032a3234669a4177436e9c70dcb08f7f8bda0b257bac1fd88ab0d65fb71183ca

Sharing

Copy URL Twitter E-mail

General

Target

032a3234669a4177436e9c70dcb08f7f8bda0b257bac1fd88ab0d65fb71183ca
Size

369KB
MD5

a0366313843e91f77e0d17e22d7150a0
SHA1

d9e8be7a3ed5dd21a719f4ddee146514b60807ce
SHA256

032a3234669a4177436e9c70dcb08f7f8bda0b257bac1fd88ab0d65fb71183ca
SHA512

2b3d287503f12ee1329f49b9b781c9350959e0327f6b0ba57375c69806b64e680beaedf6b4a763c2d98dd5e25b0087e5c667ed7c6cc98534ac9ba316e59f218b
SSDEEP

6144:xaxcFBdI0UznMiUogGIoeg5GkkNeZ9AHrPlZMBLmvVrMZQsuiOeZ1B8fuWXXk:cxcbdknMiX1NkNeZ9ClatdjQuWXX

Score

N/A

Malware Config

Signatures

Files

032a3234669a4177436e9c70dcb08f7f8bda0b257bac1fd88ab0d65fb71183ca
.dll windows x86

65a5ad0b83dbba5a0978b00b1daebcd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
memmove
_wtoi
_purecall
memset
ceil
_ftol2
_wcsicmp
towupper
_wcsnicmp
_vsnwprintf
wcschr
malloc
free
_initterm
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_vsnprintf
_ultow
wcscpy_s
_XcptFilter

rpcrt4

RpcErrorStartEnumeration
RpcBindingFree
RpcBindingReset
RpcBindingCopy
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
UuidCreate
RpcAsyncInitializeHandle
RpcRevertToSelfEx
RpcImpersonateClient
I_RpcBindingInqTransportType
I_RpcBindingInqLocalClientPID
RpcBindingSetOption
I_RpcBindingInqMarshalledTargetInfo
I_RpcBindingInqWireIdForSnego
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcStringFreeW
RpcBindingVectorFree
RpcServerInqBindings
RpcServerRegisterAuthInfoW
RpcBindingFromStringBindingW
RpcAsyncCancelCall
RpcBindingUnbind
RpcBindingBind
RpcBindingCreateW
RpcBindingSetObject
RpcBindingServerFromClient
RpcMgmtEnableIdleCleanup
I_RpcFilterDCOMActivation
RpcRevertToSelf
RpcStringBindingComposeW
NdrServerCall2
RpcRaiseException
I_RpcExceptionFilter
NdrClientCall2
NdrAsyncClientCall
NdrAsyncServerCall
MesEncodeFixedBufferHandleCreate
RpcMgmtIsServerListening
RpcServerListen
RpcMgmtSetServerStackSize
RpcServerUseProtseqEpExW
MesHandleFree
MesDecodeBufferHandleCreate
NdrMesTypeAlignSize2
NdrMesTypeEncode2
NdrMesTypeDecode2
RpcErrorSaveErrorInfo
RpcErrorGetNextRecord
RpcErrorResetEnumeration
RpcErrorEndEnumeration
RpcServerRegisterIfEx

ntdll

NtClose
RtlAllocateAndInitializeSid
WinSqmSetDWORD
RtlGetSaclSecurityDescriptor
RtlLengthSid
RtlCopySid
NtOpenKey
NtQueryKey
RtlNtStatusToDosError
NtQueryInformationFile
RtlInitializeCriticalSectionAndSpinCount
NtQuerySystemInformation
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
NtQueryInformationToken
NtCompareTokens
RtlEqualSid
RtlDeleteCriticalSection
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
RtlInitUnicodeString
RtlEqualUnicodeString
NtOpenFile
RtlFreeUnicodeString
RtlCreateUnicodeString
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
NtAllocateLocallyUniqueId
NtDuplicateToken
RtlInitializeCriticalSection
EtwTraceMessage
NtQueryMutant
RtlCreateVirtualAccountSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl

api-ms-win-core-localregistry-l1-1-0

RegQueryValueExW
RegOpenUserClassesRoot
RegEnumValueW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegGetValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
IsValidSecurityDescriptor
ImpersonateAnonymousToken
RevertToSelf
GetSidSubAuthority
EqualSid
CopySid
GetSidLengthRequired
InitializeSid
GetTokenInformation
IsValidSid
CreateWellKnownSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorLength
AccessCheck
SetTokenInformation
DuplicateTokenEx
CheckTokenMembership
ImpersonateLoggedOnUser
DuplicateToken
GetAce

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

sspicli

LogonUserExExW
EnumerateSecurityPackagesW
FreeContextBuffer

kernel32

MapViewOfFile
InitializeCriticalSectionAndSpinCount
OpenFileMappingW
TlsGetValue
InitializeSListHead
InterlockedPopEntrySList
UnmapViewOfFile
CreateFileMappingW
SearchPathW
SetLastError
GetSystemDirectoryW
GetSystemWow64DirectoryW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseActCtx
FindActCtxSectionGuid
FindActCtxSectionStringW
LoadLibraryExW
AddRefActCtx
OpenEventW
GetComputerNameExW
OpenProcess
InitializeCriticalSection
TlsSetValue
GetDriveTypeW
GetVersionExW
ExpandEnvironmentStringsW
WaitForMultipleObjects
CompareFileTime
GetExitCodeProcess
GetModuleHandleExW
MapViewOfFileEx
CheckElevationEnabled
CreateMutexW
GetProcessIdOfThread
OpenThread
GetFullPathNameW
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
FindClose
FindFirstFileW
ReleaseMutex
UnregisterWait
InterlockedCompareExchange64
EnterCriticalSection
IsWow64Process
HeapFree
HeapAlloc
GetProcessHeap
lstrcmpW
GetLastError
GetSystemInfo
Sleep
TlsAlloc
DelayLoadFailureHook
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualProtect
VirtualAlloc
GetModuleHandleW
VirtualQuery
GetVersion
SleepEx
InterlockedIncrement
InterlockedDecrement
DeleteTimerQueueTimer
CreateTimerQueueTimer
CloseHandle
CreateThread
LocalFree
LocalAlloc
RegisterWaitForSingleObject
lstrlenW
CreateEventW
LeaveCriticalSection
InterlockedPushEntrySList
SetEvent
WaitForSingleObject
QueueUserWorkItem
DuplicateHandle
CompareStringW
GetCurrentThread
InterlockedExchangeAdd
GetModuleFileNameW
DeleteCriticalSection

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
ServiceMain
WhichService

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65a5ad0b83dbba5a0978b00b1daebcd5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-security-sddl-l1-1-0

sspicli

kernel32

Exports

Exports

Sections

.text Size: 342KB - Virtual size: 342KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 342KB - Virtual size: 342KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 19KB - Virtual size: 18KB