393b5854cfae9f38fb32edf32941e031582a603f6eaedbf7271597925e876ba3

Sharing

Copy URL

Twitter E-mail

General

Target

393b5854cfae9f38fb32edf32941e031582a603f6eaedbf7271597925e876ba3
Size

1.1MB
MD5

0c0dfbd5463d6d581077a7fa21f83560
SHA1

decd1f58f5210430ad85793626c75ae579699461
SHA256

393b5854cfae9f38fb32edf32941e031582a603f6eaedbf7271597925e876ba3
SHA512

6b9934aab64f0337836b5bc8adc5f0031dd2c030dc07102a145c401f05ff90bb0ef2370a981c7e689c9bbc78be0af3aa8756c6a79e0e925b388c2f6c10fac550
SSDEEP

24576:g5+nL/13g3GdGEdiPfDEjk9stWAzOcbcRXao7iepmp8mJDhncsNM:gkZ3iGEa9tWEcP7ieWy

Score

N/A

Malware Config

Signatures

Files

393b5854cfae9f38fb32edf32941e031582a603f6eaedbf7271597925e876ba3
.exe windows x86

61fa242f31501799b46df49b9fcc76bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextW
CryptReleaseContext
RevertToSelf
ImpersonateSelf
GetSecurityDescriptorLength
IsValidSecurityDescriptor
CryptGetProvParam
CryptDestroyKey
CryptGetKeyParam
CryptGetUserKey
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptEncrypt
CryptDuplicateKey
CryptDecrypt
CryptImportKey
CryptGenKey
CryptGenRandom
CryptSetKeyParam
CopySid
GetLengthSid
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegEnumValueW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
CryptSetProvParam
CryptVerifySignatureW
RegOpenKeyW
ImpersonateLoggedOnUser
CreateWellKnownSid
LsaStorePrivateData
LsaRetrievePrivateData
RegConnectRegistryW
RegCreateKeyExW
AddAce
InitializeAcl
SetNamedSecurityInfoW
AddAccessAllowedAce
AddAccessDeniedAce
AddAccessAllowedObjectAce
AddAccessDeniedObjectAce
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptEnumProvidersA
CryptGetDefaultProviderW
LsaOpenPolicy
LsaFreeMemory
LsaClose
DuplicateToken
CheckTokenMembership
FreeSid
OpenThreadToken
MakeAbsoluteSD
MakeSelfRelativeSD
LookupAccountNameW
AllocateAndInitializeSid
GetSecurityDescriptorDacl
SetEntriesInAclW
SetSecurityDescriptorDacl
GetAclInformation
GetAce
EqualSid
DeleteAce
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
GetSecurityDescriptorControl
CryptSignHashW
CryptSetHashParam
CryptDuplicateHash
CryptExportKey
CryptContextAddRef

kernel32

SizeofResource
LockResource
GetVersionExW
GetComputerNameW
GetComputerNameExW
CreateFileW
GetFileSize
SetFilePointer
ReadFile
FindFirstFileW
FindNextFileW
FindClose
GetTickCount
LoadLibraryW
DecodePointer
EncodePointer
LoadResource
GetCurrentProcess
GetEnvironmentVariableW
GetTempFileNameW
GetUserDefaultUILanguage
Sleep
OpenEventW
PulseEvent
GetModuleHandleW
LocalReAlloc
GetLastError
DeleteCriticalSection
GetSystemDefaultLangID
HeapFree
GetProcessHeap
HeapAlloc
FormatMessageW
DeleteFileW
GetFileAttributesExW
FindResourceW
SetConsoleCtrlHandler
EnterCriticalSection
VerifyVersionInfoW
VerSetConditionMask
DelayLoadFailureHook
lstrcmpiW
GetProcAddress
SetLastError
InterlockedCompareExchange
LoadLibraryExA
SetEndOfFile
WriteFile
LeaveCriticalSection
GetSystemDefaultUILanguage
InitializeCriticalSection
GetStdHandle
GetFileType
SearchPathW
GetLocaleInfoW
FindResourceExW
OpenProcess
RaiseException
GetProfileStringA
InterlockedIncrement
ResetEvent
CreateEventW
InterlockedDecrement
SetEvent
GetFileTime
lstrlenW
GetCommandLineW
VirtualFree
VirtualAlloc
WriteConsoleW
GetTempPathW
GetACP
WideCharToMultiByte
FileTimeToLocalFileTime
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
OutputDebugStringA
GetSystemDirectoryW
LoadLibraryExW
CompareStringW
GetSystemInfo
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FoldStringW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCurrentThread
HeapSetInformation
GetLocalTime
MultiByteToWideChar
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
LocalFree
GetFileAttributesW
GetSystemTimeAsFileTime
LocalAlloc
FreeLibrary
CompareFileTime
lstrcmpW
SystemTimeToFileTime
GetSystemTime
CloseHandle
GetExitCodeThread
WaitForSingleObject
CreateThread
SetConsoleMode
GetConsoleMode

msvcrt

_itoa_s
wcscpy_s
strcpy_s
strcat_s
strpbrk
strspn
sscanf
ftell
_errno
fwrite
wcstoul
feof
__iob_func
vfwprintf
_wfopen_s
fwprintf
fputws
atoi
_wsetlocale
getenv
_wgetenv
gmtime
iswxdigit
iswalpha
__isascii
isxdigit
iswspace
fgetc
_controlfp
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
malloc
_callnewh
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
bsearch
_ultow
_purecall
wcsncmp
_wfopen
swscanf
memset
memmove
memcpy
wcstok
wcschr
_vsnwprintf
wcsrchr
iswdigit
__CxxFrameHandler3
_CxxThrowException
_fgetwchar
fflush
_iob
wcsspn
_wcsnicmp
wcsstr
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcscspn
_setmode
_fileno
_strnicmp
_wcslwr
_stricmp
_wtoi
_wcsicmp
_vsnprintf
isdigit
atol
strncmp
qsort
_strlwr
fprintf
fclose
ferror
strcspn
fseek
fputs
strstr
strchr
fgets
fopen
_swab
fgetws

certcli

ord225
CAFindByName
ord223
ord254
ord207
ord206
ord213
CAFreeCertTypeExtensions
CAGetCertTypeExtensions
CAGetCertTypeExpiration
CAGetCertTypeKeySpec
CAFreeCertTypeProperty
CAGetCertTypePropertyEx
CAGetCertTypeFlagsEx
CACloseCertType
CAEnumNextCertType
CACertTypeAccessCheckEx
CAGetCertTypeProperty
CAEnumCertTypes
CAEnumCertTypesForCA
CAFindCertTypeByName
CACloseCA
CAEnumNextCA
CAFreeCAProperty
CAGetCAProperty
CAUpdateCA
ord242
ord208
ord252
ord261
ord253
ord203
ord215
ord205
ord260
ord247
ord210
CACreateNewCA
CASetCAFlags
CASetCACertificate
CASetCASecurity
ord217
CACountCAs
CACountCertTypes
CACertTypeAccessCheck
ord356
ord218
ord256
ord258
CAFindByCertType
CASetCAProperty
CAGetCAFlags
CAGetCAExpiration
CAAccessCheck
CAGetCACertificate
CAGetCASecurity
CAEnumFirstCA
ord246

crypt32

CertFindExtension
CertGetCertificateContextProperty
CertFreeCertificateContext
CryptFindOIDInfo
CryptEncodeObjectEx
PFXExportCertStoreEx
PFXExportCertStore
CertAddCertificateLinkToStore
CryptInitOIDFunctionSet
CryptGetOIDFunctionAddress
CryptFreeOIDFunctionAddress
CertGetIntendedKeyUsage
CertVerifyCertificateChainPolicy
CryptEncryptMessage
CertNameToStrW
CertStrToNameW
PFXImportCertStore
CryptDecryptMessage
CryptHashPublicKeyInfo
CryptSignMessage
CryptSignCertificate
CryptMsgOpenToDecode
CryptMsgUpdate
CryptDecodeObjectEx
CryptSignAndEncodeCertificate
CertSetCertificateContextPropertiesFromCTLEntry
I_CertProtectFunction
CertVerifySubjectCertificateContext
CertCreateContext
CryptHashCertificate2
CertAddStoreToCollection
CryptMemFree
CryptVerifyCertificateSignatureEx
CertGetEnhancedKeyUsage
CryptHashCertificate
CertVerifyCRLTimeValidity
CertVerifyTimeValidity
CertVerifyRevocation
CertDuplicateCRLContext
CertDeleteCRLFromStore
CertAddCTLContextToStore
CertAddCRLContextToStore
CryptImportPublicKeyInfo
CertControlStore
CertEnumSystemStoreLocation
CertEnumSystemStore
CertEnumPhysicalStore
CertSetCTLContextProperty
CertSetCRLContextProperty
CertEnumCertificateContextProperties
CertEnumCRLContextProperties
CertGetCRLContextProperty
CertEnumCTLContextProperties
CertGetCTLContextProperty
CertSetStoreProperty
CryptExportPublicKeyInfo
CertComparePublicKeyInfo
CertEnumCTLsInStore
CertDeleteCertificateFromStore
CertGetNameStringW
CertSaveStore
CertGetCertificateChain
CertFreeCertificateChain
CertCreateCTLContext
CertFreeCTLContext
CertDuplicateCertificateContext
CryptVerifyCertificateSignature
CryptQueryObject
CertAddCertificateContextToStore
PFXIsPFXBlob
CryptMsgGetParam
CryptMsgGetAndVerifySigner
CryptMsgControl
CryptFormatObject
CryptFindCertificateKeyProvInfo
CryptAcquireCertificatePrivateKey
CertAddEncodedCertificateToStore
CertEnumCertificatesInStore
CertFindAttribute
CertCompareCertificateName
CryptEnumOIDInfo
CryptDecodeObject
CertCreateCRLContext
CertEnumCRLsInStore
CertFreeCRLContext
CertFindCertificateInStore
CertGetPublicKeyLength
CertSetCertificateContextProperty
CertOpenStore
CertCreateCertificateContext
CryptMsgClose
CertCloseStore

cabinet

ord23
ord21
ord20
ord22

comctl32

InitCommonControlsEx

cryptui

CryptUIDlgFreeCAContext
CryptUIDlgViewCRLW
CryptUIDlgViewCertificateW

gdi32

GetStockObject

ncrypt

NCryptFreeObject
NCryptIsKeyHandle
NCryptGetProperty
NCryptFinalizeKey
NCryptSetProperty
NCryptImportKey
NCryptOpenStorageProvider
NCryptDeleteKey
NCryptCreatePersistedKey
BCryptFreeBuffer
BCryptQueryProviderRegistration
NCryptEnumAlgorithms
NCryptFreeBuffer
NCryptEnumStorageProviders
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptEnumAlgorithms
BCryptEnumContextFunctions
BCryptResolveProviders
BCryptQueryContextConfiguration
BCryptEnumContexts
NCryptOpenKey
BCryptCreateHash
BCryptGenRandom
BCryptDestroyKey
BCryptExportKey
NCryptExportKey
NCryptDecrypt
NCryptEncrypt
NCryptSignHash
NCryptVerifySignature
NCryptSecretAgreement
NCryptDeriveKey
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptSetProperty
BCryptDecrypt
BCryptEncrypt
BCryptSignHash
BCryptVerifySignature
NCryptEnumKeys
NCryptIsAlgSupported

netapi32

NetApiBufferFree
NetUserGetGroups
DsGetDcNameW
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
DsGetSiteNameW

ntdll

RtlTimeToSecondsSince1970
NtQuerySystemTime
RtlFindMessage

ntdsapi

DsFreeDomainControllerInfoW
DsGetDomainControllerInfoW
DsFreeNameResultW
DsBindW
DsCrackNamesW
DsUnBindW

setupapi

SetupGetStringFieldW
SetupGetFieldCount
SetupFindNextLine
SetupGetLineCountW
SetupFindFirstLineW
SetupGetIntField
SetupOpenInfFileW
SetupCloseInfFile

shell32

SHGetFolderPathW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wldap32

ord145
ord224
ord140
ord79
ord142
ord167
ord147
ord127
ord41
ord27
ord26
ord36
ord210
ord208
ord73
ord14
ord16
ord13
ord113
ord203
ord155
ord65
ord12
ord18

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
StringFromCLSID
ProgIDFromCLSID
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoCreateInstanceEx
CoSetProxyBlanket
StgOpenStorageEx
PropVariantClear

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayGetElement
CreateErrorInfo
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopyInd
SetErrorInfo

rpcrt4

NdrClientCall2
UuidCreate

secur32

TranslateNameW
GetComputerObjectNameW
GetUserNameExW

user32

LoadCursorW
LoadIconW
GetDesktopWindow
CharLowerW
RegisterClassW
LoadStringW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
CreateWindowExW
UpdateWindow
SendMessageW
MessageBoxW
SetFocus
GetWindowTextW
SetWindowLongW
ShowWindow
EnableWindow
GetDlgItem
SetDlgItemTextW
SetCursor
SetDlgItemInt
CheckDlgButton
SendDlgItemMessageA
EndDialog
GetDlgItemInt
GetDlgItemTextW
IsDlgButtonChecked
DialogBoxParamW
SetWindowTextW
CallWindowProcW
GetWindowLongW
PostMessageW

Sections

.text
Size: 808KB - Virtual size: 807KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 276KB - Virtual size: 436KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61fa242f31501799b46df49b9fcc76bb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

certcli

crypt32

cabinet

comctl32

cryptui

gdi32

ncrypt

netapi32

ntdll

ntdsapi

setupapi

shell32

version

wldap32

ole32

oleaut32

rpcrt4

secur32

user32

Sections

.text Size: 808KB - Virtual size: 807KB

.data Size: 28KB - Virtual size: 36KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 276KB - Virtual size: 436KB

.text
Size: 808KB - Virtual size: 807KB

.data
Size: 28KB - Virtual size: 36KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 276KB - Virtual size: 436KB