697d41d60081cee07356207f968a709f0f6c76116cca78cc99c737b2a206b601

Sharing

Copy URL Twitter E-mail

General

Target

697d41d60081cee07356207f968a709f0f6c76116cca78cc99c737b2a206b601
Size

41KB
MD5

795f3d66cd27987034226e51ffe264a0
SHA1

3ea0bc15d831d829f18c06971d95ee3b25f590bb
SHA256

697d41d60081cee07356207f968a709f0f6c76116cca78cc99c737b2a206b601
SHA512

4ee0e7b9b8c9ab2298b072fc44a220516975920bda6fdb0d0a2e1e80f6e129ab03c9812d190a5792fdbd68674aad09d1cdf0cb45ed880da18d4709fe4d240341
SSDEEP

768:k6OrxKPsu/qcGpOlXwXCjXdomHWbOCI7AXgEZ3MZ6VYU:k+J/q3pOpXJHWbOaXgE5q6VY

Score

N/A

Malware Config

Signatures

Files

697d41d60081cee07356207f968a709f0f6c76116cca78cc99c737b2a206b601
.exe windows x86

f89fe0885a16d66355c63c0c06a39533

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCloseKey
RegOpenKeyExW
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken
OpenThreadToken

kernel32

HeapFree
GetLastError
WideCharToMultiByte
lstrlenW
DeactivateActCtx
GetProcAddress
LoadLibraryExW
ActivateActCtx
LeaveCriticalSection
lstrcmpW
EnterCriticalSection
HeapAlloc
FreeLibrary
ReleaseActCtx
CreateActCtxW
ExpandEnvironmentStringsW
lstrcmpiW
ExitProcess
GetCommandLineW
InitializeCriticalSection
GetProcessHeap
SetErrorMode
SetUnhandledExceptionFilter
RegisterWaitForSingleObject
LocalFree
GetCurrentProcess
GetCurrentThread
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
LocalAlloc
LCMapStringW
DelayLoadFailureHook

ntdll

RtlInitializeSid
RtlAllocateHeap
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlFreeHeap
RtlCopySid
RtlSubAuthorityCountSid
wcscpy
wcscat
RtlInitializeCriticalSection
RtlSetProcessIsCritical
RtlImageNtHeader
wcslen
RtlUnhandledExceptionFilter

rpcrt4

RpcServerUnregisterIfEx
RpcMgmtWaitServerListen
RpcServerUnregisterIf
RpcMgmtSetServerStackSize
RpcServerListen
RpcServerUseProtseqEpW
RpcServerRegisterIf
I_RpcMapWin32Status
RpcMgmtStopServerListening

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

zxsnlgl
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f89fe0885a16d66355c63c0c06a39533

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ntdll

rpcrt4

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 28KB - Virtual size: 29KB

zxsnlgl Size: - Virtual size: 4KB

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 28KB - Virtual size: 29KB

zxsnlgl
Size: - Virtual size: 4KB