22f241d5191c1d97f1f68cfbad245bc9a1b14b3b7d462087f66ed7ef9bbf5625

General

Target

22f241d5191c1d97f1f68cfbad245bc9a1b14b3b7d462087f66ed7ef9bbf5625
Size

11KB
MD5

8437648d6765f9ec6c3eb876ccf3bb80
SHA1

34fcd6fbec108310efd0db83f1f110c980388a46
SHA256

22f241d5191c1d97f1f68cfbad245bc9a1b14b3b7d462087f66ed7ef9bbf5625
SHA512

e5afa4a07c93d2d0f4606d4411c58234afbc1777f87dd053c7142b4c9bff464e14e379ad0c4e1e20de52bd315394cb0bc3c686522b8da3e76d2912355e6f68e3
SSDEEP

192:hD5jgOtuVwaqFNvWVTWsP5SfY+kWPjwD3ZtbtCNTamVWKo8XLWU:hD9TtuOaeNvOTWTYMPj237J+3VWKrXLW

Score

N/A

Malware Config

Signatures

Files

22f241d5191c1d97f1f68cfbad245bc9a1b14b3b7d462087f66ed7ef9bbf5625
.dll windows x64

c1f6467a62727e77dcf16cf666bd3151

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ImpersonateSelf
AllocateAndInitializeSid
RevertToSelf
FreeSid
CheckTokenMembership
OpenThreadToken

kernel32

SetErrorMode
SetUnhandledExceptionFilter
GetCurrentThread
ExitThread
CloseHandle
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
Sleep
UnhandledExceptionFilter

msvcrt

_cexit
_commode
exit
_exit
_amsg_exit
__setusermatherr
_XcptFilter
__C_specific_handler
__getmainargs
?terminate@@YAXXZ
__set_app_type
_initterm
_fmode

ntdll

RtlCaptureContext
RtlVirtualUnwind
NtCreateEvent
NtSetInformationProcess
NtOpenEvent
RtlAdjustPrivilege
NtClose
RtlUnhandledExceptionFilter
NtRaiseHardError
RtlLockBootStatusData
NtOpenSection
RtlGetSetBootStatusData
RtlSetProcessIsCritical
NtSetEvent
RtlUnlockBootStatusData
RtlLookupFunctionEntry
NtMapViewOfSection

lsasrv

ServiceInit
LsapCheckBootMode
LsapDsInitializePromoteInterface
LsapAuOpenSam
LsaISetupWasRun
LsapInitLsa
LsapDsInitializeDsStateInfo

samsrv

SampDsIsRunning
SamIInitialize

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1f6467a62727e77dcf16cf666bd3151

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

lsasrv

samsrv

Sections

.text Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 512B - Virtual size: 216B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 72B

.text
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 512B - Virtual size: 216B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 72B