dd082e0ea9d2781f6a2fac904938d1a22822e653b52d2dde5bb57b69776d7951

Sharing

Copy URL

Twitter E-mail

General

Target

dd082e0ea9d2781f6a2fac904938d1a22822e653b52d2dde5bb57b69776d7951
Size

1.0MB
MD5

06b2b272793da1761063bd9d2a4e1760
SHA1

0e94d65ad0b804437f045330d882eb28e5823ea2
SHA256

dd082e0ea9d2781f6a2fac904938d1a22822e653b52d2dde5bb57b69776d7951
SHA512

01d49ebaa4952cceac3538bfad12510dd1095eb3ef9696109f15010c3ad5a163e01a02e91127b8e671a3fb112d1fca7c366ce433566f273ae2e43392a82e9189
SSDEEP

12288:F/ySELfEtL1qTJrQnPn43GAl0XYSBv68zyshIOuV+xOrVCwaIApyF4EERNixRKzr:FqSErUGDsBBv68zyl1+MR4G4EgkxMP

Score

N/A

Malware Config

Signatures

Files

dd082e0ea9d2781f6a2fac904938d1a22822e653b52d2dde5bb57b69776d7951
.exe windows x64

eefe427e1ca5c344ee7fca9e0759f447

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitUnicodeString
RtlInitString
RtlCaptureContext

kernel32

HeapSize
GetProcessHeap
HeapSetInformation
GetVersionExW
GetVolumeInformationW
GetCurrentProcess
OutputDebugStringW
IsDebuggerPresent
DebugBreak
FatalExit
LoadLibraryW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetLastError
AssignProcessToJobObject
CreateJobObjectW
GetSystemDirectoryW
ResumeThread
TerminateProcess
WaitForMultipleObjects
ProcessIdToSessionId
OpenProcess
LocalFree
LocalAlloc
FreeLibrary
CreateFileW
CloseHandle
HeapReAlloc
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
HeapDestroy
GetCurrentProcessId
GetLastError
GetFileType
HeapAlloc
Sleep

rpcrt4

NdrServerCall2
RpcStringFreeW
RpcBindingFree
I_RpcBindingInqLocalClientPID
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingServerFromClient
RpcServerListen
RpcServerRegisterAuthInfoW
RpcRevertToSelf
RpcImpersonateClient
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoW
RpcServerRegisterIf2
RpcServerUseProtseqEpW
RpcMgmtStopServerListening
NdrClientCall2

advapi32

GetSidSubAuthority
GetAclInformation
InitializeAcl
AddAce
MakeAbsoluteSD
GetSecurityDescriptorSacl
LookupPrivilegeValueW
GetTokenInformation
AdjustTokenPrivileges
SystemFunction036
GetSidLengthRequired
InitializeSid
GetSecurityDescriptorDacl
OpenProcessToken
DuplicateTokenEx
CreateProcessAsUserW
LsaNtStatusToWinError
ImpersonateLoggedOnUser
RevertToSelf
SetTokenInformation
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
CopySid
IsValidSid
GetLengthSid
AllocateLocallyUniqueId
AllocateAndInitializeSid
FreeSid
GetSecurityDescriptorLength
MakeSelfRelativeSD
InitializeSecurityDescriptor
GetSecurityDescriptorGroup
ConvertSidToStringSidW
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo
CreateWellKnownSid
EqualSid
CheckTokenMembership
ConvertStringSidToSidW
GetSecurityDescriptorOwner
GetSecurityDescriptorControl

user32

MessageBoxW

msvcr80

memcpy
__C_specific_handler
strncmp
memcmp
_amsg_exit
__wgetmainargs
_XcptFilter
_exit
_cexit
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
??0exception@std@@QEAA@AEBQEBD@Z
_fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_purecall
memmove_s
memcpy_s
__FrameUnwindFilter
??0exception@std@@QEAA@AEBV01@@Z
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@XZ
_commode
??1exception@std@@UEAA@XZ
_CxxThrowException
_vsnwprintf
??3@YAXPEAX@Z
malloc
__CxxFrameHandler3
free
memset
??2@YAPEAX_K@Z
calloc
_wcsnicmp

crypt32

CertVerifyCertificateChainPolicy
CryptDecodeObject
CertGetCertificateContextProperty
CryptFindOIDInfo

msvcp80

??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileW

secur32

LsaLookupAuthenticationPackage
LsaGetLogonSessionData
LsaLogonUser
LsaFreeReturnBuffer
LsaDeregisterLogonProcess
LsaConnectUntrusted

shlwapi

PathCombineW

msvcm80

?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@PE$AAVException@3@@Z
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXPE$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXPE$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6AJPEAX@Z0@Z

shell32

SHGetFolderPathW

dnsapi

DnsNameCompare_W

mscoree

_CorExeMain

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 530KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 236KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eefe427e1ca5c344ee7fca9e0759f447

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

rpcrt4

advapi32

user32

msvcr80

crypt32

msvcp80

userenv

secur32

shlwapi

msvcm80

shell32

dnsapi

mscoree

Sections

.text Size: 288KB - Virtual size: 288KB

.nep Size: 1KB - Virtual size: 1KB

.rdata Size: 530KB - Virtual size: 530KB

.data Size: 2KB - Virtual size: 6KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 236KB - Virtual size: 460KB

.text
Size: 288KB - Virtual size: 288KB

.nep
Size: 1KB - Virtual size: 1KB

.rdata
Size: 530KB - Virtual size: 530KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 236KB - Virtual size: 460KB