8dbf42115c6d952a076ba192953c0328a91f53490895b9730cdf8126fdf170cc

Sharing

Copy URL

Twitter E-mail

General

Target

8dbf42115c6d952a076ba192953c0328a91f53490895b9730cdf8126fdf170cc
Size

40KB
MD5

54dac3461a410fb9127e98eccc4e8f18
SHA1

514c3e3d4d852f86eab7d4afcfc4f9801219bd11
SHA256

8dbf42115c6d952a076ba192953c0328a91f53490895b9730cdf8126fdf170cc
SHA512

9c44147816391d0a8cef41e1062c497865b4fe2917a0f51d048e37547043574455a81dc5cd9a157632626194819a1b024f6d8e3dfb466a59ff6a513ceabd97f7
SSDEEP

768:eVVvfI0AkykJBVAA9Z3cpGYjVUc671YBBvn8gknxqI7e91s/iSU:iI5oB+AL3cLR0CValrxU

Score

N/A

Malware Config

Signatures

Files

8dbf42115c6d952a076ba192953c0328a91f53490895b9730cdf8126fdf170cc
.exe windows x86

44647b794c645e14fafec346439e3295

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpSetCurrentDirectoryA
InternetCrackUrlW
InternetSetStatusCallbackA
InternetSetPerSiteCookieDecisionW
InternetSetCookieA
InternetSetOptionW
RetrieveUrlCacheEntryStreamA
FreeUrlCacheSpaceW
FtpSetCurrentDirectoryW
FtpGetFileSize
SetUrlCacheConfigInfoA
InternetCanonicalizeUrlA
InternetGoOnlineW
InternetGetCertByURLA
ShowSecurityInfo
DetectAutoProxyUrl
InternetGoOnline
FindFirstUrlCacheContainerW
PrivacyGetZonePreferenceW
DeleteUrlCacheEntry
SetUrlCacheEntryInfoW
SetUrlCacheGroupAttributeW
InternetLockRequestFile
InternetTimeToSystemTimeA
InternetSetStatusCallbackW
InternetFindNextFileA
HttpEndRequestW
InternetReadFile

pdh

PdhGetDefaultPerfCounterHA
PdhGetDataSourceTimeRangeA
PdhOpenQueryA
PdhGetDefaultPerfCounterA
PdhOpenQueryH
PdhVbGetLogFileSize
PdhRelogA
PdhCloseLog
PdhOpenLogA
PdhVbOpenLog
PdhEnumObjectsHA
PdhBindInputDataSourceA
PdhVerifySQLDBA
PdhComputeCounterStatistics
PdhGetDefaultPerfCounterW
PdhIsRealTimeQuery
PdhLookupPerfIndexByNameA
PdhGetLogFileTypeA
PdhRemoveCounter
PdhBrowseCountersHW
PdhGetRawCounterValue
PdhLookupPerfNameByIndexW
PdhExpandWildCardPathA
PdhGetCounterInfoA
PdhSelectDataSourceA
PdhReadRawLogRecord
PdhVbAddCounter
PdhOpenLogW
PdhEnumObjectsHW

ws2_32

WSALookupServiceNextA
WSAEventSelect
shutdown
connect
WSADuplicateSocketW
send
inet_ntoa
WSACleanup
WSAAsyncGetProtoByName
WSAAddressToStringA
WSAStringToAddressA
WSAInstallServiceClassA
WSAWaitForMultipleEvents
WEP
WSAGetLastError
WSANtohs
WSApSetPostRoutine
getsockopt
getservbyport
WSANtohl
recvfrom
WSAAsyncGetServByPort
WSCInstallNameSpace
WSAJoinLeaf
WSASendDisconnect
WSASetLastError
WSASocketA

kernel32

SetThreadPriority
BaseCleanupAppcompatCacheSupport
GetUserGeoID
ShowConsoleCursor
ExitProcess
lstrcatW
BuildCommDCBAndTimeoutsA
LocalAlloc
LoadLibraryA
HeapCreate
WriteConsoleOutputAttribute
VirtualAlloc
ReplaceFileA
GetTapeParameters
LCMapStringW
_lread
RtlZeroMemory
ExpandEnvironmentStringsW
EnumCalendarInfoA
GlobalUnWire
GetCommandLineW
LZDone
GetNumaHighestNodeNumber
Heap32ListFirst
GetOEMCP
_lwrite
GetModuleHandleW
lstrcmpW
SetConsoleCursorMode
SetConsoleNumberOfCommandsA
GetLastError
QueryInformationJobObject
AddLocalAlternateComputerNameW
LZRead
FindActCtxSectionGuid
GetTempPathW
FindVolumeMountPointClose
CopyFileExW

ureg

?Initialize@REGISTRY_KEY_INFO@@QAEEPBVWSTRING@@0K0PAU_SECURITY_ATTRIBUTES@@@Z
?LoadHive@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
?UnLoadHive@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PAK@Z
?SetKeySecurity@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@KPAXPAKE@Z
?CreateKey@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@1PAKE@Z
?DeleteValueEntry@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
?RestoreKeyFromFile@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@EPAK@Z
?DoesValueExist@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@11PAK@Z
??0REGISTRY_KEY_INFO@@QAE@XZ
?QueryKeyInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVREGISTRY_KEY_INFO@@PAK@Z
??0REGISTRY_VALUE_ENTRY@@QAE@XZ
?QuerySubKeysInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVARRAY@@PAK@Z
??1REGISTRY@@UAE@XZ
?IsAccessAllowed@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@KPAK@Z
?UpdateKeyInfo@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PAK@Z
?QueryValues@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAVARRAY@@PAK@Z
?DeleteKey@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
??0REGISTRY@@QAE@XZ
?DoesKeyExist@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVWSTRING@@1PAK@Z
?Initialize@REGISTRY_VALUE_ENTRY@@QAEEPBVWSTRING@@KW4_REG_TYPE@@PBEK@Z
?EnableRootNotification@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAXKE@Z
?Initialize@REGISTRY@@QAEEPBVWSTRING@@PAK@Z
?SaveKeyToFile@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PAVREGISTRY_KEY_INFO@@PBVWSTRING@@PAK@Z
?QueryKeySecurity@REGISTRY@@QAEEW4_PREDEFINED_KEY@@PBVREGISTRY_KEY_INFO@@KPAPAXPAK@Z

advapi32

CryptHashData
SetSecurityInfoExW
RegUnLoadKeyW
QueryServiceConfigW
ObjectDeleteAuditAlarmA
EnumDependentServicesA
LsaClearAuditLog
QueryServiceStatusEx
OpenServiceA
WmiQuerySingleInstanceA
RegReplaceKeyW
AddAuditAccessAceEx
LsaCreateSecret
BuildExplicitAccessWithNameW
BuildTrusteeWithNameW
SystemFunction010
RegCreateKeyA
SaferComputeTokenFromLevel
RegOpenKeyExW
FindFirstFreeAce
GetOldestEventLogRecord
SystemFunction035
LookupAccountNameA
CredIsMarshaledCredentialA
BuildTrusteeWithObjectsAndNameA
IdentifyCodeAuthzLevelW
LsaQueryDomainInformationPolicy
ChangeServiceConfig2W
SystemFunction036

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

44647b794c645e14fafec346439e3295

Headers

DLL Characteristics

File Characteristics

Imports

wininet

pdh

ws2_32

kernel32

ureg

advapi32

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB