7a26b4ff75592adc240c5c865b22c77c2877d7d218f31f8985f79d1c75162d1a

Sharing

Copy URL Twitter E-mail

General

Target

7a26b4ff75592adc240c5c865b22c77c2877d7d218f31f8985f79d1c75162d1a
Size

878KB
MD5

938c3857e42fcb8278faf06ab0e4db90
SHA1

f3f990c94e1f26e4c0b780e27399f5877ecea97f
SHA256

7a26b4ff75592adc240c5c865b22c77c2877d7d218f31f8985f79d1c75162d1a
SHA512

0619c8dcacbf8958f73dcd41a946b2233747ef7d6336f483b4d04d5c16e91371739964f6ea84bcaf2a6defdb478c472fdc8b84cd89503965410141cfc2b62933
SSDEEP

12288:/XRFXi6fWGEmflEbq6s2kgfDCRpumxZ1ZpKxGNN/Wu90WU9kLLlCWxeoPiMyxxm0:/hFXiEWy+s2kgspDzeQPU9kXbq7xb

Score

N/A

Malware Config

Signatures

Files

7a26b4ff75592adc240c5c865b22c77c2877d7d218f31f8985f79d1c75162d1a
.exe windows x86

b2c94ec1ae748e50ba86bc07daa2e19e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DebugBreakProcess
SetTapePosition
FindNextFileA
DeleteVolumeMountPointA
SetTapeParameters
GetWindowsDirectoryW
WriteConsoleInputVDMA
WritePrivateProfileStructW
CreateSemaphoreA
GetCompressedFileSizeA
FreeUserPhysicalPages
GetPriorityClass
SetConsoleActiveScreenBuffer
LoadLibraryA
GetThreadContext
GetDefaultCommConfigA
GetCPInfo
SetCalendarInfoA
DebugSetProcessKillOnExit
GetLocaleInfoA
FoldStringW
SetFilePointer
GetConsoleAliasExesLengthA

cfgmgr32

CM_Get_Next_Log_Conf_Ex
CM_Set_DevNode_Problem_Ex
CM_Get_Device_ID_List_SizeA
CM_Query_Remove_SubTree_Ex
CM_Free_Res_Des_Ex
CMP_RegisterNotification
CM_Enumerate_Enumerators_ExW
CM_Get_Device_ID_Size
CM_Set_HW_Prof_Ex
CM_Delete_Range
CM_Disable_DevNode_Ex
CM_Get_Class_Key_NameW
CM_Get_Device_IDA
CM_Invert_Range_List
CM_Register_Device_Interface_ExW
CM_Modify_Res_Des_Ex
CM_Get_Device_ID_List_SizeW
CM_Request_Eject_PC_Ex
CM_Open_Class_KeyA
CM_Get_Sibling_Ex
CM_Uninstall_DevNode
CM_Get_Device_Interface_Alias_ExA
CM_Request_Eject_PC
CM_Get_Res_Des_Data_Size_Ex

ntdll

strlen
RtlMultiByteToUnicodeN
NtAssignProcessToJobObject
RtlIntegerToChar
NtYieldExecution
RtlImpersonateSelf
RtlValidSecurityDescriptor
ZwAlertThread
LdrDisableThreadCalloutsForDll
RtlPrefixUnicodeString
RtlEqualLuid
ZwQueryAttributesFile
NtQueryValueKey
RtlIsValidHandle
RtlNormalizeProcessParams
NtQueryIoCompletion
NtOpenProcessToken
RtlEqualString

comdlg32

ReplaceTextW
ChooseColorW
GetSaveFileNameW
GetOpenFileNameA
ChooseFontW
dwOKSubclass
PrintDlgA
Ssync_ANSI_UNICODE_Struct_For_WOW
PrintDlgExA
PageSetupDlgA
PrintDlgExW
LoadAlterBitmap
GetOpenFileNameW
GetFileTitleA
dwLBSubclass
FindTextA
ChooseFontA
GetSaveFileNameA
CommDlgExtendedError
FindTextW
GetFileTitleW

samlib

SamRemoveMultipleMembersFromAlias
SamSetInformationAlias
SamCreateUserInDomain
SamLookupIdsInDomain
SamSetInformationUser
SamOpenUser
SamChangePasswordUser3
SamSetInformationDomain
SamSetSecurityObject
SamOpenDomain
SamEnumerateDomainsInSamServer
SamAddMemberToAlias
SamDeleteGroup
SamGetAliasMembership
SamiOemChangePasswordUser2

wldap32

ldap_startup
ldap_search_sW
ldap_dn2ufnA
ldap_modrdn2_sW
ldap_openA
ldap_escape_filter_elementA
ber_peek_tag
ldap_modrdn2W
ldap_add_ext_s
ldap_sslinitA
ldap_delete_ext_sA
ldap_modrdn_sW
ldap_modify_ext_sW
ldap_search_init_pageW

Sections

.text
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 174KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b2c94ec1ae748e50ba86bc07daa2e19e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cfgmgr32

ntdll

comdlg32

samlib

wldap32

Sections

.text Size: 412KB - Virtual size: 411KB

.rdata Size: 167KB - Virtual size: 167KB

.data Size: 174KB - Virtual size: 1.6MB

.rsrc Size: 122KB - Virtual size: 121KB

.reloc Size: 1024B - Virtual size: 948B

.text
Size: 412KB - Virtual size: 411KB

.rdata
Size: 167KB - Virtual size: 167KB

.data
Size: 174KB - Virtual size: 1.6MB

.rsrc
Size: 122KB - Virtual size: 121KB

.reloc
Size: 1024B - Virtual size: 948B