d821aad37d7325073e3a94ad2533865a8c94f837d1f97d9372fdb88b5c18ffbc

Sharing

Copy URL Twitter E-mail

General

Target

d821aad37d7325073e3a94ad2533865a8c94f837d1f97d9372fdb88b5c18ffbc
Size

985KB
MD5

c58756ab8aa1143e4ae2f36f76b6419a
SHA1

abf6ca83a3f242b5e332476a5c977e23137f951a
SHA256

d821aad37d7325073e3a94ad2533865a8c94f837d1f97d9372fdb88b5c18ffbc
SHA512

614eb164528023da2e968ecc1f65985f28f541742fc77e73ff08c075cb02b74c6a305555326e50a46f802bfe00cbd2bf9cb4bd7bcaed08c94caf95fcc616e340
SSDEEP

24576:HN1PUbYurd+BeloyPx20i1uS32FNCO1IIVjtJnY:gLRIbyPxa1uDFSIltV

Score

N/A

Malware Config

Signatures

Files

d821aad37d7325073e3a94ad2533865a8c94f837d1f97d9372fdb88b5c18ffbc
.exe windows x86

f42fa1bf7942f0469e826e2c044f2022

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

shell32

SHGetPathFromIDListA
SHGetFolderLocation
ShellExecuteA
SHAddToRecentDocs
FindExecutableA
ExtractIconExA
SHFileOperationW
SheChangeDirExW
SHGetIconOverlayIndexW
SHPathPrepareForWriteW
SHGetSpecialFolderPathA
ExtractAssociatedIconA
ExtractAssociatedIconW
DragQueryFileA
SHParseDisplayName
SHGetMalloc
ShellAboutW
Shell_NotifyIconW
SHGetSpecialFolderLocation
DragAcceptFiles
DragFinish
ShellExecuteExA
SHAppBarMessage
SHUpdateRecycleBinIcon
CommandLineToArgvW
ExtractIconExW
SHBindToParent
SHBrowseForFolderW

rpcrt4

RpcBindingInqAuthClientExW
IUnknown_Release_Proxy
I_RpcBindingIsClientLocal
NdrDllUnregisterProxy
RpcMgmtSetCancelTimeout
RpcServerInqBindings
RpcBindingInqAuthInfoExW
NdrStubInitialize
CStdStubBuffer_Disconnect
RpcMgmtStopServerListening
CStdStubBuffer_CountRefs
MesHandleFree
NdrClientInitializeNew
RpcImpersonateClient
UuidToStringW
UuidFromStringW

kernel32

VirtualAlloc
ClearCommError
PeekConsoleInputW
GetCompressedFileSizeA
GetCurrentThread
GetCommandLineA
GetTempPathW
TransmitCommChar
ReleaseSemaphore
LockResource
CloseProfileUserMapping
GetDiskFreeSpaceExW
ReadFileEx
SetConsoleScreenBufferSize
EscapeCommFunction
GetDriveTypeW
CreateIoCompletionPort
SetVolumeLabelA
SetConsoleWindowInfo
EndUpdateResourceA
GetPrivateProfileSectionNamesW
GetWindowsDirectoryW
IsValidCodePage
Module32Next
GetCurrentProcess
GetVersion
Sleep

ulib

?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
?Initialize@LIST@@QAEEXZ
?Initialize@LONG_ARGUMENT@@QAEEPAD@Z
?DisableBreakHandling@KEYBOARD@@SGEXZ
??0PATH_ARGUMENT@@QAE@XZ
?Initialize@FSN_FILTER@@QAEEXZ
??0OBJECT@@IAE@XZ
?QueryFullPathString@PATH@@QBEPAVWSTRING@@XZ
??1ARRAY@@UAE@XZ
??0FSTRING@@QAE@XZ
?DisplayMsg@MESSAGE@@QAEEK@Z
?SetName@PATH@@QAEEPBVWSTRING@@@Z
??1PATH_ARGUMENT@@UAE@XZ
?DisplayMsg@MESSAGE@@QAAEKW4MESSAGE_TYPE@@KPBDZZ
??0MEM_ALLOCATOR@@QAE@XZ
??0DSTRING@@QAE@XZ

crypt32

I_CertSrvProtectFunction

advapi32

SetFileSecurityW
DeregisterEventSource
RegOpenKeyW
OpenProcessToken
GetOldestEventLogRecord
ConvertSidToStringSidA
SetKernelObjectSecurity
RegCreateKeyExW
StartServiceCtrlDispatcherW
GetSecurityDescriptorControl
GetSidSubAuthority
GetCurrentHwProfileW
RegOpenKeyExW
SystemFunction035
RegNotifyChangeKeyValue
MakeAbsoluteSD
ConvertStringSidToSidW
RegQueryMultipleValuesW
SystemFunction018
RegConnectRegistryW
GetCurrentHwProfileA
AbortSystemShutdownA
CreatePrivateObjectSecurity
QueryServiceConfig2W
AddAuditAccessAce
GetAce
CreateWellKnownSid
GetSidLengthRequired
CryptGenKey

winspool.drv

DeletePortW
EnumPrinterDriversA
GetPrinterDriverDirectoryA
EnumPortsW
WritePrinter
DeviceCapabilitiesW
SetJobW
DeletePrinterConnectionW
OpenPrinterA
EnumFormsA
PrinterProperties
AddPrinterDriverW
EnumPrinterDataW
OpenPrinterW
DeletePrinterDataW
DeletePrinter
AddMonitorA
DeleteMonitorW
GetPrinterA
EnumFormsW
FindClosePrinterChangeNotification
GetPrintProcessorDirectoryW
GetPrinterDataW
ClosePrinter
SetPrinterDataW
DeviceCapabilitiesA

ntdsapi

DsFreeSchemaGuidMapW
DsCrackSpnW
DsMapSchemaGuidsW
DsUnBindW
DsBindW
DsMakeSpnW
DsMakePasswordCredentialsW
DsFreeDomainControllerInfoW
DsQuoteRdnValueW
DsFreePasswordCredentials
DsGetDomainControllerInfoW
DsCrackNamesW
DsBindWithCredW
DsFreeNameResultW

Sections

.text
Size: 84KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 138KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 191KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f42fa1bf7942f0469e826e2c044f2022

Headers

DLL Characteristics

File Characteristics

Imports

shell32

rpcrt4

kernel32

ulib

crypt32

advapi32

winspool.drv

ntdsapi

Sections

.text Size: 84KB - Virtual size: 576KB

.rdata Size: 260KB - Virtual size: 375KB

.rdata Size: 138KB - Virtual size: 266KB

.edata Size: 191KB - Virtual size: 213KB

.rdata Size: 165KB - Virtual size: 390KB

.rsrc Size: 145KB - Virtual size: 144KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 84KB - Virtual size: 576KB

.rdata
Size: 260KB - Virtual size: 375KB

.rdata
Size: 138KB - Virtual size: 266KB

.edata
Size: 191KB - Virtual size: 213KB

.rdata
Size: 165KB - Virtual size: 390KB

.rsrc
Size: 145KB - Virtual size: 144KB

.reloc
Size: 1KB - Virtual size: 1KB