746bd06b91ae480942c77b1e77e7564c4d2ad3e81b57acfa83f656bfbd018441

Sharing

Copy URL Twitter E-mail

General

Target

746bd06b91ae480942c77b1e77e7564c4d2ad3e81b57acfa83f656bfbd018441
Size

198KB
MD5

0bf1d181f1265da7a2d33f73a0d6cb40
SHA1

ef10701891ad34dba630eb72c58692bbb3d283d7
SHA256

746bd06b91ae480942c77b1e77e7564c4d2ad3e81b57acfa83f656bfbd018441
SHA512

b619e7f3ce58d5e37d0fbd529368f586a6cbb664f5bc100a0339a1c1249564e5388e03d21310ed4391a8681805180d050debac6efa1fc263dda13b67eed41d79
SSDEEP

3072:d/4uZasR9jCsVKULaUVWp1zHjn+py4fKRvdn+DV72yZaBTnqSWHK0V:9zRR9jCs0ULaU29qfKRl+hUqSWlV

Score

N/A

Malware Config

Signatures

Files

746bd06b91ae480942c77b1e77e7564c4d2ad3e81b57acfa83f656bfbd018441
.exe windows x86

0cc953d47a8dcc7655e182edcc80d049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountSidW
ConvertSidToStringSidW
RegOpenKeyExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
GetSecurityInfo
RegDeleteKeyExW
RegSetValueExW
RegEnumKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
GetSecurityDescriptorLength
GetSecurityDescriptorControl
IsValidSecurityDescriptor
MakeSelfRelativeSD
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
AddAce
MapGenericMask
GetAce
InitializeAcl
GetAclInformation
GetSecurityDescriptorDacl
RegCloseKey

kernel32

GetStartupInfoW
Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection
GetCommandLineW
IsWow64Process
lstrcmpW
WideCharToMultiByte
CreateProcessW
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
FreeLibrary
DeleteCriticalSection
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
WaitForSingleObject
GetFullPathNameW
SetThreadLocale
LocaleNameToLCID
GetThreadLocale
CreateFileW
GetFileSize
ReadFile
GetModuleHandleW
GetFileType
GetConsoleMode
WriteConsoleW
WriteFile
FileTimeToSystemTime
HeapSetInformation
SetThreadUILanguage
FormatMessageW
LocalFree
GetCurrentProcess
CloseHandle
GetLastError
GetStdHandle
lstrcmpiW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
CompareStringW
HeapAlloc
GetProcessHeap
HeapFree
SystemTimeToTzSpecificLocalTime
InitializeCriticalSectionAndSpinCount

msvcrt

_wtoi
_itow_s
towupper
??0exception@@QAE@ABV0@@Z
_vsnwprintf
__CxxFrameHandler3
??0exception@@QAE@XZ
_wcsnicmp
memcpy
setlocale
wcschr
_wcsicmp
memcpy_s
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
memmove_s
_onexit
_purecall
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
fflush
fgetwc
wprintf
swscanf
_iob
memset

oleaut32

SysStringLen
VariantInit
VariantClear
SysAllocString
SysAllocStringLen
SysFreeString

ole32

CoCreateInstance
CoInitialize
CoUninitialize

rpcrt4

RpcStringFreeW
UuidToStringW
UuidFromStringW
UuidCreate

credui

CredUICmdLinePromptForCredentialsW

wevtapi

EvtCreateRenderContext
EvtNext
EvtUpdateBookmark
EvtArchiveExportedLog
EvtExportLog
EvtClearLog
EvtOpenLog
EvtOpenPublisherMetadata
EvtOpenEventMetadataEnum
EvtNextEventMetadata
EvtGetObjectArraySize
EvtOpenPublisherEnum
EvtNextPublisherId
EvtSeek
EvtSetChannelConfigProperty
EvtOpenChannelConfig
EvtOpenChannelEnum
EvtGetExtendedStatus
EvtRender
EvtGetLogInfo
EvtGetObjectArrayProperty
EvtGetChannelConfigProperty
EvtGetEventMetadataProperty
EvtGetPublisherMetadataProperty
EvtNextChannelPath
EvtOpenSession
EvtClose
EvtCreateBookmark
EvtQuery
EvtSaveChannelConfig
EvtFormatMessage

ntdll

EtwTraceMessage
RtlGetVersion

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0cc953d47a8dcc7655e182edcc80d049

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

oleaut32

ole32

rpcrt4

credui

wevtapi

ntdll

Sections

.text Size: 158KB - Virtual size: 158KB

.data Size: 2KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 34KB - Virtual size: 35KB

.text
Size: 158KB - Virtual size: 158KB

.data
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 34KB - Virtual size: 35KB