7dae3b64b509dc5bb9675ec6f43ebbdd6668f340244ad1c30de2231995517a9a

Sharing

Copy URL Twitter E-mail

General

Target

7dae3b64b509dc5bb9675ec6f43ebbdd6668f340244ad1c30de2231995517a9a
Size

834KB
MD5

203fd361a8f174c2779af40dde660649
SHA1

3e4c525994987f16f175ed4391cf27718d3bbb54
SHA256

7dae3b64b509dc5bb9675ec6f43ebbdd6668f340244ad1c30de2231995517a9a
SHA512

3fe7e3596ce8f6cea19818605216f22b4f9c397d3bfb8911631b6fac1c81fd83fcbf33308c27f120b7918a1e93f558697e5d4858e0c808367b244f918cd81603
SSDEEP

12288:SIlOFPUPHm0isB6AZD5K36Ai0W9sujgYTEpt+FxR+En0PrqtnBuGFvzBM3tZlqFI:Oh0GAIVCstjX+l5EQu9Xq7YLVpJ

Score

N/A

Malware Config

Signatures

Files

7dae3b64b509dc5bb9675ec6f43ebbdd6668f340244ad1c30de2231995517a9a
.exe windows x86

d9ab425d3bf35e75b75cb9c6da57a810

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

DsRoleDcAsReplica
DsEnumerateDomainTrustsW
RxNetAccessDel
NetLocalGroupAddMembers
DsRoleUpgradeDownlevelServer
NetpwPathCanonicalize
I_NetLogonSendToSam
NetGroupAdd
RxNetAccessEnum
I_NetDatabaseSync2
NetScheduleJobEnum
NetpwNameValidate
NetShareDelSticky
NetApiBufferSize
I_BrowserServerEnum
DsDeregisterDnsHostRecordsA
NetMessageNameDel
NetSessionEnum
NetServerTransportDel
NetReplGetInfo
DsDeregisterDnsHostRecordsW
NetpIsRemote
NetUserSetGroups

olecli32

PbDraw
ErrReconnect
GetTaskVisibleWindow
OleQueryOutOfDate
SrvrWndProc
GenClone
MfCopy
LeSetData
OleSetHostNames
GenEqual
MfRelease
LeReconnect
MfGetData
OleActivate
OleRename
MfClone
OleCreateInvisible
DibRelease
PbCreateFromFile
DibClone
OleQueryReleaseStatus

comctl32

ImageList_GetBkColor
FlatSB_GetScrollProp
DrawInsert
ImageList_GetDragImage
PropertySheetA
ImageList_SetIconSize
FlatSB_SetScrollRange
ImageList_Add
ImageList_GetImageCount
GetMUILanguage
ImageList_Replace
ImageList_DragEnter

ntdll

ZwImpersonateClientOfPort
NtInitializeRegistry
RtlUnicodeStringToInteger
RtlCreateTagHeap
strstr
RtlUlonglongByteSwap
RtlInsertElementGenericTableAvl
NtPrivilegeCheck
RtlLengthRequiredSid
ZwQuerySystemEnvironmentValueEx
PfxFindPrefix
NtSaveMergedKeys
NtResumeProcess
RtlEqualSid
_memicmp
RtlConvertSharedToExclusive
RtlAddCompoundAce
RtlDeregisterWait
ZwRemoveProcessDebug
NtCreateMailslotFile
RtlGetOwnerSecurityDescriptor
RtlFindMessage
RtlIpv6AddressToStringA

user32

SetDlgItemTextW
GetMenuContextHelpId
GetMenuStringA
EnumDesktopWindows
SetWindowsHookExW
ScrollChildren
ExcludeUpdateRgn
IsDialogMessage
CreateDialogIndirectParamW
OpenWindowStationW
DdeSetUserHandle
GetSysColorBrush
EnumPropsA
ScrollWindow
LockWorkStation
CharPrevA
VkKeyScanExA
mouse_event
GetComboBoxInfo

kernel32

GetModuleHandleExA
SetConsoleScreenBufferSize
GetModuleHandleA
SetFileApisToANSI
LoadLibraryW
SetFileShortNameA
GetComputerNameExA
LCMapStringW
GetConsoleWindow
GetOEMCP
MulDiv
RemoveDirectoryA
SetFileAttributesW
ProcessIdToSessionId
SetCommState

Sections

.text
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9ab425d3bf35e75b75cb9c6da57a810

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

olecli32

comctl32

ntdll

user32

kernel32

Sections

.text Size: 383KB - Virtual size: 383KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 173KB - Virtual size: 1.5MB

.rsrc Size: 161KB - Virtual size: 160KB

.reloc Size: 1024B - Virtual size: 844B

.text
Size: 383KB - Virtual size: 383KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 173KB - Virtual size: 1.5MB

.rsrc
Size: 161KB - Virtual size: 160KB

.reloc
Size: 1024B - Virtual size: 844B