d217bc03553c17ba0fc64c493951cc420a3a48fb506ff1dadec0f056ffb33753

Sharing

Copy URL Twitter E-mail

General

Target

d217bc03553c17ba0fc64c493951cc420a3a48fb506ff1dadec0f056ffb33753
Size

4.9MB
MD5

06554b7c3ee1752e2cbd338fc7abd9e2
SHA1

64d5a712d7f30ebd1792114ef17f14a19524af80
SHA256

d217bc03553c17ba0fc64c493951cc420a3a48fb506ff1dadec0f056ffb33753
SHA512

07c0772d0f63a74c806769c736c61a2fb389db94ef947207817994bdfc91cfb1a065a81e8ca1f102f876d622f537e72e3fc8026126d0193ff6cb2c1923868f0d
SSDEEP

98304:Ypf+3/59VHgRTboT7ei/HoF2SHpcBsPcb:gwWlcneQHoF2IpOsEb

Score

N/A

Malware Config

Signatures

Files

d217bc03553c17ba0fc64c493951cc420a3a48fb506ff1dadec0f056ffb33753
.exe windows x86

098491521a1b9a4483726cf667edd9ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
RegCloseKey
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
FreeSid
RegDeleteKeyW
RegCreateKeyExW
CheckTokenMembership
AllocateAndInitializeSid
ConvertStringSidToSidW
RegEnumKeyW
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetKeySecurity
RegDeleteValueW
RegSetValueExW
CryptGenRandom
CryptAcquireContextW
CryptReleaseContext
DeregisterEventSource
ReportEventW
RegisterEventSourceW
EqualSid
OpenProcessToken
ConvertSidToStringSidW
LookupAccountNameW
RegEnumKeyExW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptImportKey
CryptSignHashA
CryptVerifySignatureA
CryptExportKey
CryptGenKey
RegOpenKeyW
RegCreateKeyW
GetTokenInformation

kernel32

DeleteTimerQueue
Sleep
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
GetCurrentThreadId
DeleteTimerQueueEx
ReleaseSemaphore
LoadLibraryW
SetThreadPriority
GetThreadPriority
DuplicateHandle
GetCurrentProcess
GetCurrentThread
OpenThread
GetTickCount
ReleaseMutex
CreateSemaphoreW
IsWow64Process
OpenMutexW
CreateMutexW
ExpandEnvironmentStringsW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
SetFileAttributesW
GetFileAttributesW
ChangeTimerQueueTimer
CreateDirectoryW
WriteFile
CreateFileW
GetFileSizeEx
QueueUserWorkItem
ReadFile
GetFileSize
MultiByteToWideChar
OpenProcess
GetCurrentProcessId
UnregisterWaitEx
CompareFileTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
lstrlenW
GetSystemTime
DebugBreak
GetPrivateProfileStringW
lstrcmpiW
GetPrivateProfileSectionW
InitializeCriticalSection
SetLastError
VirtualProtect
VirtualFree
VirtualAlloc
GetLocalTime
MoveFileExW
CopyFileW
FlushFileBuffers
DeleteFileW
SetFilePointer
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetComputerNameW
DeviceIoControl
GetLocaleInfoW
GetSystemDirectoryW
LCMapStringW
WideCharToMultiByte
GetVersionExA
GetVersion
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedExchange
SetEvent
GetModuleHandleExW
GetProcAddress
CreateTimerQueue
CreateTimerQueueTimer
CreateEventW
RegisterWaitForSingleObject
RaiseException
InterlockedDecrement
GetVersionExW
InterlockedIncrement
GetLastError
HeapSetInformation
DeleteTimerQueueTimer
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
LocalFree
LocalAlloc
FreeLibrary
CloseHandle
DecodePointer
EncodePointer
HeapFree
GetProcessHeap
HeapAlloc
GetSystemInfo

msvcrt

srand
_itow
time
rand
malloc
_controlfp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
wcsncmp
_wcsnicmp
wcschr
memmove
swscanf
_wcsicmp
_purecall
sscanf
memcpy
memset
_vsnwprintf
free
_wtof
_wtoi
_ui64tow

rpcrt4

UuidFromStringW
I_RpcMapWin32Status
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcServerListen
RpcServerUnregisterIf
RpcMgmtStopServerListening
I_RpcBindingInqLocalClientPID
RpcServerInqCallAttributesW
RpcRaiseException
RpcStringFreeW
RpcRevertToSelfEx
UuidToStringW
NdrServerCall2
UuidCreate
RpcImpersonateClient

ntdll

RtlUnwind

user32

CharPrevW
CharNextW

ole32

CoInitializeEx
CoUninitialize
CoInitializeSecurity

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 489KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 500KB - Virtual size: 1.6MB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

098491521a1b9a4483726cf667edd9ea

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

rpcrt4

ntdll

user32

ole32

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.data Size: 489KB - Virtual size: 489KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 117KB - Virtual size: 116KB

.vmp0 Size: 500KB - Virtual size: 1.6MB

.text
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 489KB - Virtual size: 489KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 117KB - Virtual size: 116KB

.vmp0
Size: 500KB - Virtual size: 1.6MB