683b396fd4305dfafba12fcfc2545f4ba015ab62756ee6d03a8e3bde833ab8e7

Sharing

Copy URL Twitter E-mail

General

Target

683b396fd4305dfafba12fcfc2545f4ba015ab62756ee6d03a8e3bde833ab8e7
Size

56KB
MD5

a83492c799d549b034f2b96e381ffb80
SHA1

a49b69faf5503f4064553c4f6cda6b99b7d4f8e4
SHA256

683b396fd4305dfafba12fcfc2545f4ba015ab62756ee6d03a8e3bde833ab8e7
SHA512

f21f8f96e3903c7d7ab74632614f5082938403fd28a3a2fc1b081932e42b91db2cdcb81abe921c211eb21aa520dba6db92e8c11c3b46c5e0ff4744d02a8bbc9b
SSDEEP

768:Fyjty69QAqJ1EJ6iv31mHM6L9EFtuxGpSsN7ALqYByVHYZKxH:FyxymQV3XImsBuY1N7BY+

Score

N/A

Malware Config

Signatures

Files

683b396fd4305dfafba12fcfc2545f4ba015ab62756ee6d03a8e3bde833ab8e7
.exe windows x86

42746ac3b2b88bdfba7e1bef2e412a56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasman

RasConnectionGetStatistics
RasSetConnectionUserData
RasDeviceConnect
RasDeviceEnum
RasPortOpen
RasRefConnection
RasPortStoreUserData
RasPortListen
RasRpcGetCountryInfo
RasRpcEnumConnections
RasRpcGetUserPreferences
RasRpcConnect
RasRpcRemoteSetUserPreferences
RasGetUserCredentials
RasInitialize
RasPortClearStatistics
RasSetRouterUsage
RasRegisterPnPHandler
RasPortReceiveEx
RasFreeBuffer
RasPortGetProtocolCompression
RasGetBuffer

kernel32

AddAtomW
SetTimerQueueTimer
WriteConsoleOutputA
AreFileApisANSI
CompareStringW
RtlFillMemory
GetCurrentProcessId
LoadLibraryW
GetOEMCP
QueryPerformanceFrequency
DebugBreakProcess
CreateTimerQueue
HeapCreate
SetConsoleTitleA
GetComputerNameA
InterlockedDecrement
IsProcessInJob
GetDevicePowerState
GetVolumeInformationA
FindActCtxSectionGuid
SetFilePointerEx
ClearCommError
CreateDirectoryW
DefineDosDeviceW
EnumDateFormatsExW
SetStdHandle
SetCommBreak
GetProcessVersion
GetWindowsDirectoryA
WritePrivateProfileSectionA
SetHandleCount
SetEnvironmentVariableW
GetPrivateProfileSectionW
Heap32ListNext
EnumCalendarInfoA
RemoveDirectoryW
UpdateResourceW
EnumLanguageGroupLocalesW

perfctrs

CloseIPXPerformanceData
OpenDhcpPerformanceData
CollectNbfPerformanceData
OpenNWNBPerformanceData
CollectTcpIpPerformanceData
OpenSPXPerformanceData
CloseNbfPerformanceData
CloseNWNBPerformanceData
CloseDhcpPerformanceData
CloseSPXPerformanceData
OpenIPXPerformanceData
CollectNWNBPerformanceData
OpenNbfPerformanceData
CollectIPXPerformanceData
CloseTcpIpPerformanceData
OpenTcpIpPerformanceData
CollectSPXPerformanceData
CollectDhcpPerformanceData

ntdll

NtCreateToken
RtlFillMemory
NtIsProcessInJob
NtSaveMergedKeys
_itow
ZwAllocateLocallyUniqueId
ZwOpenThreadToken
RtlApplyRXactNoFlush
ZwQueryOpenSubKeys
NtMapViewOfSection
RtlGUIDFromString
NtSetIoCompletion
LdrUnloadDll
RtlIsGenericTableEmpty
ZwCreateKey
ZwEnumerateKey
strcat
NtLoadKey2
RtlFindMostSignificantBit
NtQueryDebugFilterState
RtlIsValidIndexHandle
NtQueryTimerResolution
RtlFreeOemString
NtQueryIoCompletion

ntdsapi

DsGetRdnW
DsMakeSpnA
DsCrackNamesW
DsCrackUnquotedMangledRdnW
DsListDomainsInSiteA
DsMakePasswordCredentialsA
DsRemoveDsDomainA
DsaopBindWithCred
DsUnBindW
DsFreeNameResultA
DsFreeDomainControllerInfoA
DsReplicaAddA
DsBindWithCredW
DsQuoteRdnValueW
DsReplicaGetInfo2W
DsaopBindWithSpn
DsBindWithSpnA
DsFreeDomainControllerInfoW
DsInheritSecurityIdentityW
DsCrackSpn2A
DsCrackUnquotedMangledRdnA
DsFreeSchemaGuidMapA
DsListServersForDomainInSiteW
DsListRolesW
DsReplicaSyncAllW
DsClientMakeSpnForTargetServerA
DsGetDomainControllerInfoW
DsMakeSpnW
DsReplicaUpdateRefsW
DsReplicaVerifyObjectsW

wintrust

mscat32DllUnregisterServer
WVTAsn1CatMemberInfoDecode
CryptCATCDFEnumMembers
CryptCATCatalogInfoFromContext
CryptCATPutAttrInfo
GenericChainCertificateTrust
OfficeCleanupPolicy
DriverFinalPolicy
SoftpubInitialize
CryptCATEnumerateCatAttr
WTHelperGetProvSignerFromChain
CryptCATPutCatAttrInfo
WVTAsn1SpcFinancialCriteriaInfoEncode

user32

CreateDesktopW
InsertMenuW
SetActiveWindow
GetPropA
ToUnicodeEx
InitializeLpkHooks
BeginPaint
BeginDeferWindowPos
FindWindowA
DrawFrame
EnumThreadWindows
LoadMenuA
DialogBoxIndirectParamAorW
MessageBoxExW
DdeCreateStringHandleA
CheckRadioButton
ShowCaret

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42746ac3b2b88bdfba7e1bef2e412a56

Headers

DLL Characteristics

File Characteristics

Imports

rasman

kernel32

perfctrs

ntdll

ntdsapi

wintrust

user32

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 388B

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 388B

.rsrc
Size: 19KB - Virtual size: 19KB