15adbe0b268a75a0613d5ef5108579f85e8494caa911e3bbad7691017e48b39a

Sharing

Copy URL Twitter E-mail

General

Target

15adbe0b268a75a0613d5ef5108579f85e8494caa911e3bbad7691017e48b39a
Size

336KB
MD5

0eb9b2aa448a5d8793488fae4ae31290
SHA1

6e55eae89c54b3c845e9a6a2619e0eb6e1131cab
SHA256

15adbe0b268a75a0613d5ef5108579f85e8494caa911e3bbad7691017e48b39a
SHA512

4e55e4742acd085df54d5f61f60f7b73fdbda4137694648246bb5386465b617b408f330cc9162d39b17b48e62a20d51a79272b958acbcaa28a47d6e165cde62e
SSDEEP

6144:eKYj3NAilR0GcmjUSCwiz+jdMnIH3FXH3nXH3nHs:M3NAif0Gcediz+jsIH3FXH3nXH3n

Score

N/A

Malware Config

Signatures

Files

15adbe0b268a75a0613d5ef5108579f85e8494caa911e3bbad7691017e48b39a
.exe windows x86

669877872fcb400dee1ec1a2b6f80a5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
RegCloseKey
RegSetKeySecurity
EqualSid
GetAce
GetAclInformation
GetSecurityDescriptorDacl
AllocateAndInitializeSid
RegGetKeySecurity
RegOpenKeyExA
SystemFunction025
SystemFunction027
RegQueryValueExA
RegQueryValueExW
RegConnectRegistryW
RegSetValueExA
AbortSystemShutdownA
InitiateSystemShutdownExA
CryptAcquireContextW

kernel32

CreateThread
CreateEventW
SetMailslotInfo
GetComputerNameW
InitializeCriticalSection
Sleep
LocalFree
GetModuleHandleW
LeaveCriticalSection
SetThreadUILanguage
GetConsoleOutputCP
GetProcessHeap
HeapAlloc
SetEvent
HeapFree
lstrlenA
CreateMailslotA
CreateFileW
WriteFile
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
InterlockedExchange
CloseHandle
DeleteCriticalSection
ReadFile
GetLastError
EnterCriticalSection
GetLocalTime
GetOverlappedResult
WaitForMultipleObjects
WaitForSingleObject
GetStdHandle

msvcrt

?terminate@@YAXXZ
_controlfp
free
isleadbyte
_iob
_snprintf
_itoa
printf
_wsetlocale
_vsnwprintf
time
srand
wctomb
rand
memcpy
strchr
iswctype
strtol
strtoul
_strnicmp
_stricmp
fprintf
__iob_func
_errno
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
malloc
fwprintf
memmove
memset
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs

ntdsapi

DsBindW
DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW
DsUnBindW

logoncli

DsGetForestTrustInformationW
DsGetDcNameWithAccountW
I_NetLogonControl
I_NetLogonControl2
NetLogonGetTimeServiceParentDomain
NetGetDCName
I_NetGetDCList
DsEnumerateDomainTrustsA
DsGetDcNameW
DsAddressToSiteNamesExA
DsGetDcNameA
DsGetDcSiteCoverageA
DsGetSiteNameA
I_NetlogonComputeServerDigest
DsDeregisterDnsHostRecordsA
DsGetDcOpenA
DsGetDcNextA
DsGetDcCloseW
I_NetlogonGetTrustRid
I_NetlogonComputeClientDigest

rpcrt4

RpcStringFreeW
UuidToStringW
RpcStringFreeA
UuidToStringA
UuidFromStringA

ws2_32

htonl
ntohs
WSAStartup
WSACleanup
getaddrinfo
WSAAddressToStringA
freeaddrinfo
WSAStringToAddressA
WSAGetLastError

ntdll

RtlInitAnsiString
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlxUnicodeStringToOemSize
RtlUpcaseUnicodeStringToOemString
RtlInitString
NlsMbOemCodePageTag
RtlOemStringToUnicodeString
RtlLengthSid
RtlUnwind
RtlSystemTimeToLocalTime
RtlTimeToTimeFields
RtlConvertSidToUnicodeString
RtlFreeUnicodeString

netutils

NetApiBufferAllocate
NetApiBufferFree
NetpwNameCompare

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptDecrypt
BCryptDestroyHash

user32

LoadStringW

Sections

.text
Size: 242KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 56KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

669877872fcb400dee1ec1a2b6f80a5b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdsapi

logoncli

rpcrt4

ws2_32

ntdll

netutils

bcrypt

user32

Sections

.text Size: 242KB - Virtual size: 242KB

.data Size: 56KB - Virtual size: 93KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 35KB - Virtual size: 38KB

.text
Size: 242KB - Virtual size: 242KB

.data
Size: 56KB - Virtual size: 93KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 35KB - Virtual size: 38KB