724f51be03c3141a2d722ecdba017409728394bf9765beafc98e7757d1309c0b

Sharing

Copy URL

Twitter E-mail

General

Target

724f51be03c3141a2d722ecdba017409728394bf9765beafc98e7757d1309c0b
Size

420KB
MD5

932fc043d6d707715b4cf6144ae8a8c0
SHA1

d48685cb91cdfdbf22c59284d09362745d804c70
SHA256

724f51be03c3141a2d722ecdba017409728394bf9765beafc98e7757d1309c0b
SHA512

4f4b3a32409b1a9e2103f811e1c14de4f7577fe58a53380ec82bd4d212fbd2e6aa1629d4e3d433e678dbcb35ca2e90e3ee897a6aa5da772ccb6ef066f8bebd7e
SSDEEP

3072:zvCVt5SHyWT/hVD918cBzEH0P00z3rlcCxrTw/xL22DmKjyOWLitgHC/aR1br4kI:rCcH/VNlxwJmKduEmJKBcfTQNmCt/vx

Score

N/A

Malware Config

Signatures

Files

724f51be03c3141a2d722ecdba017409728394bf9765beafc98e7757d1309c0b
.dll windows x86

78f39db2dbb85d4b13c2aad927ab8f4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

BuildSecurityDescriptorA
ElfRegisterEventSourceA
I_ScSetServiceBitsW
RegCloseKey
RegOpenKeyExA
RegOpenUserClassesRoot
RegQueryValueExA
SetEntriesInAuditListA
SystemFunction021
AddUsersToEncryptedFile
ControlService
EncryptionDisable
GetEffectiveRightsFromAclA
GetEventLogInformation
OpenBackupEventLogW
ReadEventLogW
RegOpenKeyA
RegOpenKeyExW
RegSetValueExW
StartServiceA
SystemFunction025
IsTextUnicode
RegQueryValueExW

kernel32

FormatMessageA
GetComputerNameA
GetModuleHandleA
GetProcAddress
GlobalGetAtomNameA
HeapWalk
LoadLibraryA
LocalAlloc
LocalFree
SetEnvironmentVariableA
Sleep
_lopen
lstrlenW
DisableThreadLibraryCalls
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryW
QueryPerformanceCounter
VirtualAlloc
CloseHandle
CreateEventA
CreateThread
EnumDateFormatsExW
EnumSystemCodePagesW
FreeLibraryAndExitThread
GetConsoleAliasExesW
GetLongPathNameW
GetOverlappedResult
GetSystemDirectoryA
GetVolumeNameForVolumeMountPointW
HeapDestroy
InterlockedDecrement
InterlockedIncrement
QueueUserWorkItem
SetHandleCount
SetWaitableTimer
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
AddAtomW
CompareStringW
CreateFileA
CreateMutexA
CreateMutexW
CreateProcessA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetCurrentProcess
GetFileAttributesA
GetFileAttributesW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcessHeap
GetVersion
InterlockedCompareExchange
InterlockedExchange
IsDebuggerPresent
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
PostQueuedCompletionStatus
SetFileApisToOEM
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
LCMapStringA
GetLastError
LCMapStringW
GetDriveTypeA
GetFullPathNameA
RtlUnwind
ExitProcess
GetFullPathNameW
GetCPInfo
GetLocalTime
SetLocalTime
GetConsoleCP
ReadConsoleInputA
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
DuplicateHandle
FindFirstFileW
FindNextFileW
DeleteFileW
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetFileType
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetCurrentDirectoryA
SetCurrentDirectoryA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetTimeZoneInformation
WriteFile
GetStdHandle
SetConsoleCtrlHandler
InitializeCriticalSection
GetExitCodeProcess
RaiseException
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStartupInfoA
CreatePipe
SetStdHandle
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
CompareStringA
SetFilePointer
SetEndOfFile
ReadFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
HeapReAlloc
HeapSize
GetLocaleInfoW
CreateProcessW
FlushFileBuffers
SetEnvironmentVariableW

rpcrt4

NdrFixedArrayMemorySize
NdrStubInitializeMarshall
NdrVaryingArrayMarshall
UuidCreate
CStdStubBuffer_Invoke
NdrComplexArrayMarshall
NdrMesTypeAlignSize
RpcMgmtEpEltInqNextA
NDRSContextUnmarshall2
NdrProxyInitialize
RpcServerUseProtseqEpExA

shell32

RealShellExecuteA
SHLoadInProc
ShellExecuteExA

Exports

Exports

dsdpi

Sections

.text
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78f39db2dbb85d4b13c2aad927ab8f4e

Headers

File Characteristics

Imports

advapi32

kernel32

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 301KB

.rdata Size: 48KB - Virtual size: 46KB

.data Size: 48KB - Virtual size: 58KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 304KB - Virtual size: 301KB

.rdata
Size: 48KB - Virtual size: 46KB

.data
Size: 48KB - Virtual size: 58KB

.reloc
Size: 16KB - Virtual size: 12KB