3ec0dead319a449f4fb25701e54612ec071371186e3a4f20278fa1430a5909ef

Sharing

Copy URL Twitter E-mail

General

Target

3ec0dead319a449f4fb25701e54612ec071371186e3a4f20278fa1430a5909ef
Size

99KB
MD5

04066a2773ac766b39b4240de722f840
SHA1

1a5404220a1b5bfc99cfde1477cf9d009eea1921
SHA256

3ec0dead319a449f4fb25701e54612ec071371186e3a4f20278fa1430a5909ef
SHA512

aa42c28e5e33dcb33303f638f70178259eb4aea1e27cc8a352ef7b8699081e49f328eef3c1104a72fccb03f09280a759862f4c81cc75d1409246085c5807ede4
SSDEEP

3072:NVU4Hz9Gpn5Nes0p8TWNVkH3CMQLzJiZbfsp6PqKLpG6VB1TkO:Hz9Gx5NerpgwEyzmUWqF6VBG

Score

N/A

Malware Config

Signatures

Files

3ec0dead319a449f4fb25701e54612ec071371186e3a4f20278fa1430a5909ef
.exe windows x86

a6b89158b581eb88c91713204935b7fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
LookupAccountNameW
CloseEventLog
LookupAccountSidW
ReadEventLogW
OpenEventLogW
DecryptFileW
RegEnumKeyExW
RegEnumValueW
LsaOpenPolicy
LsaFreeMemory
LsaLookupSids
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid

kernel32

CloseHandle
DeviceIoControl
CreateFileW
GetLastError
GetWindowsDirectoryW
SetLastError
GetProcAddress
GetModuleHandleW
DeleteFileW
SetEndOfFile
SetFilePointerEx
GetFinalPathNameByHandleW
OpenFileById
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
GetSystemInfo
CreateHardLinkW
FindClose
FindNextFileNameW
FindFirstFileNameW
GetVersionExW
SetThreadUILanguage
HeapSetInformation
GetDateFormatW
GetTimeFormatW
FileTimeToSystemTime
CreateDirectoryW
GetVolumePathNameW
GetFullPathNameW
WaitForSingleObject
SetConsoleCtrlHandler
CreateProcessW
GetSystemDirectoryW
GetFileAttributesW
GetCurrentDirectoryW
GetVolumeNameForVolumeMountPointW
QueryDosDeviceW
GetComputerNameW
LocalFree
WriteFile
FormatMessageW
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
GetTempFileNameW
GetTempPathW
GetFileSizeEx
GetCurrentProcess
WideCharToMultiByte
GetConsoleOutputCP
WriteConsoleW
GetConsoleMode
GetFileType
GetStdHandle
GetDiskFreeSpaceExW
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcrt

realloc
wcsncpy_s
_wcsdup
exit
iswspace
iswalpha
iswdigit
wprintf
__wgetmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
towupper
?terminate@@YAXXZ
_controlfp
_wcsnicmp
_errno
wcscat_s
wcscpy_s
_wcsicmp
free
malloc
memset
calloc
isalpha
_local_unwind4
setlocale
_wtoi
wcsrchr
_vsnwprintf
memcpy
toupper
isdigit
_except_handler4_common
swprintf_s

ntdll

RtlAllocateHeap
NtQuerySecurityObject
RtlTimeToTimeFields
RtlGetOwnerSecurityDescriptor
NtEnumerateTransactionObject
RtlStringFromGUID
RtlConvertSidToUnicodeString
RtlFreeUnicodeString
RtlNtStatusToDosError
NtQueryInformationFile
NtOpenFile
RtlInitUnicodeString
NtSetInformationFile
NtCreateFile
RtlDosPathNameToNtPathName_U
RtlFreeHeap
RtlGetCurrentTransaction
RtlSetCurrentTransaction
NtSetQuotaInformationFile
RtlLengthSid
NtQueryVolumeInformationFile
NtSetVolumeInformationFile
NtQueryQuotaInformationFile

ktmw32

GetTransactionInformation
CommitTransaction
RollbackTransaction
OpenTransaction

ole32

StringFromIID
CoTaskMemFree
IIDFromString

netapi32

NetShareEnum
NetApiBufferFree

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a6b89158b581eb88c91713204935b7fe

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ktmw32

ole32

netapi32

Sections

.text Size: 64KB - Virtual size: 63KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 30KB - Virtual size: 31KB

.text
Size: 64KB - Virtual size: 63KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 30KB - Virtual size: 31KB