1afb9f93ad340b5b34983f3500c36460c9ec5d30f00dc6c7a336566709faf302

Sharing

Copy URL

Twitter E-mail

General

Target

1afb9f93ad340b5b34983f3500c36460c9ec5d30f00dc6c7a336566709faf302
Size

872KB
MD5

a0835d492a763e657501480044400a10
SHA1

bd92558026a0b22c090de77c9ab5d7a045b4939c
SHA256

1afb9f93ad340b5b34983f3500c36460c9ec5d30f00dc6c7a336566709faf302
SHA512

eaf1db567aab66b68dd577e7a9bad06d1e4f476c96c13f54a09b815aaca09176d0123b717489d2720a1b0547a306cc1a1897192eb84ec10da50c3b50647b6934
SSDEEP

12288:ocPUoQaS5dTqCEpmZbrLzSGPu6jJlWL/6FykyEAkWbGq5:oYSPTqCEp4/RPuoJs76FyknnEGe

Score

N/A

Malware Config

Signatures

Files

1afb9f93ad340b5b34983f3500c36460c9ec5d30f00dc6c7a336566709faf302
.exe windows x86

d096511a3a10cc8262395833ce8ddbc3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ncltools

?NclLogDump@@YAXAAVCModuleInfo@@JK@Z
?SetString@NclRegistry@@QAEJPA_W0@Z
?NclGetRegistryPath@@YA?AVCComBSTR@ATL@@K@Z
??1CNclLogClient@@QAE@XZ
??0CNclLogClient@@QAE@XZ
?NclDeleteCustomDataItem@@YAJU_GUID@@AAU1@@Z
?NclGetCustomDataItems@@YAJU_GUID@@PAKPAUNCL_CUSTOM_DATA@@@Z
?NclGetModules@@YAJKPAEPAPAUNCL_MODULE_INFO@@@Z
?NclRegisterModules@@YAJK@Z
?GetValue@NclRegistry@@QAEJPA_WPAK@Z
?GetString@NclRegistry@@QAEJPA_WPAPA_W@Z
?EnumerateKeys@NclRegistry@@QAEJPAKPAPAUNCL_REG_VALUE@@@Z
?NclAddCustomDataItem@@YAJU_GUID@@PAUNCL_CUSTOM_DATA@@@Z
?Open@NclRegistry@@QAEJPAUHKEY__@@PA_WK@Z
?NclGetRegistryBase@@YA?AVCComBSTR@ATL@@XZ
??1NclRegistry@@QAE@XZ
??0NclRegistry@@QAE@XZ
?NclGetCustomDataItem@@YAJU_GUID@@AAVCComBSTR@ATL@@PAUNCL_CUSTOM_DATA@@@Z
?NclThreadTimeout@CNclThread@@UAEJK@Z
?NclReleaseModule@@YAJU_GUID@@PAUIUnknown@@@Z
?NclUpdateEnvironment@@YAJK@Z
??0CNclThread@@QAE@XZ
??1CNclThread@@QAE@XZ
?NclLogDump@@YAXAAVCModuleInfo@@PBDZZ
?NclThreadWait@CNclThread@@UAEJK@Z
?NclLoadModule@@YAJU_GUID@@PAPAUIUnknown@@@Z
?NclStartThread@CNclThread@@QAEJPAVCNclThreadTask@@@Z
?NclStopThread@CNclThread@@QAEJK@Z
?NclInit@@YAXPAUHINSTANCE__@@PA_WPAVCModuleInfo@@@Z

kernel32

LeaveCriticalSection
CreateEventA
InitializeCriticalSection
IsBadCodePtr
DeleteCriticalSection
MultiByteToWideChar
IsDBCSLeadByte
GetModuleHandleA
RaiseException
lstrlenA
GetModuleFileNameA
GetCurrentProcess
SizeofResource
LoadResource
GetSystemWindowsDirectoryA
lstrcpyA
WaitForSingleObject
FindResourceA
LoadLibraryA
LoadLibraryExA
GetProcAddress
InterlockedIncrement
FreeLibrary
InterlockedDecrement
DeleteFileA
GetCurrentThread
LocalFree
SetUnhandledExceptionFilter
lstrcmpiA
SetErrorMode
GetCommandLineA
WideCharToMultiByte
lstrlenW
EnterCriticalSection
CreateThread
GetCurrentThreadId
Sleep
GetTickCount
GetExitCodeProcess
CreateProcessA
WaitForMultipleObjects
ResetEvent
ExitThread
GetVersionExA
TerminateThread
OpenEventA
CreateFileA
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetFileType
SetHandleCount
GetStdHandle
WriteFile
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
CloseHandle
SetEvent
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetLastError
RtlUnwind
GetStartupInfoA
GetProcessHeap
HeapReAlloc
HeapAlloc
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

MessageBoxA
CharNextA
DispatchMessageA
CharUpperA
DefWindowProcA
RegisterClassA
LoadStringA
PostMessageA
UnregisterClassA
MsgWaitForMultipleObjects
PeekMessageA
MessageBoxExW
PostThreadMessageA
TranslateMessage
GetMessageA
CreateWindowExA
DestroyWindow

advapi32

RegisterServiceCtrlHandlerA
SetSecurityDescriptorDacl
DeleteService
StartServiceCtrlDispatcherA
RegCreateKeyExA
ControlService
RegQueryValueExA
OpenServiceA
RegOpenKeyExA
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegQueryInfoKeyA
RegCloseKey
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegDeleteKeyA
GetTokenInformation
CloseServiceHandle
IsValidSid
CreateServiceA
GetLengthSid
CopySid
OpenProcessToken
OpenSCManagerA
RegEnumKeyExA
SetSecurityDescriptorOwner
RegSetValueExA
SetSecurityDescriptorGroup
RegDeleteValueA
InitializeSecurityDescriptor

shell32

SHGetFolderPathA

ole32

CoResumeClassObjects
CoRevokeClassObject
CoTaskMemRealloc
CoUninitialize
CoInitializeSecurity
CoSuspendClassObjects
CoInitializeEx
CoTaskMemAlloc
CoRegisterClassObject
StringFromGUID2
CoWaitForMultipleHandles
CoTaskMemFree
CoCreateInstance

oleaut32

VariantClear
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayPutElement
SafeArrayCreate
VarBstrCat
VarBstrCmp
VarUI4FromStr
UnRegisterTypeLi
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString
SysStringByteLen

shlwapi

PathAppendA

Sections

.text
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 600KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d096511a3a10cc8262395833ce8ddbc3

Headers

File Characteristics

Imports

ncltools

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 181KB - Virtual size: 181KB

.rdata Size: 77KB - Virtual size: 76KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 600KB - Virtual size: 2.4MB

.text
Size: 181KB - Virtual size: 181KB

.rdata
Size: 77KB - Virtual size: 76KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 600KB - Virtual size: 2.4MB