c4b73cbfeb98da9177b63b5336a6e6d83dc30a0a1dd1da692ecb235b44453962

Sharing

Copy URL Twitter E-mail

General

Target

c4b73cbfeb98da9177b63b5336a6e6d83dc30a0a1dd1da692ecb235b44453962
Size

397KB
MD5

875909321beea4160e313db5a5bba0e2
SHA1

139f3aa8db9f435b545d7ff5c3480c10034093e1
SHA256

c4b73cbfeb98da9177b63b5336a6e6d83dc30a0a1dd1da692ecb235b44453962
SHA512

2ab1bb394e6cdf3b1add578f6dac1eb687490f905e2a69e177fb61130d42aa959920efcf685895c63afa5e427dd34d218f24ea16533a4c2c07994fcee219dca9
SSDEEP

12288:Cw337AP6qpbSd2UpX0z7lBdZVgUgq517pCA:C03K6MGcUl0z7lBdADO17p

Score

N/A

Malware Config

Signatures

Files

c4b73cbfeb98da9177b63b5336a6e6d83dc30a0a1dd1da692ecb235b44453962
.dll windows x86

afa6c44f705069d2018bca61eadff76f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleInformation

advapi32

LookupPrivilegeNameW
EnumServicesStatusExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptImportKey
CryptDecrypt
CryptGetProvParam
CryptExportKey
CryptEnumProvidersW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetKeyParam
CryptGetUserKey
CredEnumerateW
CredFree
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
QueryUsersOnEncryptedFile
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
IsTextUnicode
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenServiceW
StartServiceW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
DeleteService
CreateProcessAsUserW
CreateProcessWithLogonW
AllocateAndInitializeSid
FreeSid
SetKernelObjectSecurity
LookupAccountSidW
DuplicateTokenEx
QueryServiceObjectSecurity
SetServiceObjectSecurity
BuildSecurityDescriptorW
ConvertSidToStringSidW
ControlService

user32

GetWindowThreadProcessId
UpdateWindow
InvalidateRect
PostThreadMessageW
EnumWindowStationsW
EnumDesktopsW
EnumWindows
WaitForInputIdle

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
GetUserNameExW
LsaGetLogonSessionData

crypt32

CryptAcquireCertificatePrivateKey
CertEnumCertificatesInStore
PFXExportCertStoreEx
CertGetNameStringW
CertEnumSystemStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CertOpenStore

shlwapi

PathCombineW
PathIsRelativeW
PathCanonicalizeW

wtsapi32

WTSEnumerateSessionsW
WTSCloseServer
WTSEnumerateProcessesW
WTSOpenServerW
WTSFreeMemory

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
VirtualQuery
LoadLibraryExW
SetStdHandle
OutputDebugStringW
WriteConsoleW
SetEndOfFile
OpenProcess
GetACP
IsValidCodePage
GetConsoleCP
GetModuleFileNameW
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
IsDebuggerPresent
ExitProcess
SetUnhandledExceptionFilter
ExitThread
MultiByteToWideChar
WriteFile
ReadFile
CloseHandle
CreateFileW
FreeLibraryAndExitThread
GetProcAddress
Sleep
FreeLibrary
LoadLibraryW
GetLastError
FlushFileBuffers
SetLastError
GetModuleHandleW
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
WaitForSingleObject
VirtualProtect
VirtualProtectEx
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
TerminateProcess
GetProcessId
DuplicateHandle
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
ResumeThread
VirtualQueryEx
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetNativeSystemInfo
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
DebugActiveProcess
CreateProcessW
IsBadReadPtr
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
LocalFree
FormatMessageW
GetCurrentDirectoryW
GetComputerNameExW
GetVersionExW
OpenThread
TerminateThread
SuspendThread
Thread32First
Thread32Next
RaiseException
LoadLibraryExA
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapFree
RtlUnwind
HeapAlloc
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetCPInfo
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleHandleExW
HeapSize
GetProcessHeap

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0
ping

Sections

.text
Size: 275KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afa6c44f705069d2018bca61eadff76f

Headers

DLL Characteristics

File Characteristics

Imports

psapi

advapi32

user32

secur32

crypt32

shlwapi

wtsapi32

kernel32

Exports

Exports

Sections

.text Size: 275KB - Virtual size: 275KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 8KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 760B

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 275KB - Virtual size: 275KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 8KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 760B

.reloc
Size: 16KB - Virtual size: 16KB