98de8518ac321f7fe47e97ed14861f95ddb744ce21079ec81a74fb6d09440dee

Sharing

Copy URL Twitter E-mail

General

Target

98de8518ac321f7fe47e97ed14861f95ddb744ce21079ec81a74fb6d09440dee
Size

336KB
MD5

82b029a05d4c8ee5230b7b1921695bb9
SHA1

29fd750469daaee181a915bd5b2cc9857e6a8126
SHA256

98de8518ac321f7fe47e97ed14861f95ddb744ce21079ec81a74fb6d09440dee
SHA512

55b37f641c378be1dec87609cedd254c5d9b045dfb391f7432090da3ab19f015b899aa1068322712aa974c08208c872c9d2df84b50bba27645abb0afd05f2c7d
SSDEEP

6144:5KYj3NAilJ0/cmjUNCwiz+jdMBIH3FXH3nXH3nr9:f3NAi/0/ceeiz+jyIH3FXH3nXH3n

Score

N/A

Malware Config

Signatures

Files

98de8518ac321f7fe47e97ed14861f95ddb744ce21079ec81a74fb6d09440dee
.exe windows x86

669877872fcb400dee1ec1a2b6f80a5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
RegCloseKey
RegSetKeySecurity
EqualSid
GetAce
GetAclInformation
GetSecurityDescriptorDacl
AllocateAndInitializeSid
RegGetKeySecurity
RegOpenKeyExA
SystemFunction025
SystemFunction027
RegQueryValueExA
RegQueryValueExW
RegConnectRegistryW
RegSetValueExA
AbortSystemShutdownA
InitiateSystemShutdownExA
CryptAcquireContextW

kernel32

CreateThread
CreateEventW
SetMailslotInfo
GetComputerNameW
InitializeCriticalSection
Sleep
LocalFree
GetModuleHandleW
LeaveCriticalSection
SetThreadUILanguage
GetConsoleOutputCP
GetProcessHeap
HeapAlloc
SetEvent
HeapFree
lstrlenA
CreateMailslotA
CreateFileW
WriteFile
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
InterlockedExchange
CloseHandle
DeleteCriticalSection
ReadFile
GetLastError
EnterCriticalSection
GetLocalTime
GetOverlappedResult
WaitForMultipleObjects
WaitForSingleObject
GetStdHandle

msvcrt

?terminate@@YAXXZ
_controlfp
free
isleadbyte
_iob
_snprintf
_itoa
printf
_wsetlocale
_vsnwprintf
time
srand
wctomb
rand
memcpy
strchr
iswctype
strtol
strtoul
_strnicmp
_stricmp
fprintf
__iob_func
_errno
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
malloc
fwprintf
memmove
memset
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs

ntdsapi

DsBindW
DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW
DsUnBindW

logoncli

DsGetForestTrustInformationW
DsGetDcNameWithAccountW
I_NetLogonControl
I_NetLogonControl2
NetLogonGetTimeServiceParentDomain
NetGetDCName
I_NetGetDCList
DsEnumerateDomainTrustsA
DsGetDcNameW
DsAddressToSiteNamesExA
DsGetDcNameA
DsGetDcSiteCoverageA
DsGetSiteNameA
I_NetlogonComputeServerDigest
DsDeregisterDnsHostRecordsA
DsGetDcOpenA
DsGetDcNextA
DsGetDcCloseW
I_NetlogonGetTrustRid
I_NetlogonComputeClientDigest

rpcrt4

RpcStringFreeW
UuidToStringW
RpcStringFreeA
UuidToStringA
UuidFromStringA

ws2_32

htonl
ntohs
WSAStartup
WSACleanup
getaddrinfo
WSAAddressToStringA
freeaddrinfo
WSAStringToAddressA
WSAGetLastError

ntdll

RtlInitAnsiString
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlxUnicodeStringToOemSize
RtlUpcaseUnicodeStringToOemString
RtlInitString
NlsMbOemCodePageTag
RtlOemStringToUnicodeString
RtlLengthSid
RtlUnwind
RtlSystemTimeToLocalTime
RtlTimeToTimeFields
RtlConvertSidToUnicodeString
RtlFreeUnicodeString

netutils

NetApiBufferAllocate
NetApiBufferFree
NetpwNameCompare

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptDecrypt
BCryptDestroyHash

user32

LoadStringW

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 56KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

669877872fcb400dee1ec1a2b6f80a5b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdsapi

logoncli

rpcrt4

ws2_32

ntdll

netutils

bcrypt

user32

Sections

.text Size: 242KB - Virtual size: 242KB

.data Size: 56KB - Virtual size: 93KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 35KB - Virtual size: 38KB

.text
Size: 242KB - Virtual size: 242KB

.data
Size: 56KB - Virtual size: 93KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 35KB - Virtual size: 38KB