8dafd00da164455fa230eec917781f88ccff13162ba4f10a2397b8463bd8e439

Sharing

Copy URL Twitter E-mail

General

Target

8dafd00da164455fa230eec917781f88ccff13162ba4f10a2397b8463bd8e439
Size

376KB
MD5

8403e5c246dc23a73b5d2e7f29526db0
SHA1

26cff6ca051bac75ee445af0c7576ec45fec45c1
SHA256

8dafd00da164455fa230eec917781f88ccff13162ba4f10a2397b8463bd8e439
SHA512

fb6fe9aac53ea57fa0056f12b848b538d45a0ef1827e604cde7ba30738408a317818b56312877e575c2531b0a3705a81fee0d62a4af5f0ae4ee356202a19f59f
SSDEEP

6144:olw1p+2TIXG8O1pL/r2GLXZw6Nw7sjJzHkpzRAy0Qy4Aqnmu/n7VpPm:olw1pveGrL/r2G7ZwL7uH4AyDy4ZnVve

Score

N/A

Malware Config

Signatures

Files

8dafd00da164455fa230eec917781f88ccff13162ba4f10a2397b8463bd8e439
.dll windows x86

50bb4e09ac54854987af94395281e9b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

BuildTrusteeWithNameA
ConvertSecurityDescriptorToAccessNamedA
ConvertSidToStringSidW
ConvertStringSidToSidA
CryptGetDefaultProviderA
EqualSid
GetExplicitEntriesFromAclA
LogonUserA
LsaLookupNames
LsaOpenSecret
RegCloseKey
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegOpenKeyW
RegQueryValueExW
RegSetValueExW
SystemFunction001
SystemFunction008
SystemFunction028
SystemFunction029
CryptEnumProvidersA
FindFirstFreeAce
LsaQueryInformationPolicy
LsaQuerySecurityObject
SystemFunction016
SetPrivateObjectSecurityEx
GetMultipleTrusteeW
RegCreateKeyA
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
SetNamedSecurityInfoExA
AreAnyAccessesGranted
AccessCheck
AccessCheckAndAuditAlarmA
AccessCheckByType
AdjustTokenGroups
ClearEventLogW
CryptEnumProviderTypesA
GetSidIdentifierAuthority
LookupPrivilegeDisplayNameW
LsaClose
LsaFreeMemory
LsaOpenPolicy
RegisterServiceCtrlHandlerA
RevertToSelf
SetServiceBits
SetServiceStatus
EncryptFileW
GetSidSubAuthorityCount
LsaSetSystemAccessAccount
OpenProcessToken
RegQueryInfoKeyA

kernel32

CloseHandle
CreateDirectoryW
CreateEventW
CreateFileW
CreateProcessW
CreateThread
DefineDosDeviceW
DeleteVolumeMountPointW
DisconnectNamedPipe
ExpandEnvironmentStringsW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileW
FindNextFileW
FindResourceW
FormatMessageW
FreeLibrary
FreeLibraryAndExitThread
FreeResource
GetCPInfo
GetCurrentThreadId
GetDateFormatW
GetFileAttributesW
GetFileSize
GetFileTime
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleW
GetNumberFormatW
GetProcAddress
GetProfileSectionW
GetSystemTimeAsFileTime
GetTimeFormatW
GetVersion
GetVersionExW
GlobalGetAtomNameA
GlobalSize
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
LoadResource
LocalCompact
LocalFlags
LocalFree
LockResource
MulDiv
OpenMutexW
ReadFile
RegisterConsoleVDM
SearchPathW
SetCalendarInfoA
SetConsoleTitleA
SetEvent
SetFileApisToOEM
SetSystemPowerState
SetVolumeMountPointA
SizeofResource
Sleep
VDMOperationStarted
WaitForSingleObject
WinExec
WriteFile
_lopen
lstrcatW
lstrcmpiW
lstrcpy
lstrcpyW
lstrcpynW
lstrlenW
VirtualAlloc
DisableThreadLibraryCalls
FindFirstFileExA
GetConsoleAliasExesLengthA
GetCurrentProcessId
GetProcessHeap
GetTickCount
HeapCreate
HeapDestroy
InterlockedCompareExchange
InterlockedExchange
QueryPerformanceCounter
lstrlenA
CommConfigDialogW
RaiseException
lstrcmpW
EnumCalendarInfoA
GetDiskFreeSpaceA
LocalAlloc
CreateTapePartition
GetCurrentProcess
GetLongPathNameW
GetPriorityClass
MultiByteToWideChar
OpenJobObjectA
OpenSemaphoreA
SetConsoleOutputCP
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VerifyConsoleIoHandle
CreateEventA
CreateFileA
FlushFileBuffers
GetConsoleInputExeNameW
GetLocalTime
GetOverlappedResult
OutputDebugStringA
ReadConsoleA
ReleaseMutex
ReleaseSemaphore
ResetEvent
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
BuildCommDCBAndTimeoutsA
CommConfigDialogA
CreateWaitableTimerA
CreateWaitableTimerW
DosDateTimeToFileTime
EnumDateFormatsA
EnumSystemLocalesW
FormatMessageA
GetComputerNameW
GetFileAttributesA
GlobalFindAtomW
GlobalUnlock
Heap32First
QueueUserWorkItem
RemoveDirectoryA
SetEndOfFile
SetFilePointer
WideCharToMultiByte
lstrcpynA
EnumCalendarInfoW
EnumDateFormatsW
EnumResourceNamesW
EnumTimeFormatsW
FreeEnvironmentStringsA
GetProcessVersion
GetSystemInfo
GetSystemTime
SetCommMask
ShowConsoleCursor
UpdateResourceW
lstrlen
IsBadReadPtr
RtlUnwind
LCMapStringA
LCMapStringW
ExitProcess
GetLastError
ResumeThread
TlsSetValue
TlsGetValue
ExitThread
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
HeapValidate
GetFileType
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
EnterCriticalSection
LeaveCriticalSection
GetTimeZoneInformation
SetFileAttributesA
VirtualFree
IsBadWritePtr
Beep
DeleteFileW
SetConsoleCtrlHandler
DeleteCriticalSection
GetDriveTypeA
FindFirstFileA
InitializeCriticalSection
FatalAppExitA
TlsAlloc
TlsFree
SetLastError
GetCurrentThread
GetModuleHandleA
SetStdHandle
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
HeapSize
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteConsoleA
FindNextFileA
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetExitCodeProcess
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
IsBadCodePtr
LoadLibraryA
CreateProcessA
SetEnvironmentVariableW
SetEnvironmentVariableA

oleaut32

DosDateTimeToVariantTime
LHashValOfNameSys
SafeArrayCopyData
VarCyFromDec
VarCyFromR8
VarDecFromR8
VarDiv
VarMod
VarR8FromBool
VarUI1FromBool
OleLoadPictureEx
VarBoolFromI4
VarPow
VarTokenizeFormatString
VarDecFromUI1
VarI1FromDate
VarBoolFromI1
VarCyCmpR8
VarI2FromBool
VarDecAbs
BSTR_UserSize
SafeArrayDestroyDescriptor
SysStringByteLen
VarAbs
VarDecFromBool
VarI1FromStr
VarNot
VarUI1FromUI4
VarUI2FromUI4
VariantChangeType
VarR8FromI1

rpcrt4

IUnknown_Release_Proxy
I_RpcSendReceive
I_RpcTransConnectionFreePacket
I_RpcTransDatagramAllocate2
MIDL_wchar_strcpy
MesDecodeBufferHandleCreate
NdrEncapsulatedUnionUnmarshall
NdrOleFree
NdrStubCall
NdrXmitOrRepAsUnmarshall
RpcSmSetClientAllocFree
RpcStringFreeA
NdrNsSendReceive
NdrServerInitializePartial
I_RpcFreeBuffer
NdrConformantStringBufferSize
NdrNonEncapsulatedUnionMarshall
NdrRpcSmClientFree
NdrConformantArrayBufferSize
NdrRpcSsDefaultAllocate
RpcServerUnregisterIf
I_RpcBindingInqDynamicEndpointA
NdrInterfacePointerFree
NdrMapCommAndFaultStatus
NdrNonEncapsulatedUnionBufferSize
NdrServerMarshall
RpcProtseqVectorFreeA
RpcSmFree
data_into_ndr
NdrComplexArrayMemorySize
NdrConformantStringMarshall
NdrCorrelationFree
NdrSimpleStructBufferSize
NdrUserMarshalBufferSize

Exports

Exports

ZGWCZGTBVQ

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50bb4e09ac54854987af94395281e9b7

Headers

File Characteristics

Imports

advapi32

kernel32

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 272KB - Virtual size: 268KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 40KB - Virtual size: 49KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 272KB - Virtual size: 268KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 40KB - Virtual size: 49KB

.reloc
Size: 16KB - Virtual size: 15KB