ac9eae7e883572ef2e709db5a0d635b174e1d2c2bb0e48ac7c86c7759678246d

Sharing

Copy URL

Twitter E-mail

General

Target

ac9eae7e883572ef2e709db5a0d635b174e1d2c2bb0e48ac7c86c7759678246d
Size

703KB
MD5

0d42bb073f582d4e6449bd71056c9660
SHA1

56974cbdb062c55a2b66ebbf484aef6f4c5fc7fe
SHA256

ac9eae7e883572ef2e709db5a0d635b174e1d2c2bb0e48ac7c86c7759678246d
SHA512

71bc90f3a92a4404bc33a99830147ca6197e376d4c76c534d46fa378aa9f3804d7bf56a0cfd0249dc855937de8d27a068dea6ed05570a7f546b643ff80adb309
SSDEEP

12288:2f5ECjnxC3dmV1Z7UfrIRPXuuwt6DqXGn4C9fKOXqmsUf52jOc2aIXP7Fy+CD+DR:SGGnxAmV1l1XPvyOamsUf52jOc2aIXBn

Score

N/A

Malware Config

Signatures

Files

ac9eae7e883572ef2e709db5a0d635b174e1d2c2bb0e48ac7c86c7759678246d
.exe windows x64

72aa515b1963995c201e36de48594f61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegQueryValueExW
RegOpenKeyW
RegCloseKey
LsaLookupSids
GetSidSubAuthority
LsaQueryInformationPolicy
LsaLookupNames
LsaOpenPolicy
GetSidSubAuthorityCount
CopySid
EqualSid
LsaLookupNames2
LsaClose
GetSidLengthRequired
GetLengthSid
LsaFreeMemory
InitializeSecurityDescriptor
LookupAccountNameW
SetSecurityDescriptorDacl
GetAce
LookupAccountSidW
InitializeAcl
AddAccessAllowedAce
GetSecurityDescriptorDacl
CreateWellKnownSid
CloseServiceHandle
OpenSCManagerW
EnumDependentServicesW
GetServiceKeyNameW
OpenServiceW
QueryServiceStatus
GetServiceDisplayNameW

kernel32

GetComputerNameExW
Sleep
GetUserDefaultLCID
CompareStringW
GetCommandLineW
GetCPInfo
SetThreadUILanguage
GetConsoleOutputCP
GetStdHandle
GetLastError
HeapSetInformation
WideCharToMultiByte
GetComputerNameW
GetDriveTypeW
LocalAlloc
LocalFree
GetDateFormatW
SetLocalTime
GetProfileStringW
GetTimeFormatW
SetSystemTime
GetTickCount
LoadLibraryW
GetProcAddress
GlobalAlloc
lstrlenW
GetTimeZoneInformation
FreeLibrary
SetLastError
GetModuleFileNameW
WriteConsoleW
FormatMessageW
WriteFile
GetFileType
PeekConsoleInputW
SetConsoleMode
GetConsoleMode
ReadConsoleW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetModuleHandleW
GlobalFree

msvcrt

wcstok
_wcsdup
memcpy
wcstod
_vsnwprintf_s
putchar
_snwprintf_s
_local_unwind
wcspbrk
memset
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_cexit
_exit
_XcptFilter
__C_specific_handler
wcscspn
iswctype
memmove
srand
rand
wcsrchr
calloc
_wcsrev
realloc
malloc
free
_ultow
swprintf_s
wcsncat_s
wcsstr
wcschr
exit
setlocale
_setmode
_iob
_fileno
_wcsnicmp
sprintf_s
wcsspn
qsort
wcscpy_s
wcsncmp
wcscat_s
_wcslwr
wcsncpy_s
_wcsupr
_wcsicmp
__getmainargs

dsrole

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation

netutils

NetApiBufferFree
NetApiBufferAllocate
NetpwListTraverse
NetpwNameCompare
NetpwListCanonicalize
NetApiBufferReallocate
NetpwPathType
NetpwNameCanonicalize
NetpwNameValidate
NetapipBufferAllocate

logoncli

DsGetDcNameW

browcli

NetServerEnum

samcli

NetUserEnum
NetUserGetGroups
NetUserGetInfo
NetUserSetInfo
NetGroupGetInfo
NetGroupAddUser
NetGroupEnum
NetGroupGetUsers
NetGroupSetInfo
NetGroupDel
NetGroupDelUser
NetGroupAdd
NetUserDel
NetUserAdd
NetUserModalsGet
NetUserModalsSet

srvcli

NetSessionEnum
NetFileGetInfo
NetFileClose
NetFileEnum
NetServerTransportEnum
NetConnectionEnum
NetSessionDel
NetSessionGetInfo
NetShareGetInfo
NetShareEnum
NetShareSetInfo
NetShareAdd
NetShareCheck
NetShareDelSticky
NetRemoteTOD
NetServerGetInfo
NetServerSetInfo
NetShareDel

wkscli

NetUseEnum
NetUseDel
NetWkstaUserGetInfo
NetWkstaGetInfo
NetWkstaTransportEnum

netapi32

NetStatisticsGet
NetServiceInstall
NetServiceControl
NetServiceEnum

samlib

SamConnect
SamOpenAlias
SamAddMemberToAlias
SamRemoveMemberFromAlias
SamQueryInformationAlias
SamCloseHandle
SamFreeMemory
SamDeleteAlias
SamSetInformationAlias
SamGetMembersInAlias
SamEnumerateAliasesInDomain
SamGetAliasMembership
SamCreateAliasInDomain
SamLookupNamesInDomain
SamLookupIdsInDomain
SamOpenDomain

ntdsapi

DsFreeNameResultW
DsUnBindW
DsBindW
DsCrackNamesW

ntdll

RtlTimeToSecondsSince1970
NtQuerySystemTime
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlAllocateHeap
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlCopySid
RtlSubAuthorityCountSid
RtlLengthSid
NtClose
NtOpenProcessToken
RtlNtStatusToDosError
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
RtlTimeFieldsToTime
RtlQueryTimeZoneInformation
RtlCompareMemory
RtlxOemStringToUnicodeSize
NlsMbOemCodePageTag
RtlOemStringToUnicodeString
RtlInitAnsiString
RtlGetNtProductType
RtlInitUnicodeString
RtlInitString

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 556KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

72aa515b1963995c201e36de48594f61

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

dsrole

netutils

logoncli

browcli

samcli

srvcli

wkscli

netapi32

samlib

ntdsapi

ntdll

Sections

.text Size: 118KB - Virtual size: 118KB

.data Size: 22KB - Virtual size: 67KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 556KB - Virtual size: 2.4MB

.text
Size: 118KB - Virtual size: 118KB

.data
Size: 22KB - Virtual size: 67KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 556KB - Virtual size: 2.4MB