842ce316df5ab009e37a71474a3b2b1491fee1dbf1db654a59d32bbbe43428ad

Sharing

Copy URL Twitter E-mail

General

Target

842ce316df5ab009e37a71474a3b2b1491fee1dbf1db654a59d32bbbe43428ad
Size

94KB
MD5

a2b46b37e0f5460a27bd80e201a6b000
SHA1

024c8c8cd92b2c5dff2134b41441110c8320b527
SHA256

842ce316df5ab009e37a71474a3b2b1491fee1dbf1db654a59d32bbbe43428ad
SHA512

67af629198f2ea3d2bfd64150b02aa7c492a289b12872976bafa476faf31abfcfdb7b13600df358e2ea343d34a24645c78f71058af33d2e20a88a9e534bc2d3d
SSDEEP

1536:vWH2/rrs2gq3yQlEQiFXKREc7Mom5dFmEO+OKXQqKIMk:vWYvzfEQiFXKREbdFmEO+OoPKh

Score

N/A

Malware Config

Signatures

Files

842ce316df5ab009e37a71474a3b2b1491fee1dbf1db654a59d32bbbe43428ad
.exe windows x86

c16f1f1004b979a76a5917f12197f705

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
EventRegister
EventUnregister
EventWrite
EventEnabled
RegOpenKeyW
LsaGetUserName
EventWriteEndScenario
EventWriteStartScenario
EventActivityIdControl
CheckTokenMembership
RevertToSelf
ImpersonateLoggedOnUser
EqualSid
GetTokenInformation
SetNamedSecurityInfoW
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
ConvertStringSecurityDescriptorToSecurityDescriptorW
DeregisterEventSource
RegisterEventSourceW
RegEnumValueW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegQueryValueExA
QueryTraceW
EnableTrace
ControlTraceW
StartTraceW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
NotifyServiceStatusChangeW
CloseServiceHandle
NotifyBootConfigStatus
OpenProcessToken
CreateWellKnownSid
LookupAccountSidW
RegDeleteTreeW
CreateProcessAsUserW
DuplicateTokenEx
I_ScSendTSMessage
ReportEventW

kernel32

HeapAlloc
HeapFree
WaitForSingleObjectEx
ResetEvent
CreateEventW
Sleep
SetThreadExecutionState
MoveFileExW
DeleteFileW
GetSystemDirectoryW
GetCurrentProcessId
SleepEx
CreateThread
InterlockedExchange
CreateProcessW
HeapDestroy
FindClose
FindFirstFileW
GetWindowsDirectoryW
GetTickCount
SetErrorMode
CreateTimerQueueTimer
SetEvent
HeapSetInformation
QueueUserWorkItem
DeleteTimerQueueTimer
GetVersionExW
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
LockResource
LoadResource
FindResourceExW
ExpandEnvironmentStringsW
lstrlenW
SetLastError
LocalFree
CreateDirectoryW
ReadFile
LocalAlloc
CreateFileW
GetShortPathNameW
lstrcmpiW
FindVolumeClose
FindNextVolumeW
GetDriveTypeW
FindFirstVolumeW
LocalReAlloc
LocalSize
InterlockedCompareExchange
LoadLibraryA
SetUnhandledExceptionFilter
GetStartupInfoA
DelayLoadFailureHook
HeapCreate
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetProcessHeap
ResumeThread
CreateRemoteThread
GetModuleHandleW
OpenProcess
SetTimerQueueTimer
GetFileAttributesW
LoadLibraryW
GetProcAddress
FreeLibrary
GetComputerNameW
SetEnvironmentVariableW
GetLastError
GetCurrentProcess
SetPriorityClass
GetCurrentThread
SetThreadPriority
GetExitCodeProcess
CloseHandle
WaitForMultipleObjectsEx
WaitForSingleObject
GetModuleHandleA

user32

GetAsyncKeyState
RecordShutdownReason
UnhookWindowsHookEx
SwitchDesktopWithFade
SetThreadDesktop
UpdatePerUserSystemParameters
LoadLocalFonts
SetWindowStationUser
SwitchDesktop
SetUserObjectSecurity
SetWindowsHookExW
CloseWindowStation
CloseDesktop
CreateDesktopW
SetProcessWindowStation
CreateWindowStationW
RegisterLogonProcess
ExitWindowsEx

msvcrt

_vsnwprintf
_wcsicmp
memcpy
memmove
wcschr
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?terminate@@YAXXZ
_controlfp
memset
wcsstr

ntdll

NtCreatePagingFile
NtShutdownSystem
RtlDeregisterWaitEx
NtOpenProcessToken
RtlRemovePrivileges
NtClose
RtlDosPathNameToNtPathName_U
NtReplyPort
NtCompleteConnectPort
NtReplyWaitReceivePort
NtAcceptConnectPort
NtCreatePort
NtAllocateLocallyUniqueId
RtlFreeSid
RtlSetSaclSecurityDescriptor
RtlAddMandatoryAce
RtlCreateAcl
RtlInitUnicodeString
NtQueryInformationProcess
RtlGetDaclSecurityDescriptor
RtlCopySid
RtlLengthSid
RtlSetDaclSecurityDescriptor
RtlAddAce
TpSimpleTryPost
RtlUnhandledExceptionFilter
NtQuerySystemInformation
RtlNtStatusToDosError
RtlRegisterWait
RtlDestroyEnvironment
NtSetValueKey
NtCreateKey
RtlSetThreadIsCritical
RtlSetProcessIsCritical
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlCompareUnicodeString
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
NtOpenThreadToken
RtlAllocateAndInitializeSid
RtlInitializeCriticalSection
NtQueryInformationToken
RtlSetEnvironmentVariable
RtlQueryEnvironmentVariable_U
RtlInitUnicodeStringEx
RtlCreateEnvironment
NtCreateEvent
RtlAdjustPrivilege
NtSystemDebugControl
DbgBreakPoint
RtlCreateSecurityDescriptor
RtlFreeHeap

rpcrt4

RpcServerRegisterIfEx
RpcServerListen
RpcServerInqCallAttributesW
RpcImpersonateClient
RpcRevertToSelf
RpcBindingServerFromClient
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcBindingFree
RpcServerUseProtseqW
RpcServerInqDefaultPrincNameW
NdrServerCall2
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
RpcStringBindingComposeW
RpcMgmtIsServerListening
NdrClientCall2
RpcBindingUnbind
RpcAsyncCompleteCall
RpcAsyncCancelCall
RpcAsyncInitializeHandle
RpcBindingBind
RpcBindingCreateW
RpcBindingCopy
NdrAsyncClientCall
I_RpcBindingIsClientLocal
RpcAsyncAbortCall
RpcServerTestCancel
NdrAsyncServerCall
RpcServerUseProtseqEpW
RpcServerRegisterAuthInfoW
RpcStringFreeW
RpcServerInqBindings
UuidFromStringW
RpcEpRegisterW
RpcServerUnregisterIf
RpcEpUnregister
RpcBindingVectorFree

userenv

GetAllUsersProfileDirectoryW
ord205
ord204
GetUserProfileDirectoryW

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c16f1f1004b979a76a5917f12197f705

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ntdll

rpcrt4

userenv

Sections

.text Size: 80KB - Virtual size: 79KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 5KB