2c191709057d93647d01eea1a45e7427a1cbf35196b13c5516619c0aa62b8144

Sharing

Copy URL Twitter E-mail

General

Target

2c191709057d93647d01eea1a45e7427a1cbf35196b13c5516619c0aa62b8144
Size

200KB
MD5

91dd2d4e94a785ccdd0ee61d8d561969
SHA1

2731ac6ca44821f6208e187ce27d11dedb44e03f
SHA256

2c191709057d93647d01eea1a45e7427a1cbf35196b13c5516619c0aa62b8144
SHA512

7f6f21773492e841a3d1cd0fc455ed45b776bc9264e6fa8372a5457075f81d9ecd178f8038682c1fbf197adb8f95b010f6ddee1eb6bc6550fe6ca27e46b1cca6
SSDEEP

3072:B1ID/bZdg6wHu0vAb5CWlKdbb3AAdYw5eMZyPnz/Kgi63SahjyM29hv7Y0NbiN:BUFidHPoFlKdbb3ltj4/KgRSaO917Ni

Score

N/A

Malware Config

Signatures

Files

2c191709057d93647d01eea1a45e7427a1cbf35196b13c5516619c0aa62b8144
.exe windows x86

a6b822db44d6d7dd2ddedbd5a6ef6967

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oransgr10

nsgrx_xfr_101_out
nsgrx816_xfr_101_out
nsgrx816_xfr_101_in
nsgrx_xfr_101_in

oranro10

sncrswntgad

oracore10

lstprintf
lstlo
sslIsTerminalServerSupported
sltrusleep
lstss
ss_mem_ral
ss_mem_cal
lstmclo
lstclo
ss_mem_fre
ss_mem_alc
sscoreserverflag
slzgetevar

orauts

CloseHandle
CreateThread
WaitForSingleObject
CreateEventA
GetCurrentThreadId
SetEvent
GetLastError
Sleep
GetModuleHandleA

kernel32

GetCurrentProcess
OpenFileMappingA
OpenEventA
UnmapViewOfFile
MapViewOfFile
GetCurrentProcessId
GetVersionExA

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
OpenProcessToken

msvcr71

getenv
isalnum
ispunct
strchr
exit
memset
realloc
printf
_setjmp3
strstr
_c_exit
__getmainargs
_exit
_XcptFilter
_cexit
__p___initenv
_amsg_exit
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_stricmp
strtoul
free
malloc
sprintf
strtol
isdigit
calloc
strncat
strncpy

onsclient

ons_subscriber_close
ons_shutdown_nowait
ons_subscriber_status
ons_subscriber_create_async
ons_init
ons_subscriber_relinquish
ons_notification_body
ons_subscriber_receive

oranl10

nlnvgtn
nlnvunm
nlnvgta
nlnvlet
nlnviet
nlseoucIsEqualUser
nlseoucIsSuperUser
nldsinit
nldsdestroy
nlpcPersonaUpdFinal
nldanum
nldanum2txt
nlpcPersonaSetFinal
nldatxt
nlpcPersonaGetInitial
snldlldl
snldlgpa
nlseoucAlloc
nlseoucFill
snlsmCreate
snlsmDestroy
snlsmDscToString
snlsmGetCreator
nluits
nluicrt
nladini
nlpcsp
nlpaseq
nldtlv2str
nldtstr2lv
nldtlvlalter
nlpcgptab
nlpcglutab
nlnvcbp
nluifs
nlpassp
snlfnprndnmlen
snlfndddir
snlfnisabs
snlfnfname
snlfngenv
nlspfile
nlfncons
nlfndstry
nlfninit
nlpcglutabfc
nlpcae2v
nlpatrm
nlpains
nlpafind
nlnvgin
nlnvnnv
nlnvcpb
nlemfireg
nlbamsg
nlepeset
nlstdini
snlpcgpid
nltmdif
nlpagvc
nlpagip
nlpagbp
nltrc_exit
nltrc_entry
nlemgmz
nlnvgap
nlnvfbt
nladget
nladini_t
nlersec
nlpagsp
nlseoucFree
nlnvdbp
nlnvibp
snlergem
nldsfprintf
nlerbem
nlergoc
nlergmco
nlnvcrs
nlnvszs
nlnvfbp
nladput
nltrcwrite
nlnvuva
nlnvibb
nlnvcrb
nlerlpe
nlnvdeb
nladtrm
nlerrec
nldsflush
nldsvfprintf
nlepeget
nlerrse

oran10

nsgetinfo
npGetPS
nsredirected
nprffilter
nsevmute
nprfgetrules
nruvers
nsdsend
nlstdat
nlstdal
nlstdap
nprfgetrlcnt
nscall
nszgcoscreds
ztcr2rnd
npredirect
nprefuse
npgetservice
npgetstring
nprecv
npterm
nsevwtsg
nsevwait
npGetIndex
nsfind
npgettabent
npgettab
ntconent
nsutappend
nsevunreg
nsaccept
nsredirect
nsdosend
nscontrol
nsdo
npinit
nsdhpurge
nsevreg
nsanswer
nsevrgs
nsgetaddr
nserr2pe
nslisten
nsrefuse
nsinherit
nsgblini
nlstdggo
nsgblseticto
nprfini
nprfsetrules
nsglaGetDefaultAddr
ntapp
nlstdstp
nsgbltrm
nsdisc
nprftrm
nsmgfprintf
nsbequeath
nsDHandoff

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 212B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6b822db44d6d7dd2ddedbd5a6ef6967

Headers

File Characteristics

Imports

oransgr10

oranro10

oracore10

orauts

kernel32

advapi32

msvcr71

onsclient

oranl10

oran10

Sections

.text Size: 140KB - Virtual size: 137KB

.text1 Size: 4KB - Virtual size: 212B

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 4KB - Virtual size: 3KB

.text
Size: 140KB - Virtual size: 137KB

.text1
Size: 4KB - Virtual size: 212B

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 4KB - Virtual size: 3KB