c7e4ec71273dae3afd20756fb308d054db44feab785975c349b0762d43e514be

Sharing

Copy URL Twitter E-mail

General

Target

c7e4ec71273dae3afd20756fb308d054db44feab785975c349b0762d43e514be
Size

373KB
MD5

82e40438b3797d9be6cf549042715030
SHA1

9ef75861e21fec8487e303b1033a557f41f525db
SHA256

c7e4ec71273dae3afd20756fb308d054db44feab785975c349b0762d43e514be
SHA512

9a135c0d7dcb5e665d199959b931d830033aa71bf90ca0f60ab93fb5089da92370ae2b6e990399435de77d74b262e9fd4e21f58022cd8671b90131a22b430bf2
SSDEEP

6144:h4pyc4Ryy9V53yR9OEz73A7+wIIDY3ASt0aLgHSppkxJ1g2fuUqc/:k4RdVk2aE7+RIqdt01pgquU

Score

N/A

Malware Config

Signatures

Files

c7e4ec71273dae3afd20756fb308d054db44feab785975c349b0762d43e514be
.dll windows x86

65a5ad0b83dbba5a0978b00b1daebcd5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
memmove
_wtoi
_purecall
memset
ceil
_ftol2
_wcsicmp
towupper
_wcsnicmp
_vsnwprintf
wcschr
malloc
free
_initterm
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_vsnprintf
_ultow
wcscpy_s
_XcptFilter

rpcrt4

RpcErrorStartEnumeration
RpcBindingFree
RpcBindingReset
RpcBindingCopy
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
UuidCreate
RpcAsyncInitializeHandle
RpcRevertToSelfEx
RpcImpersonateClient
I_RpcBindingInqTransportType
I_RpcBindingInqLocalClientPID
RpcBindingSetOption
I_RpcBindingInqMarshalledTargetInfo
I_RpcBindingInqWireIdForSnego
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcStringFreeW
RpcBindingVectorFree
RpcServerInqBindings
RpcServerRegisterAuthInfoW
RpcBindingFromStringBindingW
RpcAsyncCancelCall
RpcBindingUnbind
RpcBindingBind
RpcBindingCreateW
RpcBindingSetObject
RpcBindingServerFromClient
RpcMgmtEnableIdleCleanup
I_RpcFilterDCOMActivation
RpcRevertToSelf
RpcStringBindingComposeW
NdrServerCall2
RpcRaiseException
I_RpcExceptionFilter
NdrClientCall2
NdrAsyncClientCall
NdrAsyncServerCall
MesEncodeFixedBufferHandleCreate
RpcMgmtIsServerListening
RpcServerListen
RpcMgmtSetServerStackSize
RpcServerUseProtseqEpExW
MesHandleFree
MesDecodeBufferHandleCreate
NdrMesTypeAlignSize2
NdrMesTypeEncode2
NdrMesTypeDecode2
RpcErrorSaveErrorInfo
RpcErrorGetNextRecord
RpcErrorResetEnumeration
RpcErrorEndEnumeration
RpcServerRegisterIfEx

ntdll

NtClose
RtlAllocateAndInitializeSid
WinSqmSetDWORD
RtlGetSaclSecurityDescriptor
RtlLengthSid
RtlCopySid
NtOpenKey
NtQueryKey
RtlNtStatusToDosError
NtQueryInformationFile
RtlInitializeCriticalSectionAndSpinCount
NtQuerySystemInformation
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
NtQueryInformationToken
NtCompareTokens
RtlEqualSid
RtlDeleteCriticalSection
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
RtlInitUnicodeString
RtlEqualUnicodeString
NtOpenFile
RtlFreeUnicodeString
RtlCreateUnicodeString
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
NtAllocateLocallyUniqueId
NtDuplicateToken
RtlInitializeCriticalSection
EtwTraceMessage
NtQueryMutant
RtlCreateVirtualAccountSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl

api-ms-win-core-localregistry-l1-1-0

RegQueryValueExW
RegOpenUserClassesRoot
RegEnumValueW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegLoadMUIStringW
RegGetValueW
RegSetValueExW
RegCloseKey
RegOpenKeyExW

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
IsValidSecurityDescriptor
ImpersonateAnonymousToken
RevertToSelf
GetSidSubAuthority
EqualSid
CopySid
GetSidLengthRequired
InitializeSid
GetTokenInformation
IsValidSid
CreateWellKnownSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorLength
AccessCheck
SetTokenInformation
DuplicateTokenEx
CheckTokenMembership
ImpersonateLoggedOnUser
DuplicateToken
GetAce

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-management-l1-1-0

CloseServiceHandle
StartServiceW
OpenSCManagerW
OpenServiceW

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

sspicli

LogonUserExExW
EnumerateSecurityPackagesW
FreeContextBuffer

kernel32

MapViewOfFile
InitializeCriticalSectionAndSpinCount
OpenFileMappingW
TlsGetValue
InitializeSListHead
InterlockedPopEntrySList
UnmapViewOfFile
CreateFileMappingW
SearchPathW
SetLastError
GetSystemDirectoryW
GetSystemWow64DirectoryW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseActCtx
FindActCtxSectionGuid
FindActCtxSectionStringW
LoadLibraryExW
AddRefActCtx
OpenEventW
GetComputerNameExW
OpenProcess
InitializeCriticalSection
TlsSetValue
GetDriveTypeW
GetVersionExW
ExpandEnvironmentStringsW
WaitForMultipleObjects
CompareFileTime
GetExitCodeProcess
GetModuleHandleExW
MapViewOfFileEx
CheckElevationEnabled
CreateMutexW
GetProcessIdOfThread
OpenThread
GetFullPathNameW
SetThreadpoolWait
CreateThreadpoolWait
CloseThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
CreateThreadpool
FindClose
FindFirstFileW
ReleaseMutex
UnregisterWait
InterlockedCompareExchange64
EnterCriticalSection
IsWow64Process
HeapFree
HeapAlloc
GetProcessHeap
lstrcmpW
GetLastError
GetSystemInfo
Sleep
TlsAlloc
DelayLoadFailureHook
GetProcAddress
FreeLibrary
InterlockedCompareExchange
LoadLibraryExA
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualProtect
VirtualAlloc
GetModuleHandleW
VirtualQuery
GetVersion
SleepEx
InterlockedIncrement
InterlockedDecrement
DeleteTimerQueueTimer
CreateTimerQueueTimer
CloseHandle
CreateThread
LocalFree
LocalAlloc
RegisterWaitForSingleObject
lstrlenW
CreateEventW
LeaveCriticalSection
InterlockedPushEntrySList
SetEvent
WaitForSingleObject
QueueUserWorkItem
DuplicateHandle
CompareStringW
GetCurrentThread
InterlockedExchangeAdd
GetModuleFileNameW
DeleteCriticalSection

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
ServiceMain
WhichService

Sections

.text
Size: 346KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65a5ad0b83dbba5a0978b00b1daebcd5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-security-sddl-l1-1-0

sspicli

kernel32

Exports

Exports

Sections

.text Size: 346KB - Virtual size: 344KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 346KB - Virtual size: 344KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 19KB - Virtual size: 18KB