a2e3ca0eb224ec38a4128e09af73ecd92af8d906b59736fdd843a5bcb4589945

Sharing

Copy URL Twitter E-mail

General

Target

a2e3ca0eb224ec38a4128e09af73ecd92af8d906b59736fdd843a5bcb4589945
Size

865KB
MD5

a3aefe70171345da86f52e87a7006a19
SHA1

a7737e74fca7876f82138662008e87e754d8b4fe
SHA256

a2e3ca0eb224ec38a4128e09af73ecd92af8d906b59736fdd843a5bcb4589945
SHA512

42b87bda397b9f46fb92424a09e7257766ba37df4aa87181ee48c70e8b85a44b2fd284624d67f668b310471d19ab2d9b529fbde80c54c1e0f5d56b2d83564118
SSDEEP

24576:hxEnfHCByN3CoDt84OQH0vfshioclj2pHG+QxNP+:QfHCUrB84Oe0si7li1Gbv

Score

N/A

Malware Config

Signatures

Files

a2e3ca0eb224ec38a4128e09af73ecd92af8d906b59736fdd843a5bcb4589945
.exe windows x86

ffa5b10d85e2d91ac93858a9baec0523

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

acledit

FMExtensionProcW
EditAuditInfo
EditPermissionInfo
EditOwnerInfo
SedDiscretionaryAclEditor
SedSystemAclEditor
DllMain
SedTakeOwnership

advapi32

CryptEnumProviderTypesA
MD5Update
ElfBackupEventLogFileA
MD5Init
EnumServiceGroupW
LsaQueryTrustedDomainInfoByName
WmiNotificationRegistrationW
MD4Final
CredWriteDomainCredentialsA
CredProfileLoaded
LsaOpenSecret
CredDeleteW
RegEnumKeyExW
ElfOpenEventLogW
QueryUsersOnEncryptedFile
LsaLookupPrivilegeValue
ObjectCloseAuditAlarmW
SaferiPopulateDefaultsInRegistry
InitializeAcl
CryptEnumProviderTypesW
LsaSetDomainInformationPolicy
MD4Update
GetExplicitEntriesFromAclA
SetServiceBits
GetTokenInformation
GetTrusteeNameW
RevertToSelf
UpdateTraceA
WmiQueryAllDataMultipleA
RegDeleteValueA
LsaSetSecret
LsaClearAuditLog
UnregisterTraceGuids
RegSaveKeyW
StartServiceW
BackupEventLogA

ntdll

RtlAcquirePebLock
RtlCaptureContext
RtlInitializeGenericTable
RtlUpcaseUnicodeToCustomCPN
toupper
LdrFindResource_U
NtOpenProcess
RtlCreateSecurityDescriptor
ZwLockRegistryKey
NtCreateToken
ZwAccessCheckByTypeResultList
RtlRaiseStatus
ZwAlertResumeThread
RtlAllocateAndInitializeSid
RtlEmptyAtomTable
RtlValidSid
DbgPrompt
ZwFlushBuffersFile
RtlFreeOemString
ZwInitiatePowerAction
RtlIpv4StringToAddressW
RtlOemStringToUnicodeSize
isalnum
_splitpath
NtEnumerateSystemEnvironmentValuesEx
ZwQueueApcThread
RtlSubtreePredecessor
isprint
NtPowerInformation
NtEnumerateValueKey
ZwQuerySystemTime
ZwSetInformationKey
wcschr
NtMakePermanentObject
RtlClearBits
NtQueryPerformanceCounter
RtlCustomCPToUnicodeN
ZwLoadDriver
DbgUiStopDebugging
wcspbrk
NtCreateTimer
NtCreateKey
RtlRemoteCall
ZwContinue
RtlEnlargedUnsignedMultiply
NtSetEaFile
RtlFormatMessage
RtlSetDaclSecurityDescriptor
RtlSubtreeSuccessor
ZwOpenTimer
RtlFindLeastSignificantBit
ZwQueryQuotaInformationFile
wcstoul
RtlUlonglongByteSwap
RtlQueryRegistryValues
RtlInitializeGenericTableAvl
ZwOpenProcess
RtlGetSaclSecurityDescriptor
ZwResumeProcess
isupper
RtlInsertElementGenericTableAvl
ZwAcceptConnectPort
RtlDefaultNpAcl
RtlDeleteAce
RtlDetermineDosPathNameType_U
NtOpenThreadTokenEx
RtlCreateActivationContext
NtDeleteObjectAuditAlarm
RtlFindSetBitsAndClear
ZwSetDefaultUILanguage
RtlUnicodeToMultiByteSize
ZwDebugContinue
NtSetDefaultLocale
RtlFindActivationContextSectionGuid
RtlTraceDatabaseCreate
ZwQueryInformationJobObject
NtCreateThread
ZwMakeTemporaryObject
_strnicmp
ZwAddBootEntry
RtlLockHeap
NtQueryDefaultLocale

msvcrt40

tolower
wcsftime
isprint
??6ostream@@QAEAAV0@PBE@Z
strtod
?overflow@stdiobuf@@UAEHH@Z
_spawnlpe
_EH_prolog
_mbsset
system
_ismbcalnum
vsprintf
?close@filebuf@@QAEPAV1@XZ
wctomb
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
strchr
_ismbcl0
_mbsnbcoll
_wcmdln
??4filebuf@@QAEAAV0@ABV0@@Z
_mbscoll
_nextafter
?adjustfield@ios@@2JB
_wexecve
??5istream@@QAEAAV0@AAD@Z
_copysign
_cabs
wcsncmp
?what@exception@@UBEPBDXZ
_mbsdup
_itow
??5istream@@QAEAAV0@PAD@Z
??1filebuf@@UAE@XZ
??6ostream@@QAEAAV0@O@Z

kernel32

BuildCommDCBAndTimeoutsW
DeleteVolumeMountPointW
GetUserDefaultUILanguage
GetSystemDirectoryA
DelayLoadFailureHook
LoadLibraryA
CreateToolhelp32Snapshot
UnregisterConsoleIME
GetPrivateProfileStringA
Module32Next
GetCurrentThreadId
LCMapStringW
GetEnvironmentStringsA
SetFileShortNameW
OpenFileMappingW
VirtualAlloc
AddLocalAlternateComputerNameW
GetTimeZoneInformation
AllocConsole
GlobalAlloc
HeapCreate
GetCurrentThread
HeapReAlloc
GetConsoleFontInfo
LZInit
SetConsoleInputExeNameW
GetDriveTypeW
GetConsoleCommandHistoryW
WriteConsoleInputVDMA
CreateJobSet

mswsock

StopWsdpService
TransmitFile
dn_expand
EnumProtocolsW
GetTypeByNameW
GetAddressByNameA
SetServiceA
GetNameByTypeA
NPLoadNameSpaces
GetAcceptExSockaddrs
AcceptEx
GetTypeByNameA
s_perror
NSPStartup
SetServiceW
GetServiceW
StartWsdpService
WSPStartup
MigrateWinsockConfiguration
GetServiceA
GetNameByTypeW
WSARecvEx
EnumProtocolsA
GetAddressByNameW

Sections

.text
Size: 269KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 330KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ffa5b10d85e2d91ac93858a9baec0523

Headers

DLL Characteristics

File Characteristics

Imports

acledit

advapi32

ntdll

msvcrt40

kernel32

mswsock

Sections

.text Size: 269KB - Virtual size: 272KB

.rdata Size: 262KB - Virtual size: 264KB

.data Size: 330KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 4KB

.text
Size: 269KB - Virtual size: 272KB

.rdata
Size: 262KB - Virtual size: 264KB

.data
Size: 330KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 4KB