4b5d76121809506fcee75d1e2038e936150f1af9e848a4c78e654e5dcd9e4927

Sharing

Copy URL Twitter E-mail

General

Target

4b5d76121809506fcee75d1e2038e936150f1af9e848a4c78e654e5dcd9e4927
Size

463KB
MD5

564b5a7e9d3c284b7de69d2e3ca14d60
SHA1

0aad25dbed35683fab2985109559f94efac0e174
SHA256

4b5d76121809506fcee75d1e2038e936150f1af9e848a4c78e654e5dcd9e4927
SHA512

f420c82e196b042e33ba9fd019ba00e0e4dc99472884c4ef613d3b2587b07846fd9356d73794cac16fd9e3a50b9c94596481c3724be4494fd2c87b6c56d11f45
SSDEEP

12288:0ET5PvvlwdTSaB+LP0lIDCFiwfx4+CQtRqOY9pfLT4TbUf:F5PlK6P02GTptCQt0O4tT4fU

Score

N/A

Malware Config

Signatures

Files

4b5d76121809506fcee75d1e2038e936150f1af9e848a4c78e654e5dcd9e4927
.exe windows x86

93e49fe7a7c1e7593acbdf777de3cc86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

clusapi

CreateClusterResource
RestoreClusterDatabase
ClusterRegGetKeySecurity
CloseClusterResource
GetClusterResourceNetworkName
GetClusterNetInterfaceState
GetClusterNotify
OpenClusterGroup
GetClusterQuorumResource
ClusterRegQueryInfoKey
ClusterRegEnumKey
MoveClusterGroup
GetClusterResourceTypeKey
ClusterGroupOpenEnum
CloseClusterGroup
AddClusterResourceDependency
ClusterRegDeleteKey
ClusterGroupControl
ClusterGroupGetEnumCount
CloseClusterNetInterface
ClusterRegQueryValue
DeleteClusterResource
OpenClusterNetInterface
ClusterResourceTypeOpenEnum
ResumeClusterNode
ClusterNodeCloseEnum
CanResourceBeDependent
ClusterRegSetKeySecurity
ClusterNetworkEnum
OnlineClusterGroup
ClusterResourceOpenEnum
GetClusterGroupKey
ClusterResourceTypeEnum
EvictClusterNode
ClusterGroupCloseEnum
GetClusterNodeState
ClusterGroupEnum
ClusterNodeGetEnumCount
ClusterNetworkOpenEnum
CloseClusterNetwork
CreateClusterNotifyPort
GetClusterNodeId
GetClusterFromNode
ClusterRegSetValue

kernel32

GetCurrencyFormatA
VirtualAlloc
ActivateActCtx
SetCommTimeouts
GetEnvironmentStrings
SetFileAttributesA
lstrcmpW
_lopen
GetFirmwareEnvironmentVariableW
GlobalHandle
SetCurrentDirectoryA
GetTimeZoneInformation
GetNextVDMCommand
SetFileValidData
ConvertDefaultLocale
BackupRead
CompareStringW
DefineDosDeviceW
GlobalDeleteAtom
Heap32Next
EnumSystemLocalesW
UnlockFile
VerSetConditionMask
QueryActCtxW
SetComPlusPackageInstallStatus
FindFirstVolumeW
GetTapePosition
CreateIoCompletionPort
HeapValidate
GetSystemTimeAsFileTime
InitAtomTable
SetConsolePalette
LoadLibraryA
GetNumberOfConsoleMouseButtons
GetConsoleKeyboardLayoutNameW
RegisterWowBaseHandlers
RequestWakeupLatency
CompareStringA
BaseCheckAppcompatCache
ReleaseActCtx
EnumResourceTypesA
GlobalFlags
GetConsoleAliasA
lstrcpynW
FillConsoleOutputCharacterA
lstrcmp
SetThreadAffinityMask
GetConsoleFontSize

msasn1

ASN1BERDecFlush
ASN1intx_uoctets
ASN1BERDecNotEndOfContents
ASN1utf8string_free
ASN1bitstring_free
ASN1BERDecOctetString2
ASN1BEREncNull
ASN1CEREncBeginBlk
ASN1generalizedtime_cmp
ASN1BEREncBool
ASN1ztchar32string_free
ASN1BEREncUTCTime
ASN1intx_add
ASN1DecAlloc
ASN1Free
ASN1BEREncOpenType
ASN1BEREoid_free
ASN1BERDecNull
ASN1BERDecEoid
ASN1CEREncZeroMultibyteString
ASN1BEREncUTF8String
ASN1BERDotVal2Eoid
ASN1CEREncEndBlk
ASN1CEREncBitString
ASN1EncSetError
ASN1BEREncFlush
ASN1bitstring_cmp
ASN1intx2uint32
ASN1intx2int32
ASN1BERDecZeroCharString
ASN1BEREncBitString
ASN1ztchar16string_free

rasman

RasSignalNewConnection
RasRegisterRedialCallback
RasmanUninitialize
RasPortSetFraming
RasPortFree
RasInitialize
RasRpcGetUserPreferences
RasRpcRemoteGetUserPreferences
RasPortBundle
RasPortSetFramingEx
RasPortGetStatistics
RasServerPortClose
RasDeviceGetInfo
RasSetDialParams
RasDeviceConnect
RasReferenceCustomCount
RasEnumLanNets
RasGetConnectionUserData
RasGetEapUserInfo
RasAddConnectionPort
RasGetConnectionParams
IsRasmanProcess
RasPortGetInfo
RasCreateConnection
RasPortEnumProtocols
RasSecurityDialogGetInfo
RasRpcGetErrorString
RasSetKey
RasRpcDeleteEntry

dhcpcsvc

McastRequestAddress
DhcpRegisterParamChange
DhcpRemoveDNSRegistrations
DhcpRequestParams
DhcpAcquireParametersByBroadcast
DhcpReleaseIpAddressLeaseEx
McastEnumerateScopes
McastApiStartup
McastApiCleanup
McastGenUID
DhcpReleaseParameters
DhcpLeaseIpAddress
DhcpLeaseIpAddressEx
DhcpCApiInitialize
DhcpRequestOptions
DhcpDelPersistentRequestParams
DhcpUndoRequestParams
DhcpRenewIpAddressLease
DhcpReleaseIpAddressLease
DhcpAcquireParameters
DhcpStaticRefreshParams
DhcpCApiCleanup
DhcpPersistentRequestParams
DhcpNotifyConfigChange
DhcpNotifyConfigChangeEx
DhcpEnumClasses
DhcpHandlePnPEvent
DhcpRegisterOptions
DhcpOpenGlobalEvent
DhcpDeRegisterOptions
McastRenewAddress
DhcpRenewIpAddressLeaseEx
DhcpDeRegisterParamChange
DhcpFallbackRefreshParams
McastReleaseAddress

wininet

CreateUrlCacheEntryW
HttpSendRequestW
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
InternetFindNextFileW
InternetWriteFileExW
HttpOpenRequestW
InternetGetConnectedStateEx
InternetConnectW
InternetConfirmZoneCrossingA
InternetDialA
InternetGetPerSiteCookieDecisionA
FtpPutFileA
InternetGetLastResponseInfoA
InternetGoOnlineA
RetrieveUrlCacheEntryStreamA
SetUrlCacheConfigInfoW
HttpSendRequestExA
GetUrlCacheGroupAttributeW
ResumeSuspendedDownload
HttpCheckDavCompliance
InternetAutodialHangup
FtpDeleteFileA
InternetSetStatusCallbackW
InternetClearAllPerSiteCookieDecisions
FtpCreateDirectoryW
FindNextUrlCacheEntryW
GopherGetAttributeW
InternetShowSecurityInfoByURL
ShowClientAuthCerts
LoadUrlCacheContent
RetrieveUrlCacheEntryFileA
InternetSetOptionExA
InternetEnumPerSiteCookieDecisionW
DeleteIE3Cache

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 94KB - Virtual size: 487KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

93e49fe7a7c1e7593acbdf777de3cc86

Headers

File Characteristics

Imports

clusapi

kernel32

msasn1

rasman

dhcpcsvc

wininet

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 163KB - Virtual size: 163KB

.data Size: 94KB - Virtual size: 487KB

.rsrc Size: 34KB - Virtual size: 34KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 163KB - Virtual size: 163KB

.data
Size: 94KB - Virtual size: 487KB

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 1024B - Virtual size: 1024B