2e86dd654ec63c0d58ad4fb2f7fe894c3e7f7426401bb0874ef46af5ae761a6f

Sharing

Copy URL

Twitter E-mail

General

Target

2e86dd654ec63c0d58ad4fb2f7fe894c3e7f7426401bb0874ef46af5ae761a6f
Size

392KB
MD5

902f5a55be37df9a463508d1b7a92c50
SHA1

46b9bf50a77bf4f7df0727df990722f97c8ef385
SHA256

2e86dd654ec63c0d58ad4fb2f7fe894c3e7f7426401bb0874ef46af5ae761a6f
SHA512

a1dae9703ee80d6cea94207b0ea8bc865a47f2610bcb17a5fd4f4597df1ae667961401ec7e3a2c389710b04ded93801db60d8965445aae63af4b6dbb3f057d5d
SSDEEP

6144:uv+XMVheFlAu3Z3htmWn3kZvKoceq5dQcOG:8+X+e5xARcejG

Score

N/A

Malware Config

Signatures

Files

2e86dd654ec63c0d58ad4fb2f7fe894c3e7f7426401bb0874ef46af5ae761a6f
.dll windows x86

d85f04f1ff5855384b6cd7c06edf6980

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ControlService
SetTokenInformation
ImpersonateLoggedOnUser
CreateProcessAsUserW
StartServiceW
ConvertSidToStringSidW
QueryServiceStatus
DuplicateTokenEx
RegSetValueExW
LsaRetrievePrivateData
LookupAccountNameW
AccessCheck
GetSecurityDescriptorLength
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
QueryServiceStatusEx
SaferCreateLevel
SaferComputeTokenFromLevel
SaferCloseLevel
CommandLineFromMsiDescriptor
IsValidSecurityDescriptor
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AllocateLocallyUniqueId
SetServiceStatus
RegQueryValueA
RegisterServiceCtrlHandlerExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetSecurityDescriptorDacl
GetAce
RegOpenKeyW
RegQueryValueW
CryptAcquireContextW
CryptReleaseContext
SystemFunction036
CryptGenRandom
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegEnumValueW
ImpersonateAnonymousToken
OpenThreadToken
RevertToSelf
RegOpenUserClassesRoot
SaferiCompareTokenLevels
CheckTokenMembership
CopySid
SetThreadToken
CreateWellKnownSid
LsaOpenPolicy
LsaQueryInformationPolicy
LsaClose
EqualSid
GetTokenInformation
OpenProcessToken
ChangeServiceConfigW
LsaFreeMemory

kernel32

DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
LoadLibraryA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
TlsAlloc
LocalAlloc
CreateEventA
LocalFree
Sleep
GetComputerNameA
QueryPerformanceCounter
GlobalMemoryStatus
GetDiskFreeSpaceA
InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
GetComputerNameW
GetLastError
lstrcmpW
GetProcessHeap
HeapAlloc
HeapFree
GetDriveTypeW
lstrcpynW
MultiByteToWideChar
lstrlenA
GetExitCodeProcess
WaitForMultipleObjects
CreateMutexW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ResumeThread
OpenFileMappingW
CreateProcessW
ReadFile
ReleaseActCtx
WriteFile
WaitNamedPipeW
InitializeCriticalSectionAndSpinCount
lstrcmpiA
MapViewOfFileEx
VirtualAlloc
VirtualFree
GetSystemTimeAsFileTime
DelayLoadFailureHook
SetLastError
CloseHandle
DeviceIoControl
CreateFileW
SleepEx
InterlockedIncrement
InterlockedDecrement
CreateThread
GetSystemInfo
lstrcpyW
lstrlenW
RegisterWaitForSingleObject
CreateEventW
SetEvent
WaitForSingleObject
lstrcatW
TerminateJobObject
GetCurrentThread
InterlockedExchangeAdd
DeleteTimerQueueTimer
CreateTimerQueueTimer
DeleteCriticalSection
IsDebuggerPresent
DebugBreak
ResetEvent
TlsSetValue
TlsGetValue
GetModuleHandleW
LoadLibraryExA
ExpandEnvironmentStringsW
GetModuleFileNameW
ReleaseMutex
FindActCtxSectionGuid
FindActCtxSectionStringW
LoadLibraryW
GetSystemDirectoryW
GetSystemWow64DirectoryW
lstrcmpiW
SearchPathW
AddRefActCtx
OpenProcess
DuplicateHandle
InitializeCriticalSection
OpenEventW
LoadLibraryExW
FindClose
FindFirstFileW

msvcrt

_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
wcschr
_resetstkoflw
_except_handler3
memmove
_wtoi
_purecall
ceil
_ftol
wcslen
wcscpy
_ultow
strncmp
wcstol
_stricmp
swprintf
_vsnwprintf
_wcsicmp
wcsncpy
towupper
wcscat

ntdll

RtlAllocateHeap
RtlFreeHeap
RtlImageNtHeader
RtlNtStatusToDosError
NtOpenFile
RtlInitString
RtlDeleteCriticalSection
RtlEqualSid
NtCompareTokens
NtQueryInformationToken
DbgPrint
NtQuerySystemInformation
NtOpenSection
NtFsControlFile
NtCreateFile
RtlAdjustPrivilege
NtSetInformationProcess
NtDuplicateToken
NtAllocateLocallyUniqueId
RtlInitUnicodeString
RtlEqualUnicodeString
NtSetUuidSeed
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlGetNtProductType
RtlInitializeCriticalSection
RtlLengthRequiredSid
RtlInitializeSid
RtlSubAuthoritySid
RtlAllocateAndInitializeSid
NtClose
NtOpenKey
RtlLengthSid
RtlCopySid

rpcrt4

RpcServerRegisterIf2
RpcMgmtSetServerStackSize
UuidCreate
RpcServerListen
RpcMgmtIsServerListening
I_RpcAllocate
I_RpcFree
RpcServerUseProtseqEpExW
RpcBindingFree
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoExW
NdrAsyncServerCall
NdrAsyncClientCall
MesEncodeFixedBufferHandleCreate
MesHandleFree
MesDecodeBufferHandleCreate
NdrMesTypeAlignSize2
NdrMesTypeEncode2
NdrMesTypeDecode2
RpcRevertToSelfEx
RpcImpersonateClient
RpcRaiseException
I_RpcBindingInqTransportType
RpcAsyncCompleteCall
RpcBindingSetOption
I_RpcBindingInqWireIdForSnego
RpcServerUnregisterIf
I_RpcServerInqLocalConnAddress
I_RpcServerCheckClientRestriction
TowerExplode
I_RpcSystemFunction001
RpcServerRegisterIfEx
I_RpcServerRegisterForwardFunction
I_RpcServerSetAddressChangeFn
I_RpcExceptionFilter
NdrClientCall2
NdrServerCall2
RpcStringBindingComposeW
RpcMgmtEnableIdleCleanup
I_RpcBindingInqLocalClientPID
RpcRevertToSelf
RpcBindingReset
RpcAsyncCancelCall
RpcBindingFromStringBindingW
RpcBindingSetObject
RpcAsyncInitializeHandle
RpcBindingCopy
RpcServerInqBindings
RpcBindingVectorFree
RpcStringFreeW
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcServerRegisterAuthInfoW

secur32

FreeContextBuffer
LsaLogonUser
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaFreeReturnBuffer
EnumerateSecurityPackagesW

user32

wsprintfW
LoadStringW
CharUpperW

ws2_32

closesocket
WSAIoctl
WSAGetLastError
inet_ntoa
gethostname
gethostbyname
socket
bind
WSASetServiceW
htons
getsockname

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
ServiceMain
WhichService

Sections

.text
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d85f04f1ff5855384b6cd7c06edf6980

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

rpcrt4

secur32

user32

ws2_32

Exports

Exports

Sections

.text Size: 247KB - Virtual size: 247KB

.data Size: 131KB - Virtual size: 131KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 247KB - Virtual size: 247KB

.data
Size: 131KB - Virtual size: 131KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 11KB - Virtual size: 10KB