664b86bcb5b3118fd4eee1dd0681facfb8464526d96219302259d85844a32d50

Sharing

Copy URL

Twitter E-mail

General

Target

664b86bcb5b3118fd4eee1dd0681facfb8464526d96219302259d85844a32d50
Size

369KB
MD5

84916020ee15c06bed1300e70238cc10
SHA1

d3b61f5046f73f045c1bacfc261ded334e531236
SHA256

664b86bcb5b3118fd4eee1dd0681facfb8464526d96219302259d85844a32d50
SHA512

6cfa2695bc0f2a8753b6b13144d6140f37adb9b94e26ef388b2b4551aa9cca7e44b0acf8a0b79dd4003c2d4007ab9f49dfefa815bd57752f1aa1c35bcf17e97f
SSDEEP

6144:noUuerS7kkQMHy95orazpJF2CM4Dvo8jXzBW0BtEYvnp5QkQrA+40FTOwvq93:n5PrS72JF2Ij40Bnp59Sh1Rz

Score

N/A

Malware Config

Signatures

Files

664b86bcb5b3118fd4eee1dd0681facfb8464526d96219302259d85844a32d50
.exe windows x86

4657d0d414c30d433ad26ac10ef98d51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_purecall
iswspace
wprintf
_wcslwr
wcstol
_except_handler3
_wtol
fprintf
_errno
swscanf
wcstoul
_wsetlocale
wcsncmp
wcschr
_CxxThrowException
_wcsupr
fputwc
_wcsicmp
_iob
wcsstr
__CxxFrameHandler
_wtoi
towupper
wcscmp
_c_exit
_exit
_XcptFilter
_cexit
??2@YAPAXI@Z
iswdigit
wcslen
printf
_vsnwprintf
exit
__winitenv
__wgetmainargs
_initterm
vswprintf
??3@YAXPAX@Z
_putws
?terminate@@YAXXZ
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr

atl

ord16

advapi32

LookupAccountNameW
GetSecurityDescriptorLength
InitializeSecurityDescriptor
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
SetEntriesInAclW
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorControl
MakeSelfRelativeSD
BuildExplicitAccessWithNameW
AllocateAndInitializeSid
GetSecurityDescriptorDacl
IsValidAcl
GetAclInformation
GetAce
FreeSid
EqualSid
QueryServiceConfigW
ControlService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfig2W

kernel32

GetStdHandle
GetConsoleOutputCP
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
GetConsoleMode
SetUnhandledExceptionFilter
SetLastError
GetProcessHeap
HeapAlloc
HeapFree
DnsHostnameToComputerNameW
SetConsoleMode
ReadConsoleW
UnhandledExceptionFilter
LocalReAlloc
LocalAlloc
GetComputerNameExW
InitializeCriticalSectionAndSpinCount
GetCommandLineW
lstrcmpiW
GetModuleHandleW
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryW
FreeLibrary
CloseHandle
FormatMessageW
LocalFree
DeleteCriticalSection
Sleep
InterlockedIncrement
GetLastError
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
lstrlenA
InterlockedDecrement
lstrlenW
CompareStringW
lstrcmpW
GetLocaleInfoW
IsDebuggerPresent
OutputDebugStringA
InterlockedCompareExchange
FormatMessageA
LoadLibraryExW

user32

LoadStringW

ole32

CoInitializeSecurity
CoUninitialize
CoInitializeEx
CoCreateInstanceEx
CoCreateInstance

oleaut32

VariantInit
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

netapi32

NetpwNameValidate
NetpNetBiosReset
NetpNetBiosStatusToApiStatus
NetUserChangePassword
Netbios
DsGetDcNameW
NetServerEnum
NetApiBufferFree

clusapi

ClusterGetEnumCount
CloseClusterNetInterface
OpenClusterNetInterface
GetClusterNetInterfaceState
ClusterNetInterfaceControl
CloseClusterNode
GetClusterNodeState
OpenClusterNode
ClusterNodeCloseEnum
ClusterNodeOpenEnum
ClusterNodeControl
PauseClusterNode
ResumeClusterNode
EvictClusterNodeEx
GetClusterNodeId
GetClusterInformation
SetClusterServiceAccountPassword
ClusterResourceControl
DeleteClusterResource
SetClusterResourceName
ClusterResourceCloseEnum
ClusterResourceOpenEnum
FailClusterResource
CreateClusterResource
OpenClusterGroup
CloseClusterGroup
ChangeClusterResourceGroup
AddClusterResourceDependency
RemoveClusterResourceDependency
AddClusterResourceNode
RemoveClusterResourceNode
GetClusterNetworkState
SetClusterNetworkName
ClusterNetworkCloseEnum
ClusterNetworkOpenEnum
ClusterNetworkControl
OpenClusterNetwork
SetClusterNetworkPriorityOrder
CloseClusterNetwork
OpenClusterResource
SetClusterQuorumResource
CloseClusterResource
SetClusterName
ClusterOpenEnum
ClusterEnum
ClusterCloseEnum
OpenCluster
ClusterControl
SetClusterGroupNodeList
ClusterResourceTypeEnum
ClusterResourceTypeCloseEnum
ClusterResourceTypeOpenEnum
ClusterResourceTypeControl
DeleteClusterResourceType
CreateClusterResourceType
GetClusterQuorumResource
GetClusterGroupState
ClusterGroupEnum
ClusterNetworkEnum
ClusterNodeEnum
GetClusterResourceState
ClusterResourceEnum
CreateClusterNotifyPort
CloseClusterNotifyPort
RegisterClusterNotify
GetClusterNotify
CreateClusterGroup
OnlineClusterResource
OfflineClusterResource
OnlineClusterGroup
OfflineClusterGroup
MoveClusterGroup
GetClusterNetInterface
DeleteClusterGroup
SetClusterGroupName
ClusterGroupCloseEnum
ClusterGroupOpenEnum
ClusterGroupControl
CloseCluster

ntdll

RtlAnsiStringToUnicodeString
RtlNtStatusToDosError
memmove
RtlInitAnsiString
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
_strnicmp
RtlUnicodeStringToOemString
toupper
RtlFreeOemString
iswctype

ws2_32

inet_addr

dnsapi

DnsValidateName_W

secur32

GetUserNameExW

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 192KB - Virtual size: 1.3MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4657d0d414c30d433ad26ac10ef98d51

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

atl

advapi32

kernel32

user32

ole32

oleaut32

netapi32

clusapi

ntdll

ws2_32

dnsapi

secur32

Sections

.text Size: 121KB - Virtual size: 120KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 54KB - Virtual size: 54KB

.vmp0 Size: 192KB - Virtual size: 1.3MB

.text
Size: 121KB - Virtual size: 120KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 54KB - Virtual size: 54KB

.vmp0
Size: 192KB - Virtual size: 1.3MB