4ccb8c86348485c4906bb045a3000e6bb0e8abc275f74213e6644ae1d050a2df

Sharing

Copy URL Twitter E-mail

General

Target

4ccb8c86348485c4906bb045a3000e6bb0e8abc275f74213e6644ae1d050a2df
Size

211KB
MD5

44b82ee45769c7e55e7356f93e8ae083
SHA1

1bd192a0ecae232855bbdd53010f845f24436521
SHA256

4ccb8c86348485c4906bb045a3000e6bb0e8abc275f74213e6644ae1d050a2df
SHA512

886dcd068ab88525f4c96938ec1269fd6df77edf56043ccf8ae74080fd9db796f94e98f447b1d8a1e6c29b001839a0ed33c21c8a4bb9b210af20209490138435
SSDEEP

6144:QBKhr2z7N0/ky4Jd9CV/iAS5NZU7CUez0JpN5LJ7:tU39LUub0JpN5t7

Score

N/A

Malware Config

Signatures

Files

4ccb8c86348485c4906bb045a3000e6bb0e8abc275f74213e6644ae1d050a2df
.dll windows x86

9a6d7eddb2fe0e48b52841b6f4b486b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

QueryServiceConfigW
SystemFunction029
MD5Init
MD5Update
MD5Final
RegQueryValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SystemFunction007
SystemFunction001
RegQueryInfoKeyW
RevertToSelf
SetThreadToken
LsaCreateSecret
LsaQuerySecret
LsaSetSecret
LsaDelete
LsaSetInformationPolicy
RegDeleteKeyW
RegCreateKeyExW
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
LookupAccountSidW
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyW
LsaOpenSecret
ChangeServiceConfigW
StartServiceW
EnumDependentServicesW
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegConnectRegistryW
OpenThreadToken
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
RegSetValueExW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
RegCloseKey
WmiNotificationRegistrationW
RegNotifyChangeKeyValue
SetServiceStatus
I_ScSetServiceBitsW

kernel32

MoveFileW
DeleteFileW
CreateDirectoryW
GetFileAttributesW
GetWindowsDirectoryW
GetLocalTime
FlushFileBuffers
GetCurrentThread
GetComputerNameExW
VerifyVersionInfoW
VerSetConditionMask
LoadLibraryW
RemoveLocalAlternateComputerNameW
GetSystemWindowsDirectoryW
GetComputerNameW
SetFilePointer
SetUnhandledExceptionFilter
VirtualAlloc
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
LoadLibraryA
FreeLibrary
GetProcAddress
DelayLoadFailureHook
EnumerateLocalComputerNamesW
DnsHostnameToComputerNameW
AddLocalAlternateComputerNameW
SetLocalPrimaryComputerNameW
GetVersionExW
SetComputerNameExW
WriteFile
InterlockedCompareExchange
Sleep
VirtualProtect
DefineDosDeviceW
DosPathToSessionPathW
GetVersion
GlobalMemoryStatus
CreateFileW
LocalReAlloc
LocalUnlock
LocalLock
WaitForMultipleObjects
OpenEventW
LocalAlloc
LocalFree
InitializeCriticalSection
CreateEventW
ResetEvent
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
GetLastError
SetEvent
EnterCriticalSection
lstrcmpW
CloseHandle

msvcrt

wcslen
wcscat
wcscpy
_wcsicmp
_wcsnicmp
_snwprintf
wcschr
wcsrchr
wcsncmp
swprintf
_vsnprintf
sprintf
wcsspn
wcstoul
_wcsupr
_wcslwr
wcscmp
toupper
wcsncpy
strncpy
_except_handler3

netapi32

NetUserGetInfo
NetApiBufferFree
I_NetListTraverse
I_NetListCanonicalize
I_NetNameCanonicalize
I_NetPathCanonicalize
I_NetPathType
NetUnregisterDomainNameChangeNotification
NetRegisterDomainNameChangeNotification
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
DsGetDcNameW
NetApiBufferAllocate
I_NetServerReqChallenge
I_NetServerAuthenticate
NetUseDel
NetUseAdd
NetLocalGroupAddMember
NetLocalGroupDelMember
DsEnumerateDomainTrustsW
I_NetNameValidate
I_NetNameCompare
Netbios
NetUserAdd
NetpIsRemote
DsGetDcNameWithAccountW
NetUserSetInfo

ntdll

NtDuplicateToken
NtOpenProcessToken
RtlCompareMemoryUlong
RtlxUnicodeStringToOemSize
NlsMbOemCodePageTag
RtlInitializeSid
RtlSubAuthoritySid
RtlCopySid
RtlDeleteSecurityObject
RtlLengthSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
NtAdjustPrivilegesToken
RtlCreateAcl
RtlNewSecurityObject
RtlEqualSid
RtlFreeUnicodeString
RtlConvertSidToUnicodeString
RtlCompareMemory
RtlAppendUnicodeStringToString
RtlRunDecodeUnicodeString
RtlRunEncodeUnicodeString
NtQueryVolumeInformationFile
RtlQueryRegistryValues
RtlGetNtProductType
NtOpenThreadToken
NtQueryInformationToken
RtlCompareUnicodeString
NtClose
NtDeviceIoControlFile
NtFsControlFile
NtLoadDriver
NtUnloadDriver
RtlInitUnicodeString
NtOpenFile
RtlCopyLuid
RtlAcquireResourceShared
RtlInitializeResource
RtlNtStatusToDosError
DbgPrint
RtlDeleteResource
NtQueryInformationProcess
RtlDeregisterWait
RtlAcquireResourceExclusive
RtlReleaseResource
RtlQueueWorkItem
RtlRegisterWait
NtSetInformationThread
RtlAdjustPrivilege
NtAccessCheckAndAuditAlarm
RtlCopyUnicodeString
RtlIntegerToUnicodeString
NtCreateFile
RtlFreeOemString
RtlUnicodeStringToOemString
RtlInitString
NtCreateEvent
DbgBreakPoint
RtlAddAce

ntdsapi

DsFreePasswordCredentials
DsMakePasswordCredentialsW
DsBindWithCredW
DsCrackNamesW
DsFreeNameResultW
DsUnBindW

rpcrt4

RpcServerUseProtseqEpW
RpcImpersonateClient
RpcServerRegisterIfEx
I_RpcBindingIsClientLocal
NdrServerCall2
RpcServerUnregisterIf
RpcBindingServerFromClient
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingFree
RpcStringFreeW
RpcRevertToSelf

samlib

SamCloseHandle
SamSetInformationUser
SamQueryInformationUser
SamOpenUser
SamFreeMemory
SamLookupNamesInDomain
SamOpenDomain
SamConnect

secur32

LsaCallAuthenticationPackage
LsaDeregisterLogonProcess
LsaRegisterLogonProcess
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a6d7eddb2fe0e48b52841b6f4b486b0

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

netapi32

ntdll

ntdsapi

rpcrt4

samlib

secur32

Exports

Exports

Sections

.text Size: 118KB - Virtual size: 118KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 83KB - Virtual size: 83KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 118KB - Virtual size: 118KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 83KB - Virtual size: 83KB

.reloc
Size: 5KB - Virtual size: 5KB