82a7d003651b1e938cc0e278eb4c48c73a422f0414dcb1e784ef0edcab38bffe

Sharing

Copy URL Twitter E-mail

General

Target

82a7d003651b1e938cc0e278eb4c48c73a422f0414dcb1e784ef0edcab38bffe
Size

240KB
MD5

0cb8c13be317397c45400511ae7c1b30
SHA1

7c53f62c7b8f87f56e10488a35d96ad583807ab7
SHA256

82a7d003651b1e938cc0e278eb4c48c73a422f0414dcb1e784ef0edcab38bffe
SHA512

8ad5f81f44ed77294c2a1397e97d219e8258b8067d9dd23bd7753cdad61c314d2f189d0ddbf2bd25c32a7dfaed71fa124af8b9c460993cf3abbe0c35f003ca2a
SSDEEP

6144:lj+fXDoGemdWihh1DDS4MOTLVHYzMb0XqiER2KtJoZf:lj+8q/SdO/VHYz40XGb3oZ

Score

N/A

Malware Config

Signatures

Files

82a7d003651b1e938cc0e278eb4c48c73a422f0414dcb1e784ef0edcab38bffe
.dll windows x86

6b588b6b90db0ff15da3b4a12db23cdc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

lstrlenW
GetCurrencyFormatW
GetModuleHandleA

user32

GetClipboardSequenceNumber
CountClipboardFormats
FindWindowW

advapi32

MakeSelfRelativeSD
RegOpenKeyA
SetSecurityDescriptorDacl
ElfReportEventA
StartServiceA
GetNamedSecurityInfoA
AddAce
ConvertSidToStringSidW
StartServiceCtrlDispatcherA
GetAce
SystemFunction009
GetSecurityInfoExW
ElfOpenBackupEventLogW
AdjustTokenPrivileges
GetTrusteeNameA
CreateCodeAuthzLevel
AccessCheckByTypeResultList
RegCloseKey
GetEventLogInformation
InitializeSid
GetTrusteeFormA
CryptGetUserKey
DuplicateTokenEx
CryptSetProviderA
LookupAccountNameA
LogonUserW
PrivilegeCheck
LsaDelete
SystemFunction041
GetLocalManagedApplicationData
SystemFunction017
IdentifyCodeAuthzLevelW
ElfOpenEventLogW
LsaCreateTrustedDomain
EnumServicesStatusA
GetSecurityDescriptorOwner
ConvertSDToStringSDRootDomainW
LsaEnumeratePrivilegesOfAccount
ConvertSDToStringSDRootDomainA
ConvertSecurityDescriptorToStringSecurityDescriptorW
AccessCheckByTypeResultListAndAuditAlarmByHandleA
AreAnyAccessesGranted
SetTraceCallback

ole32

HPALETTE_UserFree
CoGetInstanceFromFile
OleUninitialize
StgCreateStorageEx
StgPropertyLengthAsVariant
OleCreateMenuDescriptor
CoAddRefServerProcess
StgOpenStorageOnILockBytes
OleRegEnumVerbs
CoFileTimeNow
OleCreateEmbeddingHelper
CoGetCurrentLogicalThreadId
HMETAFILEPICT_UserFree
OleIsRunning
HBITMAP_UserSize
HPALETTE_UserUnmarshal
CoRevokeClassObject
OleConvertIStorageToOLESTREAMEx
SNB_UserSize
CoRevokeInitializeSpy
HMETAFILE_UserSize
DcomChannelSetHResult
HICON_UserUnmarshal
HWND_UserUnmarshal
OleCreateFromDataEx
MonikerRelativePathTo
CoRegisterInitializeSpy
CreateDataCache
ReleaseStgMedium

oleaut32

VarI2FromCy
VarUI8FromUI1
VarDecFromCy
VarCyFromI4
VarCyFromR8
VARIANT_UserFree
VarI8FromUI2
VarBstrFromI8
VarI4FromI2
VarR8FromI1
ClearCustData
VarBoolFromI4
VarUI8FromDate
VarI8FromBool
VarUI4FromDisp
VarBoolFromUI2
VarUI4FromI2
SafeArrayGetDim
VariantCopy
VarI4FromR8
VarFix
SafeArrayPutElement
VarUI2FromDec
SafeArrayGetLBound
SysStringByteLen
VarCyFromUI2
RevokeActiveObject
VarBoolFromI2
VarR4FromDec
VarUI4FromUI8
VarUI1FromDisp
VarDateFromR8
VarBoolFromI1
VarI1FromI8
VarUI4FromUI1

mpr

WNetGetUserW
WNetSetLastErrorW
MultinetGetConnectionPerformanceA
WNetGetProviderNameW
WNetGetUniversalNameW
WNetGetResourceParentW
WNetGetLastErrorW
WNetGetProviderNameA
WNetGetResourceInformationA
WNetCloseEnum
WNetConnectionDialog
WNetGetConnectionA
WNetAddConnection3A
WNetEnumResourceA
WNetGetNetworkInformationW
WNetCancelConnection2W
WNetEnumResourceW
WNetGetUserA
WNetOpenEnumA

clusapi

ClusterResourceControl
CreateClusterGroup
GetClusterNetInterfaceKey
ClusterRegCreateKey
ClusterResourceCloseEnum
GetClusterNodeId
SetClusterNetworkPriorityOrder
ClusterRegSetValue
GetClusterResourceState
GetClusterNetworkKey
ClusterRegGetKeySecurity
ClusterGroupCloseEnum
CloseClusterNotifyPort
BackupClusterDatabase
ClusterCloseEnum
GetClusterFromNetwork
CreateClusterResourceType
SetClusterGroupName
GetClusterResourceNetworkName
GetNodeClusterState
CloseClusterGroup
CreateClusterResource
SetClusterServiceAccountPassword
GetClusterFromNode
CloseClusterNetInterface
CloseClusterResource
GetClusterNotify
OpenClusterNetInterface
ClusterResourceTypeCloseEnum
CloseClusterNetwork
GetClusterResourceKey

ddraw

DDGetAttachedSurfaceLcl
DirectDrawCreateEx
DirectDrawEnumerateExW
DirectDrawEnumerateW
GetDDSurfaceLocal
DirectDrawCreateClipper
DDInternalLock
DDInternalUnlock

feclient

FeClientInitialize

mstask

_NetrJobAdd@12
_SASetAccountInformation@20
_GetNetScheduleAccountInformation@12
_ConvertAtJobsToTasks@0
_SetNetScheduleAccountInformation@12
_SAGetNSAccountInformation@12
_NetrJobEnum@20

msv1_0

LsaApLogonUserEx2
MsvSamLogoff
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApInitializePackage
MsvGetLogonAttemptCount
MsvSamValidate
Msv1_0ExportSubAuthenticationRoutine

Exports

Exports

ActionNotCluster
ForAssumedMSMQFor
InstalledInstallingInfoInstalledMessage
InstalledSetup
IsModeClusterOpened
IsProductTypeOfFor
OCMCheckingWas

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b588b6b90db0ff15da3b4a12db23cdc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

mpr

clusapi

ddraw

feclient

mstask

msv1_0

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 16KB - Virtual size: 142KB

.rsrc Size: 168KB - Virtual size: 164KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 16KB - Virtual size: 142KB

.rsrc
Size: 168KB - Virtual size: 164KB

.reloc
Size: 4KB - Virtual size: 1KB