7607cb3ef57d0f6d01193e4f52dbfcc098a852a803dd0510837eb784fd404a72

Sharing

Copy URL Twitter E-mail

General

Target

7607cb3ef57d0f6d01193e4f52dbfcc098a852a803dd0510837eb784fd404a72
Size

868KB
MD5

0c0ef93e3eb502aa464276d3c82b4ab2
SHA1

2bced5752ae6173cfd523b11a3e74220709ec919
SHA256

7607cb3ef57d0f6d01193e4f52dbfcc098a852a803dd0510837eb784fd404a72
SHA512

e951c65379306795ad5b5175013e2aee9851746964a747d05ad54a896a4f429e5573d917fa96d233b1724ddd524881ce84735f48718dccc0f1748f4fa7c9a2cc
SSDEEP

24576:kDOIy93s0HThxHPFPuGuhjcyF1PhXrWtO96K:wM1FHThFFPuPxPhCtOQ

Score

N/A

Malware Config

Signatures

Files

7607cb3ef57d0f6d01193e4f52dbfcc098a852a803dd0510837eb784fd404a72
.exe windows x86

96b7c8114bd8287ea709db19d4f75900

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTraceEnableLevel
SystemFunction031
RegSaveKeyExA
CryptSetProviderExA
RegDeleteKeyA
CredIsMarshaledCredentialW
SaferIdentifyLevel
WmiQueryAllDataW
LsaCreateSecret
WmiEnumerateGuids
CryptAcquireContextA
LookupAccountSidA
AddAccessAllowedAce
QueryServiceConfig2W
GetSecurityDescriptorDacl

schannel

MakeSignature
VerifySignature
SslEmptyCacheA
SpLsaModeInitialize
FreeCredentialsHandle
InitSecurityInterfaceW
InitializeSecurityContextW
QueryContextAttributesA
CompleteAuthToken
EnumerateSecurityPackagesA
EnumerateSecurityPackagesW
InitSecurityInterfaceA
SslLoadCertificate
SslGetMaximumKeySize

kernel32

ResetEvent
IsSystemResumeAutomatic
EnumSystemLanguageGroupsW
SuspendThread
GetCPInfo
FreeEnvironmentStringsA
LoadLibraryW
GetNumaNodeProcessorMask
FillConsoleOutputCharacterA
GetSystemInfo
GetProfileStringW
InterlockedIncrement
CreateMutexA
ClearCommError
GetBinaryTypeW
WritePrivateProfileSectionA
SetWaitableTimer

ir50_qc

CompressEnd
AllocInstanceData
SetCPUID
Compress
FreeInstanceData
SetScalability
CompressQuery
CompressBegin
CompressFramesInfo

rasmxs

DeviceEnum
DeviceListen
DeviceSetInfo
DeviceGetInfo
DeviceDone
DeviceWork
DeviceConnect

ntdsapi

DsBindW
DsCrackUnquotedMangledRdnW
DsaopPrepareScript
DsListRolesW
DsReplicaAddA
DsLogEntry
DsMakeSpnW
DsBindWithCredW

atmlib

ATMFinish
ATMGetGlyphListW
ATMRemoveSubstFontA
ATMFontStatusW
ATMGetOutlineA
ATMBBoxBaseXYShowTextA
ATMGetPostScriptNameA
ATMRemoveSubstFontW
ATMInstallSubstFontA
ATMRemoveFontW
ATMEnumMMFonts
ATMEndFontChange
ATMGetVersionExW
ATMXYShowText
ATMGetOutline

Sections

.text
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 191KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96b7c8114bd8287ea709db19d4f75900

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

schannel

kernel32

ir50_qc

rasmxs

ntdsapi

atmlib

Sections

.text Size: 374KB - Virtual size: 374KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 191KB - Virtual size: 1.7MB

.rsrc Size: 205KB - Virtual size: 204KB

.reloc Size: 1024B - Virtual size: 852B

.text
Size: 374KB - Virtual size: 374KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 191KB - Virtual size: 1.7MB

.rsrc
Size: 205KB - Virtual size: 204KB

.reloc
Size: 1024B - Virtual size: 852B