0d169404e68820dc3516340685f3e6724f302f74c2f46c6553dfa3620cef0eeb

Sharing

Copy URL Twitter E-mail

General

Target

0d169404e68820dc3516340685f3e6724f302f74c2f46c6553dfa3620cef0eeb
Size

466KB
MD5

072dc5cd9ff48c5469bd58296c4cff40
SHA1

39cceb9a93aad631a867eb09b025d4da93116b10
SHA256

0d169404e68820dc3516340685f3e6724f302f74c2f46c6553dfa3620cef0eeb
SHA512

c07a18a105b4cf6a92b4ddb859c6bb743f5c710ed34034aec49c28019b0723accf59817884f1d4bb28890d83b684534448c925c23cf23253a9d90ffc628ebec3
SSDEEP

6144:Ee5tdJSRaIbiPxYmvBIn3wMEgILVOKMRspek7ql5WCfFqDwHem3o:v5tIGKeBIDrcRyO7qOCfgIo

Score

N/A

Malware Config

Signatures

Files

0d169404e68820dc3516340685f3e6724f302f74c2f46c6553dfa3620cef0eeb
.exe windows x86

ab61e82c7859a1fb78ca075b88313839

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscat
wcscpy
wcslen
wcsncmp
wcschr
wcsstr
_vsnwprintf
_wcsnicmp
_wtoi
wcscmp
_ultow
strchr
sprintf
vsprintf
_vsnprintf
wcsrchr
wcsncpy
_wgetenv
_except_handler3
memchr
strncmp
rand
strtoul
_itow
_stricmp
wcstol
_wcsicmp
tolower
??3@YAXPAX@Z
memmove
strtok
atoi
strncpy
isdigit
??2@YAPAXI@Z
_c_exit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
time
_strnicmp
_strupr
sscanf
_snprintf
srand
gmtime
strtol
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit

advapi32

RegisterServiceCtrlHandlerW
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetServiceStatus
StartServiceCtrlDispatcherW
RegOpenKeyExA
GetTokenInformation
CheckTokenMembership
LsaFreeMemory
LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
CreateWellKnownSid
MapGenericMask
AccessCheck
RegSetValueExA
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
AddAccessDeniedAceEx
IsValidAcl
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
EqualSid
AddAccessAllowedAceEx
InitializeAcl
GetAclInformation
AddAce
LookupAccountNameW
SetSecurityDescriptorGroup
AddAccessAllowedAce
RegOpenKeyW
RegEnumKeyExW
RegQueryValueExW
TraceEvent
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableFlags
UnregisterTraceGuids
RegOpenKeyExW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
GetSecurityDescriptorLength
DeleteAce
GetAce
GetSecurityDescriptorDacl
AllocateAndInitializeSid
IsValidSecurityDescriptor
OpenThreadToken
RegCloseKey
RegOpenKeyA
DeregisterEventSource
ReportEventW
RegisterEventSourceA
RegCreateKeyExA
CloseServiceHandle
ControlService
QueryServiceStatus
OpenServiceW
OpenSCManagerW
SetSecurityDescriptorOwner

kernel32

LocalAlloc
LoadLibraryExW
LoadLibraryA
InitializeCriticalSection
CompareStringW
GetModuleHandleA
GetTimeFormatA
GetDateFormatA
LCMapStringW
CompareStringA
FlushFileBuffers
OutputDebugStringA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
GetSystemTimeAsFileTime
InterlockedExchangeAdd
GetTickCount
GetLastError
SystemTimeToFileTime
CloseHandle
GetCurrentProcess
WaitForMultipleObjects
OpenEventW
MultiByteToWideChar
InterlockedDecrement
Sleep
WideCharToMultiByte
GetCurrentThread
WaitForSingleObject
LocalFree
FormatMessageW
RaiseException
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
UnmapViewOfFile
WriteFile
MoveFileExW
GetOverlappedResult
CreateEventW
GetLocalTime
GetCurrentThreadId
GetDiskFreeSpaceExW
ExitThread
SetLastError
ResetEvent
SetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
CreateIoCompletionPort
GetComputerNameExW
CreateDirectoryW
DeleteFileW
GetSystemTime
OpenFileMappingW
CreateThread
TerminateThread
GetQueuedCompletionStatus
PostQueuedCompletionStatus
DebugBreak
InitializeCriticalSectionAndSpinCount
PulseEvent
LoadLibraryExA
MoveFileW
CopyFileW
ExitProcess
GetSystemInfo
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CompareFileTime

ws2_32

ntohs
htons
ntohl
getservbyname
getprotobynumber
getservbyport
getprotobyname
sendto
send
select
closesocket
getsockopt
listen
ioctlsocket
bind
socket
WSASocketW
setsockopt
WSAGetLastError
WSAStartup
getsockname
recvfrom
WSACleanup
connect
inet_addr
inet_ntoa
shutdown
WSARecvFrom
__WSAFDIsSet
accept
htonl
recv

rpcrt4

RpcServerInqBindings
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcRevertToSelf
RpcImpersonateClient
RpcServerListen
RpcEpUnregister
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcServerRegisterIf
RpcServerUseProtseqEpA
RpcEpRegisterA
RpcServerUseProtseqA
NdrServerCall2
UuidCreateSequential
RpcServerUnregisterIf
RpcBindingVectorFree
RpcStringFreeW

user32

CharLowerBuffW
LoadStringW
wsprintfW
CharUpperBuffW

netapi32

DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
NetLocalGroupAdd

ntdll

RtlEqualSid
RtlReAllocateHeap
RtlFreeHeap
RtlAllocateHeap
RtlCreateHeap
RtlDestroyHeap
RtlOemToUnicodeN
NtCancelIoFile
NtClose
NtDeviceIoControlFile
NtCreateFile
RtlInitUnicodeString
RtlRandom
RtlNtStatusToDosError
RtlAllocateAndInitializeSid
RtlDeleteCriticalSection
RtlUpcaseUnicodeToOemN
RtlAbsoluteToSelfRelativeSD
RtlInitializeSid
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlCopySid
RtlIpv6StringToAddressA
RtlIpv6AddressToStringA
RtlIpv6StringToAddressExA
RtlSubAuthorityCountSid
RtlLengthSid
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlNewSecurityObject
NtOpenProcessToken
NtAccessCheckAndAuditAlarm
RtlAdjustPrivilege

wldap32

ord145
ord88
ord97
ord140
ord155
ord224
ord62
ord152
ord170
ord14
ord73
ord13
ord40
ord21
ord12
ord87
ord26
ord167
ord133
ord147
ord191
ord135
ord27
ord65
ord108
ord194
ord206
ord157
ord69
ord122
ord188
ord10
ord127
ord113
ord301
ord79
ord142
ord41
ord16
ord36
ord203

dnsapi

DnsRecordListFree
Dns_ReadRecordStructureFromPacket
Dns_WriteDottedNameToPacket
DnsUtf8ToUnicode
DnsReplaceRecordSetUTF8
DnsQueryConfigAllocEx
DnsFreeConfigStructure
DnsIsAMailboxType
DnsUnicodeToUtf8
DnsRecordStringForType
DnsRecordTypeForName
DnsRecordStringForWritableType
DnsApiFree
Dns_WriteRecordStructureToPacketEx
Dns_SkipToRecord
Dns_SetRecordDatalength
Dns_ParsePacketRecord
Dns_SkipPacketName
GetCurrentTimeInSeconds
Dns_ReadPacketNameAllocate
DnsStringCopyAllocateEx
Dns_ReadPacketName
DnsQuery_UTF8

ntdsapi

DsWriteAccountSpnW
DsReplicaGetInfoW
DsReplicaFreeInfo
DsGetSpnW
DsBindW
DsBindA
DsFreeSpnArrayW
DsUnBindW

shlwapi

SHDeleteKeyW

iphlpapi

NotifyAddrChange
GetAdaptersInfo

mprapi

MprConfigServerDisconnect
MprAdminServerDisconnect
MprConfigBufferFree
MprAdminBufferFree
MprAdminTransportSetInfo
MprInfoBlockQuerySize
MprInfoBlockSet
MprConfigTransportGetInfo
MprConfigTransportGetHandle
MprConfigServerConnect
MprInfoBlockFind
MprAdminTransportGetInfo
MprAdminServerConnect
MprConfigTransportSetInfo

Sections

.text
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 146KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

snzsmeg
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ab61e82c7859a1fb78ca075b88313839

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

ws2_32

rpcrt4

user32

netapi32

ntdll

wldap32

dnsapi

ntdsapi

shlwapi

iphlpapi

mprapi

Sections

.text Size: 305KB - Virtual size: 305KB

.data Size: 13KB - Virtual size: 163KB

.rsrc Size: 146KB - Virtual size: 147KB

snzsmeg Size: - Virtual size: 4KB

.text
Size: 305KB - Virtual size: 305KB

.data
Size: 13KB - Virtual size: 163KB

.rsrc
Size: 146KB - Virtual size: 147KB

snzsmeg
Size: - Virtual size: 4KB