10d9d7971943aa891e5375218dfa2734e564608e8a7879fe64baf7d2fcad0b73

Sharing

Copy URL

Twitter E-mail

General

Target

10d9d7971943aa891e5375218dfa2734e564608e8a7879fe64baf7d2fcad0b73
Size

79KB
MD5

92f84a5f4df8ea2c0c7d9d366b628930
SHA1

040c7af19defd8c26ce6f79a89889028be29540c
SHA256

10d9d7971943aa891e5375218dfa2734e564608e8a7879fe64baf7d2fcad0b73
SHA512

deb8d9ee51a63fb555c3f29706006f7c210f873ebf1948701b37de3499fb6deead6f2abe61ae940504391ae259831865ef23aaa4af1ec6cdebefb7a7d33fb989
SSDEEP

1536:nIg+EM43uZH9f5xleTm87vkuqIhtzZuGRYEUVDobdd5bVcdxjk3OX+TnEL:+43uZdf3lZ87MpIh/PRjgcd/aj8OuM

Score

N/A

Malware Config

Signatures

Files

10d9d7971943aa891e5375218dfa2734e564608e8a7879fe64baf7d2fcad0b73
.dll windows x86

1a6a23618e93fcaf7698781ebc6777b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

srand
rand
malloc
wcslen
_adjust_fdiv
_initterm
free

ntdll

RtlInitUnicodeString
RtlSetEnvironmentVariable

kernel32

SetEvent
WriteFile
CreateProcessW
DuplicateHandle
GetCurrentProcess
CreatePipe
FlushFileBuffers
UnregisterWaitEx
RegisterWaitForSingleObject
CreateEventW
DeleteTimerQueueTimer
InterlockedExchange
Sleep
InterlockedExchangeAdd
CreateTimerQueueTimer
MulDiv
OpenEventW
FindCloseChangeNotification
FindNextChangeNotification
InterlockedIncrement
FindFirstChangeNotificationW
LocalAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CloseHandle
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetLastError
LocalFree
InterlockedDecrement
QueueUserWorkItem

advapi32

SetSecurityDescriptorDacl
GetTokenInformation
ConvertSidToStringSidW
AllocateAndInitializeSid
FreeSid
CreateProcessAsUserW
RegDeleteKeyW
DuplicateTokenEx
RegOpenKeyExW
GetLengthSid
InitializeAcl
AddAccessAllowedAceEx
AddAccessDeniedAceEx
InitializeSecurityDescriptor
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
TraceMessage
RegQueryValueExW
UnregisterTraceGuids

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock
UnregisterGPNotification
RegisterGPNotification
ord149

Exports

Exports

WlDimsLock
WlDimsLogoff
WlDimsLogon
WlDimsShutdown
WlDimsStartShell
WlDimsStartup
WlDimsUnlock

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a6a23618e93fcaf7698781ebc6777b5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

advapi32

netapi32

userenv

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 14KB

.data Size: 60KB - Virtual size: 61KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 15KB - Virtual size: 14KB

.data
Size: 60KB - Virtual size: 61KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1KB - Virtual size: 1KB