CreateMutexW
FindResourceA
LoadLibraryExW
lstrcpynW
GetComputerNameExW
ReleaseMutex
LoadLibraryW
InterlockedCompareExchange
WideCharToMultiByte
DeviceIoControl
InterlockedIncrement
SearchPathW
GetUserDefaultUILanguage
GetModuleFileNameW
CloseHandle
GetSystemWindowsDirectoryW
LocalAlloc
ResetEvent
GetDriveTypeW
DelayLoadFailureHook
GetTickCount

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

47b3e2cb7b1b0b027483480d7a72fa46

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

rpcrt4

kernel32

Sections

.text Size: 261KB - Virtual size: 261KB

.rsrc Size: 15KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 7.1MB

.rdata Size: 52KB - Virtual size: 52KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 261KB - Virtual size: 261KB

.rsrc
Size: 15KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 7.1MB

.rdata
Size: 52KB - Virtual size: 52KB

.tls
Size: 512B - Virtual size: 4KB