ba693e1a7161d09f69220006c68a157f032b9619693f933aa6a89c672162fa53

Sharing

Copy URL Twitter E-mail

General

Target

ba693e1a7161d09f69220006c68a157f032b9619693f933aa6a89c672162fa53
Size

529KB
MD5

642695a23c8d9eb7f84f0eaff335cd5a
SHA1

527e7c47dd0fc284727884091eaf2fa1cf3f95c2
SHA256

ba693e1a7161d09f69220006c68a157f032b9619693f933aa6a89c672162fa53
SHA512

7b9d9d1c7d3b970f7969ba6be9f2a4c64aacb64e535b225911e83c5195e0ff6422c61435dacfc19391d5eff50fa68077a1df6ce955f42c89e3c3ae8243cd8ba1
SSDEEP

12288:JEe0InIVlOMwQ+VnO+UXYYib3+P2YCxEoxUfVST0pktXIJlxsdiFy:JEeeniI2YCxEox5TYEIJlxssFy

Score

N/A

Malware Config

Signatures

Files

ba693e1a7161d09f69220006c68a157f032b9619693f933aa6a89c672162fa53
.dll windows x64

36e4d5414001278bb80d1f97ce1be672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleInformation

advapi32

LookupPrivilegeNameW
EnumServicesStatusExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptImportKey
CryptDecrypt
CryptGetProvParam
CryptExportKey
CryptEnumProvidersW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetKeyParam
CryptGetUserKey
CredEnumerateW
CredFree
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
QueryUsersOnEncryptedFile
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
IsTextUnicode
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenServiceW
StartServiceW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
DeleteService
CreateProcessAsUserW
CreateProcessWithLogonW
AllocateAndInitializeSid
FreeSid
SetKernelObjectSecurity
LookupAccountSidW
DuplicateTokenEx
QueryServiceObjectSecurity
SetServiceObjectSecurity
BuildSecurityDescriptorW
ConvertSidToStringSidW
ControlService

user32

GetWindowThreadProcessId
UpdateWindow
InvalidateRect
PostThreadMessageW
EnumWindowStationsW
EnumDesktopsW
EnumWindows
WaitForInputIdle

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
GetUserNameExW
LsaGetLogonSessionData

crypt32

CryptAcquireCertificatePrivateKey
CertEnumCertificatesInStore
PFXExportCertStoreEx
CertGetNameStringW
CertEnumSystemStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CertOpenStore

shlwapi

PathCombineW
PathIsRelativeW
PathCanonicalizeW

wtsapi32

WTSEnumerateSessionsW
WTSCloseServer
WTSEnumerateProcessesW
WTSOpenServerW
WTSFreeMemory

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
SetStdHandle
OutputDebugStringW
WriteConsoleW
SetEndOfFile
VirtualProtect
IsValidCodePage
GetConsoleCP
GetModuleFileNameW
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
IsDebuggerPresent
GetProcessHeap
ExitProcess
SetUnhandledExceptionFilter
ExitThread
MultiByteToWideChar
WriteFile
ReadFile
CloseHandle
CreateFileW
FreeLibraryAndExitThread
GetProcAddress
Sleep
FreeLibrary
LoadLibraryW
GetLastError
FlushFileBuffers
SetLastError
GetModuleHandleW
VirtualAllocEx
VirtualFreeEx
OpenProcess
CreateRemoteThread
WaitForSingleObject
VirtualProtectEx
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
TerminateProcess
GetProcessId
DuplicateHandle
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
ResumeThread
VirtualQueryEx
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetNativeSystemInfo
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
DebugActiveProcess
CreateProcessW
IsBadReadPtr
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
LocalFree
FormatMessageW
GetCurrentDirectoryW
GetComputerNameExW
GetVersionExW
OpenThread
TerminateThread
SuspendThread
Thread32First
Thread32Next
RaiseException
LoadLibraryExA
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
HeapFree
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleHandleExW
HeapSize

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
ReflectiveLoader
ping

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36e4d5414001278bb80d1f97ce1be672

Headers

DLL Characteristics

File Characteristics

Imports

psapi

advapi32

user32

secur32

crypt32

shlwapi

wtsapi32

kernel32

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 348KB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 11KB - Virtual size: 22KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 760B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 348KB - Virtual size: 348KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 11KB - Virtual size: 22KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 760B

.reloc
Size: 3KB - Virtual size: 2KB