b2789bf40a6f8ee533d361d3f8a0490f7d5c83a555f1b95692e73857f53475a8

Sharing

Copy URL Twitter E-mail

General

Target

b2789bf40a6f8ee533d361d3f8a0490f7d5c83a555f1b95692e73857f53475a8
Size

76KB
MD5

90a81f2ddc221f07e90136209edaa6f6
SHA1

3d4a2ccf13acadf862ba160bfecb02c13eb6a609
SHA256

b2789bf40a6f8ee533d361d3f8a0490f7d5c83a555f1b95692e73857f53475a8
SHA512

83bbf44177a850a258fb8976d5061c6b1137dcbc7d554f6e99984357327b383e5c389be615684229de1963bb9428be1e72ce1eadcdd596083be1dc7aa231c920
SSDEEP

1536:AiWjaU18BTtNuQ3F7/QwsR4jIWmP8pQihDBqispsozmE+cPZdE:AZaU18Bh8Q3F8weGI3l6Z8sSm7cBi

Score

N/A

Malware Config

Signatures

Files

b2789bf40a6f8ee533d361d3f8a0490f7d5c83a555f1b95692e73857f53475a8
.dll windows x86

496ad21484299a19d08479aa27604864

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegisterEventSourceW
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerW
RegCloseKey
RegQueryInfoKeyW
OpenThreadToken
AccessCheck
RegConnectRegistryW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
SetServiceStatus
ReportEventW
DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatus
RegNotifyChangeKeyValue
RegOpenKeyExA
RegQueryValueExA

kernel32

ExpandEnvironmentStringsW
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
GetComputerNameExW
WaitForMultipleObjectsEx
DeleteCriticalSection
GetLastError
SetEvent
WaitForSingleObject
lstrcmpW
FreeLibrary
Sleep
GetProcAddress
LoadLibraryW
InitializeCriticalSection
CloseHandle
CreateEventW
SetThreadPriority
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
lstrcpyA
LocalFree
LocalAlloc
GetSystemDirectoryW
SetFilePointer
CreateFileW
MoveFileW
DeleteFileW
WriteFile
GetLocalTime
DeviceIoControl
LoadLibraryA
lstrcpynA
lstrcmpA
lstrlenA
CreateSemaphoreW
ReleaseSemaphore

msvcrt

wcschr
wcslen
wcsncpy
wcscpy
_wcsicmp
_except_handler3
_ultoa
wcstoul
qsort
wcsspn
mbstowcs
wcscat
vsprintf
sprintf
_local_unwind2
_wcsnicmp
_abnormal_termination
swprintf
_beginthreadex
memmove
wcscmp

netapi32

NetApiBufferFree
NetUseDel
RxNetServerEnum
I_NetNameCanonicalize
NetShareGetInfo
DsGetDcNameW
I_BrowserQueryOtherDomains
Netbios
NetAlertRaiseEx
NetApiBufferAllocate
NetpIsRemote
I_NetServerSetServiceBitsEx

ntdll

RtlReleaseResource
RtlAcquireResourceExclusive
NtClose
NtOpenFile
RtlInitUnicodeString
NtCancelIoFile
NtQueryPerformanceCounter
RtlAppendUnicodeToString
RtlCopyUnicodeString
NtDeviceIoControlFile
RtlCompareMemory
RtlUpcaseUnicodeToOemN
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQuerySystemInformation
DbgBreakPoint
RtlGetNtProductType
RtlEqualUnicodeString
RtlDeleteResource
RtlInitializeResource
RtlNtStatusToDosError
RtlUpcaseUnicodeStringToOemString
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlCopySid
RtlSubAuthorityCountSid
RtlDeleteSecurityObject
RtlLengthSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlNewSecurityObject
NtOpenProcessToken
RtlCompareMemoryUlong
RtlSetEnvironmentVariable
RtlExpandEnvironmentStrings_U
RtlCreateEnvironment
RtlDestroyEnvironment
RtlInitAnsiString
RtlOemStringToUnicodeString
RtlInitString
NtCreateTimer
NtCancelTimer
NtSetTimer
RtlAcquireResourceShared

rpcrt4

RpcRevertToSelf
NdrServerCall2
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcBindingServerFromClient
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingFree
RpcStringFreeW
RpcImpersonateClient

Exports

Exports

I_BrowserServerEnumForXactsrv
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

496ad21484299a19d08479aa27604864

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

netapi32

ntdll

rpcrt4

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB