f5cfd8292c6d2ecf5fc42e4862a3b9439a1a85efc29fdc6616dfd377ff2e0650

Sharing

Copy URL Twitter E-mail

General

Target

f5cfd8292c6d2ecf5fc42e4862a3b9439a1a85efc29fdc6616dfd377ff2e0650
Size

233KB
MD5

59f48d65bb3e926c6e9cfea51888867c
SHA1

a9a79c867bc27fc174553513fc164e7e35b8afe9
SHA256

f5cfd8292c6d2ecf5fc42e4862a3b9439a1a85efc29fdc6616dfd377ff2e0650
SHA512

a701c50fd30b5b88bcd73345efe8cc4bb2b68a7f35e6725a38eba1443b71b77fd9605fae78b1a02b8033185542a8e3dfa1ee6ddb4cea3126e2c188a01d4ab9b7
SSDEEP

3072:TawtstiqK4v2UlaD9pFWI12rOA6czx5j4QuN+OejOgxpw6y8eczVGSfK3FNRkIju:0G0CAIorOAVNzeo/wW

Score

N/A

Malware Config

Signatures

Files

f5cfd8292c6d2ecf5fc42e4862a3b9439a1a85efc29fdc6616dfd377ff2e0650
.dll windows x86

a65645cbd7e82036f1d9b7381bd3cbfd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htonl

version

VerQueryValueW

samlib

SamConnect
SamEnumerateUsersInDomain
SamLookupNamesInDomain
SamLookupIdsInDomain
SamCloseHandle
SamFreeMemory
SamEnumerateDomainsInSamServer
SamLookupDomainInSamServer
SamGetGroupsForUser
SamGetAliasMembership
SamRidToSid
SamOpenUser
SamOpenDomain
SamQueryInformationUser

advapi32

MD4Final
MD5Init
MD5Update
MD5Final
MD4Init
MD4Update
ClearEventLogW
CredFree
CredEnumerateW
ConvertSidToStringSidW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CheckTokenMembership
DuplicateTokenEx
GetTokenInformation
OpenThreadToken
OpenProcessToken
LookupAccountSidW
StartServiceW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
DeleteService
ControlService
CloseServiceHandle
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
CreateProcessWithLogonW
CreateProcessAsUserW
IsTextUnicode
ConvertStringSidToSidW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGetHashParam
CryptImportKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
SystemFunction005
SystemFunction025
SystemFunction032
CryptGetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptEnumProvidersW
SetThreadToken
GetNumberOfEventLogRecords
OpenEventLogW
CreateWellKnownSid

user32

IsCharAlphaNumericW
GetUserObjectInformationW

secur32

LsaConnectUntrusted
LsaDeregisterLogonProcess
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer
LsaCallAuthenticationPackage

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertEnumSystemStore
CryptAcquireCertificatePrivateKey
CertGetNameStringW
PFXExportCertStoreEx
CryptBinaryToStringW

shlwapi

PathIsRelativeW
PathCombineW
PathCanonicalizeW

kernel32

TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
SetFilePointerEx
TerminateProcess
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleFileNameA
LoadLibraryExW
OutputDebugStringW
LCMapStringW
SetStdHandle
WriteConsoleW
HeapSize
LocalAlloc
GetStartupInfoW
DeleteCriticalSection
GetFileType
GetCPInfo
ExitProcess
SetUnhandledExceptionFilter
ExitThread
GetProcAddress
GetModuleHandleA
FileTimeToSystemTime
ReadConsoleW
LocalFree
GetLastError
GetSystemTime
SystemTimeToFileTime
OpenProcess
CloseHandle
CreateFileW
FreeLibrary
SetLastError
LoadLibraryW
FreeResource
LockResource
GetCurrentProcess
Sleep
LoadResource
GetStdHandle
GetModuleHandleW
FindResourceW
GetVersionExW
IsWow64Process
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
GetCurrentProcessId
GetCurrentThread
GetExitCodeThread
WaitForSingleObject
LoadLibraryA
GetFileSizeEx
WriteFile
ReadFile
FlushFileBuffers
GetCurrentDirectoryW
DuplicateHandle
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
ReadProcessMemory
WriteProcessMemory
SetFilePointer
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateProcessW
FileTimeToLocalFileTime
GetTimeFormatW
GetDateFormatW
RaiseException
LoadLibraryExA
HeapReAlloc
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcessHeap
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP

Exports

Exports

DeinitServerExtension
GetExtensionName
InitServerExtension
_ReflectiveLoader@0

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a65645cbd7e82036f1d9b7381bd3cbfd

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

version

samlib

advapi32

user32

secur32

crypt32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 135KB - Virtual size: 135KB

.rdata Size: 77KB - Virtual size: 77KB

.data Size: 10KB - Virtual size: 21KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 135KB - Virtual size: 135KB

.rdata
Size: 77KB - Virtual size: 77KB

.data
Size: 10KB - Virtual size: 21KB

.reloc
Size: 9KB - Virtual size: 9KB