b3da3bd4a716cb787fe01ca2fe4b661d5376bcf84c02c725f76996e0795deb47

Sharing

Copy URL Twitter E-mail

General

Target

b3da3bd4a716cb787fe01ca2fe4b661d5376bcf84c02c725f76996e0795deb47
Size

896KB
MD5

090d194cbcd6cbaccb6c48aec50f11d0
SHA1

e3d8977b653416c6b4415c6d1f58053ac1942af9
SHA256

b3da3bd4a716cb787fe01ca2fe4b661d5376bcf84c02c725f76996e0795deb47
SHA512

b2a0165413f65bb3a40cc51cd81cffa5e2994268359df9bec55634ee9748975ff3140b6c4c46d9a00fda6313d6ee59ad56e6b4c9b1d791b8774f28825db518bb
SSDEEP

24576:ULByfEWXrGU3Vrmll/POE7gLtk+oOg3uOvb725m:UV+iU3a7chk+w39z79

Score

N/A

Malware Config

Signatures

Files

b3da3bd4a716cb787fe01ca2fe4b661d5376bcf84c02c725f76996e0795deb47
.exe windows x86

7a272b918680ee931c6fd622cafba542

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptAcquireContextW
CryptReleaseContext
RevertToSelf
ImpersonateSelf
GetSecurityDescriptorLength
IsValidSecurityDescriptor
CryptGetProvParam
CryptDestroyKey
CryptGetKeyParam
CryptGetUserKey
CryptDestroyHash
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptEncrypt
CryptDuplicateKey
CryptDecrypt
CryptImportKey
CryptGenKey
CryptGenRandom
CryptSetKeyParam
CopySid
GetLengthSid
GetTokenInformation
LookupAccountSidW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegEnumValueW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
CryptSetProvParam
CryptVerifySignatureW
RegOpenKeyW
CryptContextAddRef
CryptExportKey
CryptDuplicateHash
CryptSetHashParam
CryptSignHashW
GetSecurityDescriptorControl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
DeleteAce
EqualSid
GetAce
GetAclInformation
SetSecurityDescriptorDacl
SetEntriesInAclW
GetSecurityDescriptorDacl
AllocateAndInitializeSid
LookupAccountNameW
MakeSelfRelativeSD
MakeAbsoluteSD
OpenThreadToken
FreeSid
CheckTokenMembership
DuplicateToken
LsaClose
LsaFreeMemory
LsaOpenPolicy
CryptGetDefaultProviderW
CryptEnumProvidersA
AdjustTokenPrivileges
LookupPrivilegeValueW
AddAccessDeniedObjectAce
AddAccessAllowedObjectAce
AddAccessDeniedAce
AddAccessAllowedAce
SetNamedSecurityInfoW
InitializeAcl
AddAce
RegCreateKeyExW
RegConnectRegistryW
LsaRetrievePrivateData
LsaStorePrivateData
CreateWellKnownSid
ImpersonateLoggedOnUser

kernel32

SetLastError
GetStdHandle
GetFileType
GetConsoleMode
SetConsoleMode
CreateThread
WaitForSingleObject
GetExitCodeThread
CloseHandle
GetSystemTime
SystemTimeToFileTime
lstrcmpW
CompareFileTime
FreeLibrary
LocalAlloc
GetSystemTimeAsFileTime
GetFileAttributesW
GetProcAddress
GetSystemDefaultLangID
DeleteCriticalSection
LoadLibraryExA
InitializeCriticalSection
GetLastError
LocalReAlloc
GetModuleHandleW
PulseEvent
OpenEventW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetTempFileNameW
GetEnvironmentVariableW
GetCurrentProcess
GetFileAttributesExW
lstrcmpiW
DeleteFileW
FormatMessageW
HeapAlloc
GetProcessHeap
LocalFree
HeapFree
EncodePointer
DecodePointer
LoadLibraryW
GetTickCount
FindClose
FindNextFileW
FindFirstFileW
ReadFile
SetFilePointer
GetFileSize
CreateFileW
GetComputerNameExW
GetComputerNameW
GetVersionExW
LeaveCriticalSection
SetConsoleCtrlHandler
EnterCriticalSection
VerifyVersionInfoW
VerSetConditionMask
DelayLoadFailureHook
InterlockedExchange
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
MultiByteToWideChar
SearchPathW
GetLocaleInfoW
FindResourceExW
InterlockedCompareExchange
OpenProcess
RaiseException
GetProfileStringA
InterlockedIncrement
ResetEvent
CreateEventW
InterlockedDecrement
SetEvent
GetFileTime
lstrlenW
GetCommandLineW
VirtualFree
VirtualAlloc
WriteConsoleW
GetTempPathW
GetACP
WideCharToMultiByte
FileTimeToLocalFileTime
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
FindResourceW
LoadResource
LockResource
OutputDebugStringA
GetSystemDirectoryW
LoadLibraryExW
CompareStringW
GetSystemInfo
CreateFileMappingW
WriteFile
GetLocalTime
HeapSetInformation
GetCurrentThread
FileTimeToSystemTime
LocalFileTimeToFileTime
GetFullPathNameW
RemoveDirectoryW
CreateDirectoryW
FoldStringW
UnmapViewOfFile
MapViewOfFile

msvcrt

feof
fgetc
_wfopen
fgetws
_amsg_exit
__iob_func
vfwprintf
_wfopen_s
fwprintf
fputws
atoi
_wsetlocale
getenv
_wgetenv
gmtime
iswxdigit
iswalpha
__isascii
isxdigit
iswspace
memset
memmove
memcpy
wcstok
wcschr
_vsnwprintf
wcsrchr
iswdigit
__CxxFrameHandler3
_CxxThrowException
_fgetwchar
fflush
_iob
wcsspn
_wcsnicmp
wcsstr
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
wcscspn
_setmode
_fileno
_strnicmp
swscanf
_stricmp
_wtoi
_wcsicmp
_vsnprintf
isdigit
atol
fwrite
_errno
ftell
sscanf
strspn
strpbrk
strcat_s
strncmp
strcpy_s
wcscpy_s
bsearch
_itoa_s
qsort
_strlwr
_controlfp
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
wcstoul
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
malloc
_callnewh
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_ultow
_purecall
wcsncmp
_wcslwr
_swab
fopen
fgets
strchr
strstr
fputs
fseek
strcspn
ferror
fclose
fprintf

certcli

CAGetCertTypeExtensions
ord246
ord225
ord223
ord254
ord207
ord206
ord213
CAFreeCertTypeExtensions
CAGetCertTypeExpiration
CAGetCertTypeKeySpec
CAFreeCertTypeProperty
CAGetCertTypePropertyEx
CAGetCertTypeFlagsEx
CACloseCertType
CAEnumNextCertType
CACertTypeAccessCheckEx
CAGetCertTypeProperty
CAEnumCertTypes
CAEnumCertTypesForCA
CAFindCertTypeByName
CACloseCA
CAEnumNextCA
CAFreeCAProperty
CAGetCAProperty
CAFindByName
CAEnumFirstCA
CAGetCASecurity
CAGetCACertificate
CAAccessCheck
CAGetCAExpiration
CAGetCAFlags
CASetCAProperty
CAFindByCertType
ord258
ord256
ord218
ord356
CACertTypeAccessCheck
CACountCertTypes
CACountCAs
ord217
CASetCASecurity
CASetCACertificate
CASetCAFlags
CACreateNewCA
ord210
ord247
ord260
ord205
ord215
ord203
ord253
ord261
ord252
ord208
ord242
CAUpdateCA

comctl32

InitCommonControlsEx

cryptui

CryptUIDlgFreeCAContext
CryptUIDlgViewCRLW
CryptUIDlgViewCertificateW

gdi32

GetStockObject

ncrypt

BCryptDestroyKey
NCryptFinalizeKey
NCryptGetProperty
NCryptIsKeyHandle
NCryptFreeObject
NCryptImportKey
NCryptOpenStorageProvider
NCryptIsAlgSupported
NCryptEnumKeys
BCryptVerifySignature
BCryptSignHash
BCryptEncrypt
BCryptDecrypt
BCryptSetProperty
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
NCryptDeriveKey
NCryptSecretAgreement
NCryptVerifySignature
NCryptSignHash
NCryptEncrypt
NCryptDecrypt
NCryptExportKey
BCryptExportKey
NCryptSetProperty
BCryptGenRandom
BCryptCreateHash
NCryptOpenKey
BCryptEnumContexts
BCryptQueryContextConfiguration
BCryptResolveProviders
BCryptEnumContextFunctions
BCryptEnumAlgorithms
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
NCryptEnumStorageProviders
NCryptFreeBuffer
NCryptEnumAlgorithms
BCryptQueryProviderRegistration
BCryptFreeBuffer
NCryptCreatePersistedKey
NCryptDeleteKey

netapi32

DsGetSiteNameW
DsRoleGetPrimaryDomainInformation
DsGetDcNameW
NetUserGetGroups
NetApiBufferFree
DsRoleFreeMemory

ntdll

RtlTimeToSecondsSince1970
NtQuerySystemTime
RtlFindMessage

ntdsapi

DsCrackNamesW
DsBindW
DsFreeNameResultW
DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW
DsUnBindW

setupapi

SetupCloseInfFile
SetupGetIntField
SetupGetStringFieldW
SetupGetFieldCount
SetupFindNextLine
SetupGetLineCountW
SetupFindFirstLineW
SetupOpenInfFileW

shell32

SHGetFolderPathW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wldap32

ord224
ord140
ord79
ord142
ord167
ord147
ord127
ord41
ord27
ord26
ord36
ord210
ord208
ord73
ord14
ord145
ord13
ord113
ord203
ord155
ord65
ord12
ord18
ord16

crypt32

CertOpenStore
CertCreateCertificateContext
CryptMsgClose
CertCloseStore
CertGetCertificateContextProperty
CryptFindOIDInfo
CryptEncodeObjectEx
CertFreeCertificateContext
CertFindExtension
CertEnumCRLsInStore
CertCreateCRLContext
CryptDecodeObject
CryptEnumOIDInfo
CertCompareCertificateName
CertFindAttribute
CertEnumCertificatesInStore
CertAddEncodedCertificateToStore
CryptAcquireCertificatePrivateKey
CryptFindCertificateKeyProvInfo
CryptFormatObject
CryptMsgControl
CryptMsgGetAndVerifySigner
CryptMsgGetParam
PFXIsPFXBlob
CertAddCertificateContextToStore
CryptQueryObject
CryptVerifyCertificateSignature
CertDuplicateCertificateContext
CertFreeCTLContext
CertCreateCTLContext
CertFreeCertificateChain
CertGetCertificateChain
CertSaveStore
CertGetNameStringW
CertDeleteCertificateFromStore
CertEnumCTLsInStore
CertComparePublicKeyInfo
CryptExportPublicKeyInfo
CertSetStoreProperty
CertGetCTLContextProperty
CertEnumCTLContextProperties
CertGetCRLContextProperty
CertSetCertificateContextProperty
CertEnumCertificateContextProperties
CertSetCRLContextProperty
CertFindCertificateInStore
CertEnumPhysicalStore
CertEnumSystemStore
CertEnumSystemStoreLocation
CertControlStore
CryptImportPublicKeyInfo
CertAddCRLContextToStore
CertAddCTLContextToStore
CertDeleteCRLFromStore
CertDuplicateCRLContext
CertVerifyRevocation
CertVerifyTimeValidity
CertVerifyCRLTimeValidity
CryptHashCertificate
CertGetEnhancedKeyUsage
CryptVerifyCertificateSignatureEx
CertVerifySubjectCertificateContext
CryptSignAndEncodeCertificate
CryptDecodeObjectEx
CryptMsgUpdate
CryptMsgOpenToDecode
CryptSignCertificate
CryptSignMessage
CryptHashPublicKeyInfo
CryptDecryptMessage
PFXImportCertStore
CertStrToNameW
CertNameToStrW
CryptEncryptMessage
CertVerifyCertificateChainPolicy
CertGetIntendedKeyUsage
CryptFreeOIDFunctionAddress
CryptGetOIDFunctionAddress
CryptInitOIDFunctionSet
CertAddCertificateLinkToStore
PFXExportCertStore
PFXExportCertStoreEx
CertEnumCRLContextProperties
CertGetPublicKeyLength
CertFreeCRLContext
CertSetCTLContextProperty

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CoInitializeEx
PropVariantClear
StgOpenStorageEx
CoSetProxyBlanket
CoCreateInstanceEx
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
ProgIDFromCLSID
StringFromCLSID
CoTaskMemFree

oleaut32

SafeArrayUnaccessData
SysAllocStringLen
VariantInit
VariantClear
SafeArrayGetElement
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantCopyInd
SetErrorInfo
CreateErrorInfo
SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen

rpcrt4

UuidCreate
NdrClientCall2

secur32

GetComputerObjectNameW
TranslateNameW
GetUserNameExW

user32

CheckDlgButton
SetDlgItemInt
SetCursor
SetDlgItemTextW
GetDlgItem
EnableWindow
SendDlgItemMessageA
SendMessageW
GetDesktopWindow
LoadIconW
LoadCursorW
RegisterClassW
CreateWindowExW
EndDialog
GetDlgItemInt
GetDlgItemTextW
IsDlgButtonChecked
DialogBoxParamW
SetWindowTextW
CallWindowProcW
GetWindowLongW
ShowWindow
SetWindowLongW
GetWindowTextW
SetFocus
LoadStringW
CharLowerW
MessageBoxW
PostQuitMessage
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
PostMessageW
UpdateWindow

Sections

.text
Size: 795KB - Virtual size: 794KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7a272b918680ee931c6fd622cafba542

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

certcli

comctl32

cryptui

gdi32

ncrypt

netapi32

ntdll

ntdsapi

setupapi

shell32

version

wldap32

crypt32

ole32

oleaut32

rpcrt4

secur32

user32

Sections

.text Size: 795KB - Virtual size: 794KB

.data Size: 28KB - Virtual size: 36KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 67KB - Virtual size: 68KB

.text
Size: 795KB - Virtual size: 794KB

.data
Size: 28KB - Virtual size: 36KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 67KB - Virtual size: 68KB