4395d8cb5c3165f4160e55584c79119a6dcaea6b6976719a44c7e1fb892bbce0

Sharing

Copy URL Twitter E-mail

General

Target

4395d8cb5c3165f4160e55584c79119a6dcaea6b6976719a44c7e1fb892bbce0
Size

98KB
MD5

a011da585997b6b263959d0c1d04ac60
SHA1

9ffd53e1e89fcee382db1225c8b0acdffa6ce082
SHA256

4395d8cb5c3165f4160e55584c79119a6dcaea6b6976719a44c7e1fb892bbce0
SHA512

3f9b3be351accda8435394a0a363976ed0e99fc8c85946c736dc50d7ce7b05ca2317a210ac7fe30caf897f84cb44683d33f145d423289b06cf7539ffe92934c5
SSDEEP

3072:1RSibKg9W3dwFwIW8dQbnNQmwZrnGkHgpZlZe:TI0wCYnNQjZrGfpte

Score

N/A

Malware Config

Signatures

Files

4395d8cb5c3165f4160e55584c79119a6dcaea6b6976719a44c7e1fb892bbce0
.exe windows x86

ff6e4667b64ac0ac84044b889ace2765

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AllocateLocallyUniqueId
CredUnmarshalCredentialA
LookupSecurityDescriptorPartsA
BuildImpersonateTrusteeW
CryptHashSessionKey
SetTraceCallback
ComputeAccessTokenFromCodeAuthzLevel
CryptGetDefaultProviderW
WmiFileHandleToInstanceNameA
ConvertSecurityDescriptorToStringSecurityDescriptorA
GetSecurityInfo
StopTraceW
CreateProcessAsUserA
GetManagedApplicationCategories
FlushTraceW
SetInformationCodeAuthzPolicyW
SetSecurityDescriptorRMControl
GetTrusteeNameA
SaferGetPolicyInformation
MD5Update
RegNotifyChangeKeyValue
WmiQueryAllDataMultipleW
ElfRegisterEventSourceA
SetSecurityDescriptorSacl
EqualPrefixSid
CryptDuplicateHash
IsTokenUntrusted
CreateWellKnownSid
RegOpenKeyExW
MapGenericMask
LookupPrivilegeValueW
SaferRecordEventLogEntry
GetAccessPermissionsForObjectW
GetTraceEnableFlags
CredDeleteW
DecryptFileW
ConvertStringSDToSDRootDomainW
CryptHashData
SetSecurityDescriptorDacl
ConvertStringSidToSidA
WmiReceiveNotificationsA
GetLengthSid
SetServiceStatus
GetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
ConvertStringSDToSDDomainA
LsaQueryTrustedDomainInfo
CreatePrivateObjectSecurity
FindFirstFreeAce
InitializeSid
ObjectOpenAuditAlarmW
LookupPrivilegeValueA
SaferiSearchMatchingHashRules
FreeEncryptionCertificateHashList
RegCreateKeyW
CloseTrace
I_ScSetServiceBitsW
EnumDependentServicesA
QueryServiceConfigA
SetServiceObjectSecurity
ControlService
AddAccessDeniedAceEx
CryptReleaseContext
LsaQueryInfoTrustedDomain
GetMultipleTrusteeW
RegDisablePredefinedCache

dnsapi

DnsModifyRecordsInSet_UTF8
DnsWriteQuestionToBuffer_W
DnsQueryExUTF8
Dns_CreateSocket
DnsGlobals
Dns_WriteRecordStructureToPacketEx
DnsNameCompareEx_W
DnsAcquireContextHandle_A
Dns_ReadRecordStructureFromPacket
Dns_CloseConnection
DnsRecordTypeForName
DnsRecordCopyEx
DnsNameCompareEx_A
Dns_AddRecordsToMessage
DnsCreateReverseNameStringForIpAddress
DnsNotifyResolver
DnsAcquireContextHandle_W
DnsRecordSetDetach
Dns_ReadPacketNameAllocate
Dns_InitializeWinsock
DnsQueryExW
Dns_UpdateLibEx
NetInfo_Free
Dns_SkipPacketName
DnsUtf8ToUnicode
DnsReplaceRecordSetA

wininet

ParseX509EncodedCertificateForListBoxEntry
InternetTimeToSystemTimeW
InternetSetCookieExA
InternetReadFile
HttpEndRequestA
InternetCrackUrlW
InternetGetConnectedState
InternetSetStatusCallbackA
InternetGetCertByURL
FindNextUrlCacheEntryA
ReadUrlCacheEntryStream
FtpSetCurrentDirectoryW
GopherOpenFileW
CreateMD5SSOHash
HttpEndRequestW
InternetGoOnline
SetUrlCacheEntryGroup
InternetGoOnlineW
CommitUrlCacheEntryW
ResumeSuspendedDownload
InternetWriteFileExW
UnlockUrlCacheEntryFile
InternetGetConnectedStateExA
CommitUrlCacheEntryA
HttpSendRequestA
FindFirstUrlCacheContainerW
InternetFindNextFileW
InternetDialA
InternetSetCookieW
FtpFindFirstFileW
FtpRemoveDirectoryA
InternetGetConnectedStateExW
HttpAddRequestHeadersW
InternetSetFilePointer
FindFirstUrlCacheEntryA
SetUrlCacheGroupAttributeA
SetUrlCacheEntryGroupW
FtpPutFileA
RunOnceUrlCache
GopherGetLocatorTypeW
DeleteUrlCacheEntryA
ShowX509EncodedCertificate
InternetFortezzaCommand
InternetOpenUrlW
SetUrlCacheConfigInfoW

netapi32

I_NetDatabaseSync
I_NetlogonComputeClientDigest
NetFileGetInfo
I_NetServerTrustPasswordsGet
DsDeregisterDnsHostRecordsW
I_NetDfsGetVersion
DsGetDcSiteCoverageW
NetLogonSetServiceBits
NetpAssertFailed
NetWkstaTransportDel
I_NetServerGetTrustInfo
RxRemoteApi
NetMessageBufferSend
NetShareDel
NetServerGetInfo
DsAddressToSiteNamesExW
NetServerDiskEnum
DsEnumerateDomainTrustsA
NetLocalGroupGetInfo
NetWkstaSetInfo
NetLocalGroupEnum
NetDfsManagerInitialize
NetReplImportDirUnlock
RxNetUserPasswordSet
NetReplExportDirEnum
RxNetServerEnum
DsGetDcNameW
NetpGetConfigValue
NetGroupGetInfo
NetpGetConfigBool
NetStatisticsGet
NetScheduleJobEnum

kernel32

GetConsoleFontSize
WaitForMultipleObjects
GlobalUnfix
SetThreadPriorityBoost
GlobalGetAtomNameA
GetPrivateProfileSectionW
VirtualQueryEx
GetConsoleHardwareState
GetConsoleAliasesA
GetConsoleAliasExesLengthA
GetCPInfo
EnumUILanguagesA
GetNumberFormatW
UpdateResourceA
DefineDosDeviceW
VirtualFreeEx
ResumeThread
ExitVDM
LoadLibraryExA
Toolhelp32ReadProcessMemory
AddLocalAlternateComputerNameA
VirtualAlloc
PulseEvent
GetLocaleInfoW
GetEnvironmentStringsW
GetModuleHandleExW
QueryPerformanceCounter
SetStdHandle
WriteConsoleOutputA
InterlockedExchange
GetNamedPipeHandleStateW
WritePrivateProfileSectionW
CreateToolhelp32Snapshot
SetWaitableTimer
LZOpenFileW
GenerateConsoleCtrlEvent
SetConsoleNumberOfCommandsA
LoadLibraryA
GetNumaNodeProcessorMask
GetCurrentThread

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff6e4667b64ac0ac84044b889ace2765

Headers

File Characteristics

Imports

advapi32

dnsapi

wininet

netapi32

kernel32

Sections

.text Size: 45KB - Virtual size: 45KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 512B - Virtual size: 131KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 512B - Virtual size: 131KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 1024B - Virtual size: 1024B