668bd97b607bb27e7f2016c63b2bd693a7485b7fa7e5efa78c764d05ff377611

Sharing

Copy URL Twitter E-mail

General

Target

668bd97b607bb27e7f2016c63b2bd693a7485b7fa7e5efa78c764d05ff377611
Size

152KB
MD5

92b281aefc4b2a4da946f2672b6e6eb0
SHA1

36cd4993fce6e792f658875fef649723a712edaa
SHA256

668bd97b607bb27e7f2016c63b2bd693a7485b7fa7e5efa78c764d05ff377611
SHA512

55d9db6796093923aae4642660a099e0bc89277a9b233c880574c0d4d8e626bdeaf1fed45fb990eaff8a7890d8b0b5839a47b0e4418058082b4c9ecc5df77f17
SSDEEP

3072:RszfZxPBLIwFiPiSM9fhoLTXp1OV1KDhOtOadelL1fOOLNctqCDWYUxtHSZRn2F9:kxnLDiPib559Tc1XoAIJg0mB6zZAd

Score

N/A

Malware Config

Signatures

Files

668bd97b607bb27e7f2016c63b2bd693a7485b7fa7e5efa78c764d05ff377611
.exe windows x86

01c7ec59042d4880bec26eaf00bfddc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountSidW
ConvertStringSidToSidW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
LsaClose
LsaFreeMemory
LookupPrivilegeDisplayNameW
LsaEnumerateAccountRights
LsaNtStatusToWinError
LsaOpenPolicy

kernel32

SetLastError
lstrlenW
WriteConsoleW
SetConsoleCursorPosition
LocalFree
CreateMutexW
GetLastError
OpenMutexW
GetFileAttributesExW
SetThreadPreferredUILanguages
InterlockedIncrement
LocalAlloc
FormatMessageW
InterlockedDecrement
GetComputerNameW
GetTimeFormatW
GetDateFormatW
GetLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
ReleaseMutex
WaitForSingleObject
GetComputerNameExW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetConsoleOutputCP
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
SetConsoleMode
ReadFile
ReadConsoleW
HeapReAlloc
HeapFree
HeapSize
HeapAlloc
GetProcessHeap
HeapValidate
WideCharToMultiByte
MultiByteToWideChar
CompareStringA
GetThreadLocale
CompareStringW
lstrlenA
GetUserDefaultLCID
GetFileType
GetConsoleMode
VerSetConditionMask
VerifyVersionInfoW
FindNLSString
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetConsoleScreenBufferInfo
CloseHandle
InterlockedExchange
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep

msvcrt

wcstod
wcsstr
wcschr
_fileno
wcstol
fflush
fprintf
wcstoul
_controlfp
_except_handler4_common
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_CxxThrowException
wcstok
_vsnwprintf
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp
??_U@YAPAXI@Z
??_V@YAXPAX@Z
memset
__CxxFrameHandler3
__iob_func
_get_osfhandle
_errno
strtok

user32

wsprintfW
LoadStringW
CharUpperW

mpr

WNetAddConnection2W
WNetCancelConnection2W
WNetGetLastErrorW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysAllocStringByteLen
SafeArrayGetElement
SysAllocString
SysStringLen
VariantChangeType
VariantClear
VariantCopy
VariantInit

secur32

GetComputerObjectNameW
GetUserNameExW
TranslateNameW

ws2_32

WSACleanup
gethostbyaddr
inet_addr
WSAGetLastError
WSAStartup

netapi32

DsGetDcNameW
NetApiBufferFree
NetServerGetInfo

framedynos

??YCHString@@QAEABV0@PBG@Z
??0CHString@@QAE@PBG@Z
?Format@CHString@@QAAXPBGZZ
?Mid@CHString@@QBE?AV1@HH@Z
??YCHString@@QAEABV0@ABV0@@Z
??H@YG?AVCHString@@PBGABV0@@Z
?AllocSysString@CHString@@QBEPAGXZ
?Find@CHString@@QBEHPBG@Z
??0CHString@@QAE@ABV0@@Z
?MakeLower@CHString@@QAEXXZ
?SetAt@CHString@@QAEXHG@Z
??H@YG?AVCHString@@ABV0@PBG@Z
??H@YG?AVCHString@@ABV0@0@Z
?GetBuffer@CHString@@QAEPAGH@Z
??0CHString@@QAE@PBD@Z
?Left@CHString@@QBE?AV1@H@Z
?FindOneOf@CHString@@QBEHPBG@Z
?Find@CHString@@QBEHG@Z
?Mid@CHString@@QBE?AV1@H@Z
??4CHString@@QAEABV0@ABV0@@Z
?GetBufferSetLength@CHString@@QAEPAGH@Z
?ReleaseBuffer@CHString@@QAEXH@Z
?Compare@CHString@@QBEHPBG@Z
?Empty@CHString@@QAEXXZ
??4CHString@@QAEABV0@PBG@Z
??0CHString@@QAE@XZ
?GetData@CHString@@IBEPAUCHStringData@@XZ
??1CHString@@QAE@XZ

ntdsapi

DsFreeNameResultW
DsCrackNamesW
DsBindWithCredW
DsUnBindW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

slc

SLGetWindowsInformationDWORD

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xyeergp
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01c7ec59042d4880bec26eaf00bfddc8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

mpr

ole32

oleaut32

secur32

ws2_32

netapi32

framedynos

ntdsapi

version

slc

Sections

.text Size: 115KB - Virtual size: 115KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 32KB - Virtual size: 33KB

xyeergp Size: - Virtual size: 4KB

.text
Size: 115KB - Virtual size: 115KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 32KB - Virtual size: 33KB

xyeergp
Size: - Virtual size: 4KB