a5371a6d39bfaa0c114e15cab688f5d9cf515960cccf8daebd6a8954783087b5

Sharing

Copy URL Twitter E-mail

General

Target

a5371a6d39bfaa0c114e15cab688f5d9cf515960cccf8daebd6a8954783087b5
Size

28KB
MD5

a0f2d1192056aaa1a497375d9b15af50
SHA1

75c32fcf6efdb9c353661cbb5031a279884ece95
SHA256

a5371a6d39bfaa0c114e15cab688f5d9cf515960cccf8daebd6a8954783087b5
SHA512

56af7ca838fd76e4642fd03c70bfe8e06bb9debd9b4e5e29f999929a6979d934f4ddd090fb6fb8faf3d182f07ee6d226a34e060d01c5ba0586ea85d2fe7355b5
SSDEEP

768:tPQP48SnkLBIvuNoZzZ+mwtgKwVPdLJEEGnFO2t4:tYg8SENoX+bCfEEmL

Score

N/A

Malware Config

Signatures

Files

a5371a6d39bfaa0c114e15cab688f5d9cf515960cccf8daebd6a8954783087b5
.exe windows x86

1d0e3c61d4e8790ec8837a38daa7d43d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoInitializeEx
ReleaseStgMedium
CoUninitialize
StringFromCLSID
CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc

gdi32

DeleteObject

kernel32

LeaveCriticalSection
LoadLibraryW
DeleteCriticalSection
FormatMessageW
CloseHandle
GetModuleHandleA
GetLastError
lstrcmpW
QueryPerformanceCounter
GetModuleFileNameW
GetProcAddress
FreeLibrary
SetUnhandledExceptionFilter
OutputDebugStringA
GetComputerNameW
GlobalFree
GetWindowsDirectoryW
WaitForSingleObject
GetSystemTimeAsFileTime
VirtualAlloc
ExitThread
UnhandledExceptionFilter
LoadLibraryA
GetCurrentProcessId
GetTickCount
GlobalLock
lstrcpynW
GetCurrentThreadId
lstrcpyW
GetModuleHandleW
InitializeCriticalSection
CreateEventW
EnterCriticalSection
GetTimeFormatW
CreateThread
GetVersionExW
LocalAlloc
GlobalAlloc
SetLastError
GlobalUnlock
lstrlenW
GetDateFormatW
InterlockedDecrement
GetCommandLineW
SetEvent
ExpandEnvironmentStringsW
LocalFree
GetVersion
GetCurrentProcess
GetFileAttributesW
GetTimeZoneInformation
IsBadReadPtr
TerminateProcess
Sleep
SystemTimeToFileTime
lstrcmpiW
SystemTimeToTzSpecificLocalTime
SetThreadPriority

advapi32

IsValidSecurityDescriptor
RegDeleteKeyW
AddAce
GetSecurityDescriptorDacl
GetAce
MakeSelfRelativeSD
AllocateAndInitializeSid
RegCloseKey
GetTokenInformation
SetSecurityDescriptorGroup
InitializeSecurityDescriptor
GetPrivateObjectSecurity
RegCreateKeyExW
MapGenericMask
GetSecurityDescriptorLength
InitializeAcl
SetPrivateObjectSecurity
OpenProcessToken
DestroyPrivateObjectSecurity
RegSetValueExW
SetSecurityDescriptorDacl
CreatePrivateObjectSecurityEx
RegOpenKeyExW
RegEnumKeyExW
GetLengthSid
FreeSid
SetSecurityDescriptorOwner

msvcrt

malloc
_onexit
_adjust_fdiv
_except_handler3
__CxxFrameHandler
wcscpy
_initterm
_wcsdup
_wcsicmp
wcscmp
_purecall
free
_wtoi
__RTDynamicCast
wcsncmp
__dllonexit
wcslen
wcsncpy
_beginthreadex

ntdll

NtAddAtom

user32

DestroyWindow
CloseClipboard
WinHelpW
CallNextHookEx
PostMessageW
MessageBeep
EnableWindow
EmptyClipboard
GetDlgItem
LoadStringW
ShowWindow
GetClipboardData
DestroyIcon
RegisterClipboardFormatW
LoadBitmapW
UnhookWindowsHookEx
ScreenToClient
SendMessageW
GetWindowRect
LoadIconW
OpenClipboard
GetCursorPos
GetSystemMetrics
GetParent
SetWindowsHookExW
IsWindow

ntmsapi

CancelNtmsLibraryRequest
CloseNtmsNotification
MountNtmsMedia
CreateNtmsMediaPoolW
SetNtmsRequestOrder
ReleaseNtmsCleanerSlot
ReserveNtmsCleanerSlot
InjectNtmsMedia
OpenNtmsNotification
AddNtmsMediaType
GetVolumesFromDriveW
OpenNtmsSessionW
SetNtmsObjectSecurity
CleanNtmsDrive
DismountNtmsMedia
DoEjectFromSADriveW
DeleteNtmsMedia
EjectNtmsCleaner
AccessNtmsLibraryDoor
WaitForNtmsNotification
DeallocateNtmsMedia
GetNtmsMediaPoolNameW
DeleteNtmsDrive
DeleteNtmsMediaPool
SatisfyNtmsOperatorRequest
DisableNtmsObject
DeleteNtmsLibrary
InventoryNtmsLibrary
GetNtmsRequestOrder
MoveToNtmsMediaPool
SetNtmsObjectInformationW
InjectNtmsCleaner
EnableNtmsObject
GetNtmsObjectInformationW
DeleteNtmsRequests
DeleteNtmsMediaType
CancelNtmsOperatorRequest
EnumerateNtmsObject
DismountNtmsDrive
SetNtmsDeviceChangeDetection
EjectNtmsMedia
GetNtmsObjectSecurity
CloseNtmsSession

dhcpcsvc

DhcpEnumClasses

Sections

.textbss
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1d0e3c61d4e8790ec8837a38daa7d43d

Headers

File Characteristics

Imports

ole32

gdi32

kernel32

advapi32

msvcrt

ntdll

user32

ntmsapi

dhcpcsvc

Sections

.textbss Size: - Virtual size: 96KB

.text Size: 512B - Virtual size: 420B

.rdata Size: 512B - Virtual size: 32B

.idata Size: 26KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 92KB

.textbss
Size: - Virtual size: 96KB

.text
Size: 512B - Virtual size: 420B

.rdata
Size: 512B - Virtual size: 32B

.idata
Size: 26KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 92KB