d33ebf7bb0a0474caddbb5494f2dc7f769a1bd104daafaf6ac7f45dd0de4a381

Sharing

Copy URL Twitter E-mail

General

Target

d33ebf7bb0a0474caddbb5494f2dc7f769a1bd104daafaf6ac7f45dd0de4a381
Size

140KB
MD5

96542a4ff93fdf9948dedb3ef584f5bb
SHA1

4c7b464fd694d201ce5fea2ff9a8f8e7fe74fef5
SHA256

d33ebf7bb0a0474caddbb5494f2dc7f769a1bd104daafaf6ac7f45dd0de4a381
SHA512

21f6f879f4260c0b10a620172b43bc07d8e084a539f5e54bca4ce3356caf4c761819035927c2ec5ebb7b5c03709b70962badc2fed950cb8651a945fb812e9af8
SSDEEP

3072:+maMK8V2V8+3FOweJI31/n1sSmnc1wJU9JeTCYBjlIfRqszEE:+maMKgr+4w0E/n1sUwyQrllE

Score

N/A

Malware Config

Signatures

Files

d33ebf7bb0a0474caddbb5494f2dc7f769a1bd104daafaf6ac7f45dd0de4a381
.dll windows x86

496ad21484299a19d08479aa27604864

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegisterEventSourceW
CloseServiceHandle
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
RegisterServiceCtrlHandlerW
RegCloseKey
RegQueryInfoKeyW
OpenThreadToken
AccessCheck
RegConnectRegistryW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
SetServiceStatus
ReportEventW
DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
QueryServiceStatus
RegNotifyChangeKeyValue
RegOpenKeyExA
RegQueryValueExA

kernel32

ExpandEnvironmentStringsW
MultiByteToWideChar
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
GetComputerNameExW
WaitForMultipleObjectsEx
DeleteCriticalSection
GetLastError
SetEvent
WaitForSingleObject
lstrcmpW
FreeLibrary
Sleep
GetProcAddress
LoadLibraryW
InitializeCriticalSection
CloseHandle
CreateEventW
SetThreadPriority
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObjectEx
lstrcpyA
LocalFree
LocalAlloc
GetSystemDirectoryW
SetFilePointer
CreateFileW
MoveFileW
DeleteFileW
WriteFile
GetLocalTime
DeviceIoControl
LoadLibraryA
lstrcpynA
lstrcmpA
lstrlenA
CreateSemaphoreW
ReleaseSemaphore

msvcrt

wcschr
wcslen
wcsncpy
wcscpy
_wcsicmp
_except_handler3
_ultoa
wcstoul
qsort
wcsspn
mbstowcs
wcscat
vsprintf
sprintf
_local_unwind2
_wcsnicmp
_abnormal_termination
swprintf
_beginthreadex
memmove
wcscmp

netapi32

NetApiBufferFree
NetUseDel
RxNetServerEnum
I_NetNameCanonicalize
NetShareGetInfo
DsGetDcNameW
I_BrowserQueryOtherDomains
Netbios
NetAlertRaiseEx
NetApiBufferAllocate
NetpIsRemote
I_NetServerSetServiceBitsEx

ntdll

RtlReleaseResource
RtlAcquireResourceExclusive
NtClose
NtOpenFile
RtlInitUnicodeString
NtCancelIoFile
NtQueryPerformanceCounter
RtlAppendUnicodeToString
RtlCopyUnicodeString
NtDeviceIoControlFile
RtlCompareMemory
RtlUpcaseUnicodeToOemN
RtlTimeToSecondsSince1980
NtQuerySystemTime
NtQuerySystemInformation
DbgBreakPoint
RtlGetNtProductType
RtlEqualUnicodeString
RtlDeleteResource
RtlInitializeResource
RtlNtStatusToDosError
RtlUpcaseUnicodeStringToOemString
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlCopySid
RtlSubAuthorityCountSid
RtlDeleteSecurityObject
RtlLengthSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlNewSecurityObject
NtOpenProcessToken
RtlCompareMemoryUlong
RtlSetEnvironmentVariable
RtlExpandEnvironmentStrings_U
RtlCreateEnvironment
RtlDestroyEnvironment
RtlInitAnsiString
RtlOemStringToUnicodeString
RtlInitString
NtCreateTimer
NtCancelTimer
NtSetTimer
RtlAcquireResourceShared

rpcrt4

RpcRevertToSelf
NdrServerCall2
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerUnregisterIf
RpcBindingServerFromClient
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingFree
RpcStringFreeW
RpcImpersonateClient

Exports

Exports

I_BrowserServerEnumForXactsrv
ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

496ad21484299a19d08479aa27604864

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

netapi32

ntdll

rpcrt4

Exports

Exports

Sections

.text Size: 69KB - Virtual size: 68KB

.data Size: 65KB - Virtual size: 65KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 69KB - Virtual size: 68KB

.data
Size: 65KB - Virtual size: 65KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB