75a0706927b2c03b34aa285048787016aff8e6905ff27407b9ee1b5a3761f1e6

Sharing

Copy URL Twitter E-mail

General

Target

75a0706927b2c03b34aa285048787016aff8e6905ff27407b9ee1b5a3761f1e6
Size

275KB
MD5

559fb9a8918d7d0684030ada5a95e7d0
SHA1

654c5bb914f220d3edcea9657cacb6c4adac0624
SHA256

75a0706927b2c03b34aa285048787016aff8e6905ff27407b9ee1b5a3761f1e6
SHA512

f7cfe6c118f5358fd20368182a0444f4e52c76c1bada5dabd549af119351837bd266384f76ff33b5fa292a3c84b5e9c40aceae0bf09fd26367f59de74744dad8
SSDEEP

6144:GOq8I6zAq+2WPwXsryURWEJ0oXyB0OQnefy4kTf49ltQTeTejJzIU:Eu5O48OnEJ0oo0dn0kTgDaTe6jP

Score

N/A

Malware Config

Signatures

Files

75a0706927b2c03b34aa285048787016aff8e6905ff27407b9ee1b5a3761f1e6
.exe windows x86

811f22812b980797906d280e2590ce96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_initterm
_except_handler3
wcschr
memchr
_stricmp
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
_XcptFilter
towlower
??2@YAPAXI@Z
__initenv
malloc
strchr
calloc
sprintf
_wcsnicmp
_snwprintf
strtoul
isdigit
_strcmpi
__p__fmode
??3@YAXPAX@Z
_adjust_fdiv
wcscpy
_cexit
strrchr
_controlfp
wcslen
_snprintf
__getmainargs
toupper
_exit
wcscmp
__setusermatherr
strncpy
wcscat
wcsrchr
_wcsicmp
memmove
wcsncpy
wcsncat
_c_exit
_itoa
free

security

FreeContextBuffer
AcceptSecurityContext
AcquireCredentialsHandleW
QuerySecurityPackageInfoW
FreeCredentialsHandle
ImpersonateSecurityContext
RevertSecurityContext
DeleteSecurityContext

advapi32

LsaClose
GetSidIdentifierAuthority
AllocateAndInitializeSid
CryptReleaseContext
LsaQueryInformationPolicy
InitializeAcl
DuplicateTokenEx
CryptAcquireContextW
LsaOpenPolicy
GetLengthSid
RegQueryValueExA
RegisterEventSourceW
InitializeSecurityDescriptor
OpenProcessToken
GetSidSubAuthority
RegOpenKeyW
RegLoadKeyA
SetSecurityDescriptorDacl
AddAccessAllowedAce
DeregisterEventSource
LookupAccountSidW
GetAce
LogonUserW
RegSetValueExW
FreeSid
CryptGenRandom
CreateProcessAsUserW
RegOpenKeyExW
ReportEventW
OpenThreadToken
RegQueryValueExW
GetSecurityDescriptorLength
AdjustTokenPrivileges
LookupAccountNameW
GetTokenInformation
ImpersonateLoggedOnUser
RegCloseKey
LsaFreeMemory
RegCreateKeyExW
RevertToSelf
GetSidSubAuthorityCount
RegCreateKeyA
LookupPrivilegeValueW
RegOpenKeyExA
MakeSelfRelativeSD
RegSetKeySecurity
IsValidSid
EqualSid

ntdll

RtlSubAuthorityCountSid
RtlInitUnicodeString
DbgPrint
RtlSubAuthoritySid
RtlEqualUnicodeString

kernel32

lstrcatA
GetSystemDirectoryW
SetEnvironmentVariableW
SetConsoleCtrlHandler
WriteFile
CreateFileA
GetLastError
SetConsoleWindowInfo
FormatMessageA
ReadConsoleOutputW
CreateFileW
GetModuleHandleA
GetProcessHeap
GetLocalTime
lstrcpyA
LocalFree
GetProcAddress
GlobalFindAtomW
GetComputerNameW
ReadConsoleOutputA
LoadLibraryW
lstrcpyW
WriteConsoleInputA
GetCurrentProcessId
GlobalAlloc
LoadLibraryExW
DeleteFileA
GetOverlappedResult
SetHandleInformation
ExpandEnvironmentStringsW
ReleaseMutex
GetCurrentProcess
WaitForSingleObject
lstrlenW
GetConsoleScreenBufferInfo
WaitForMultipleObjects
GetSystemTimeAsFileTime
CloseHandle
GetCurrentThread
HeapAlloc
SetUnhandledExceptionFilter
SetLastError
GetConsoleMode
CreateNamedPipeW
FormatMessageW
GetModuleFileNameA
LocalAlloc
ExpandEnvironmentStringsA
SetErrorMode
GlobalFree
GenerateConsoleCtrlEvent
DuplicateHandle
HeapFree
WideCharToMultiByte
GetSystemDirectoryA
ReadFile
QueryPerformanceCounter
GetACP
WriteConsoleInputW
GetStartupInfoA
GetSystemDefaultLCID
CancelIo
IsDBCSLeadByte
OpenProcess
CreateEventW
AllocConsole
WriteConsoleW
GetExitCodeProcess
FreeLibrary
SetEnvironmentVariableA
SetConsoleScreenBufferSize
GetStdHandle
FreeConsole
GetConsoleCP
MultiByteToWideChar
VirtualFree
GetLocaleInfoW

user32

GetProcessWindowStation
MapVirtualKeyW
LoadStringW
CloseWindowStation
SetUserObjectSecurity
CharToOemA
OpenDesktopW
CloseDesktop
wsprintfW
VkKeyScanW

netapi32

NetUserGetInfo
NetApiBufferFree
NetGetAnyDCName

mpr

WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection2W
WNetEnumResourceW
WNetCloseEnum

shell32

SHGetFolderPathW

ws2_32

WSASocketW

psapi

EnumProcesses

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

811f22812b980797906d280e2590ce96

Headers

File Characteristics

Imports

msvcrt

security

advapi32

ntdll

kernel32

user32

netapi32

mpr

shell32

ws2_32

psapi

Sections

.text Size: 121KB - Virtual size: 121KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 58KB - Virtual size: 57KB

.rsrc Size: 78KB - Virtual size: 78KB

.text
Size: 121KB - Virtual size: 121KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 58KB - Virtual size: 57KB

.rsrc
Size: 78KB - Virtual size: 78KB