9eeca745bbe3f69c21f5c15cda71211c7fd1cfa362f896acb86549053779d747

Sharing

Copy URL Twitter E-mail

General

Target

9eeca745bbe3f69c21f5c15cda71211c7fd1cfa362f896acb86549053779d747
Size

739KB
MD5

916cf7a186444cc55902467249bb6d40
SHA1

e7096504e12182e20fcd8268e499e660032519fa
SHA256

9eeca745bbe3f69c21f5c15cda71211c7fd1cfa362f896acb86549053779d747
SHA512

bfb3a734a16915a98fbd13502f1f18f86cc0934c7215f31eff8d801ee5d09864a15ab0b0348a293920c356c00c15d4f9f27c2f8f1a4c32dac8ea6aed00916136
SSDEEP

12288:gE1zn2akz8EGQ/HL67MfEoW8WKZsx4noY1cvCk8tsjP+3S8TFwroOF7y4hdpbcr3:gMzntbEGQmw8N9KjnH1c6kiU+pOnFG4k

Score

N/A

Malware Config

Signatures

Files

9eeca745bbe3f69c21f5c15cda71211c7fd1cfa362f896acb86549053779d747
.exe windows x86

b2458b5d14544acc92761704168ff04b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_purecall
_wcsicmp
_wcsnicmp
printf
exit
_except_handler3
malloc
wcslen
free
??3@YAXPAX@Z
??2@YAPAXI@Z
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__dllonexit
_onexit

advapi32

RegisterEventSourceW
DeregisterEventSource
ReportEventW
RegEnumValueW
LsaQueryForestTrustInformation
DeleteAce
GetAce
AccessCheck
OpenThreadToken
GetTokenInformation
IsValidSecurityDescriptor
MakeSelfRelativeSD
MakeAbsoluteSD
AdjustTokenPrivileges
LookupPrivilegeNameW
OpenProcessToken
MapGenericMask
RegGetKeySecurity
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
TraceMessage
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
RegDeleteKeyW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegConnectRegistryW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
ControlService
CloseServiceHandle
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
OpenSCManagerW
RegQueryValueExW

kernel32

GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
LeaveCriticalSection
GetCommandLineW
Sleep
GetLastError
LocalFree
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetStartupInfoA
EnterCriticalSection
SetEvent
WaitForSingleObject
CloseHandle
GetVersionExW
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
GetComputerNameExW
ResetEvent
WaitForMultipleObjects
CreateEventW
ResumeThread
SystemTimeToFileTime
GetSystemTime
CreateThread
GetLocalTime
InterlockedExchange
SetWaitableTimer
CreateWaitableTimerW
GetVolumePathNameW
CreateFileW
GetVolumeNameForVolumeMountPointW
CompareFileTime
InterlockedExchangeAdd
MoveFileW
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentThread
LocalAlloc
HeapCreate
SetUnhandledExceptionFilter

netapi32

NetShareGetInfo
DsEnumerateDomainTrustsW
DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory
NetDfsSetInfo
NetApiBufferFree
DsGetDcNameW
DsGetSiteNameW
I_NetDfsIsThisADomainName
DsAddressToSiteNamesW

activeds

ord3
ord5
ord6
ord4
ord7
ord9

clusapi

GetClusterResourceKey
ClusterRegOpenKey
ClusterRegCloseKey
GetClusterResourceNetworkName
OpenCluster
ClusterControl
CloseCluster
GetNodeClusterState

ntdll

NtQueryInformationFile
NtQueryDirectoryFile
NtFsControlFile
NtClose
NtCreateFile
RtlEqualDomainName
wcscspn
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlFreeUnicodeString
RtlCompareUnicodeString
wcscpy
RtlCopyUnicodeString
RtlInitUnicodeString
RtlAllocateAndInitializeSid
RtlNtStatusToDosError
NtDeleteFile
wcschr
memmove
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
RtlEqualUnicodeString
NtOpenFile
NtQueryVolumeInformationFile
_vsnwprintf
wcscat
NtQuerySystemTime
RtlRandomEx
RtlDosPathNameToNtPathName_U
RtlPrefixUnicodeString
RtlIdentifierAuthoritySid
RtlSubAuthorityCountSid
RtlValidAcl
RtlUpcaseUnicodeChar
RtlAdjustPrivilege

ntdsapi

DsBindW
DsQuerySitesByCostW
DsQuerySitesFree
DsFreeDomainControllerInfoW
DsBindToISTGW
DsBindingSetTimeout
DsUnBindW
DsGetDomainControllerInfoW

ole32

CoInitializeEx
CoUninitialize

oleaut32

VariantInit
SysAllocString
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
VariantClear
SysFreeString

resutils

ResUtilEnumResources
ResUtilGetSzValue
ResUtilGetDwordValue

rpcrt4

RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
UuidToStringW
RpcServerRegisterIf
UuidCreate
RpcRevertToSelf
RpcImpersonateClient
NdrServerCall2
RpcServerListen
RpcStringFreeW

shell32

CommandLineToArgvW

shlwapi

PathAddBackslashW
SHDeleteKeyW
SHCopyKeyW

wldap32

ord142
ord26
ord203
ord79
ord155
ord41
ord12
ord16
ord73
ord14
ord145
ord224
ord140
ord13
ord18

ws2_32

GetNameInfoW
gethostbyname
WSAStartup

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 17B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 580KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b2458b5d14544acc92761704168ff04b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

netapi32

activeds

clusapi

ntdll

ntdsapi

ole32

oleaut32

resutils

rpcrt4

shell32

shlwapi

wldap32

ws2_32

Sections

.text Size: 156KB - Virtual size: 155KB

.data Size: 2KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 17B

.rsrc Size: 580KB - Virtual size: 2.3MB

.text
Size: 156KB - Virtual size: 155KB

.data
Size: 2KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 17B

.rsrc
Size: 580KB - Virtual size: 2.3MB