a721aa356105a5c705badc44ba759824b3045b3110937f198bab09a891e1f432

Sharing

Copy URL Twitter E-mail

General

Target

a721aa356105a5c705badc44ba759824b3045b3110937f198bab09a891e1f432
Size

705KB
MD5

0e0b15791cf1b652913329f74fbd27a3
SHA1

1f60b4c67f4f672a7c6d2f539f6fa156def21177
SHA256

a721aa356105a5c705badc44ba759824b3045b3110937f198bab09a891e1f432
SHA512

404ee65d3b8dbc01d6aa9462889ab79f8ccaa2db8894a280a69df2b9cbcc6657a4291046fc7dcb7e3f739ef5d615f5e14bfebbda06ceeea2dc0dac487ad02709
SSDEEP

12288:WD3NAigZPKmhzQSxeYiL+rbL7rbL7kCyj:WTNAigZP1QfL+rbL7rbL7kCyj

Score

N/A

Malware Config

Signatures

Files

a721aa356105a5c705badc44ba759824b3045b3110937f198bab09a891e1f432
.dll windows x86

9f1a9adfa779fbf1b18a190a97b57fc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wtoi
_vsnwprintf
memset
memcpy
wprintf
bsearch
_tempnam
strcpy_s
remove
_lseek
_close
_write
_read
_open
_errno
qsort
_ui64toa_s
_i64toa_s
_ltoa_s
isprint
sprintf_s
strpbrk
strstr
_ultoa_s
_wcsnicmp
_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
_ultow_s
_set_errno
wcstoul
_get_errno
wcstok
wcsncmp
_vsnprintf
memmove
_wcstoui64
_snwprintf_s
swprintf_s
_wcsicmp
wcstod
_wcstoi64

ntdll

EtwTraceMessage
RtlNtStatusToDosError
EtwEventWrite
RtlIpv6StringToAddressW
RtlIpv4StringToAddressW
RtlEthernetStringToAddressW
RtlIpv4AddressToStringA
RtlIpv6AddressToStringA
RtlEthernetAddressToStringA
RtlIpv6AddressToStringW

crypt32

CertFreeCertificateContext
CertNameToStrW
CertGetNameStringW
CertCreateCertificateContext

fwpuclnt

IkeextGetStatistics1
FwpmNetEventDestroyEnumHandle0
FwpmNetEventEnum1
FwpmNetEventCreateEnumHandle0
FwpmProviderUnsubscribeChanges0
FwpmProviderContextUnsubscribeChanges0
FwpmSubLayerUnsubscribeChanges0
FwpmCalloutUnsubscribeChanges0
FwpmFilterUnsubscribeChanges0
FwpmNetEventUnsubscribe0
FwpmProviderGetByKey0
FwpmProviderContextGetByKey1
FwpmSubLayerGetByKey0
FwpmCalloutGetByKey0
FwpmFilterGetByKey0
FwpmNetEventSubscribe0
FwpmFilterSubscribeChanges0
FwpmCalloutSubscribeChanges0
FwpmSubLayerSubscribeChanges0
IPsecGetStatistics1
FwpmProviderSubscribeChanges0
FwpmSubLayerSetSecurityInfoByKey0
FwpmSubLayerGetSecurityInfoByKey0
FwpmProviderContextSetSecurityInfoByKey0
FwpmProviderContextGetSecurityInfoByKey0
FwpsAleEndpointEnum0
FwpsAleEndpointDestroyEnumHandle0
IPsecSaContextCreateEnumHandle0
IPsecSaContextEnum1
IPsecSaContextDestroyEnumHandle0
IkeextSaCreateEnumHandle0
IkeextSaEnum1
IkeextSaDestroyEnumHandle0
FwpmSubLayerCreateEnumHandle0
FwpmSubLayerEnum0
FwpmSubLayerDestroyEnumHandle0
FwpmSessionCreateEnumHandle0
FwpmSessionEnum0
FwpmSessionDestroyEnumHandle0
FwpmSubLayerSubscriptionsGet0
FwpmProviderContextSubscriptionsGet0
FwpmProviderSubscriptionsGet0
FwpmNetEventSubscriptionsGet0
FwpmFilterSubscriptionsGet0
FwpmCalloutSubscriptionsGet0
FwpmProviderContextSubscribeChanges0
FwpsAleEndpointCreateEnumHandle0
FwpmProviderCreateEnumHandle0
FwpmProviderEnum0
FwpmProviderDestroyEnumHandle0
FwpmLayerCreateEnumHandle0
FwpmLayerEnum0
FwpmLayerDestroyEnumHandle0
FwpmCalloutCreateEnumHandle0
FwpmCalloutEnum0
FwpmCalloutDestroyEnumHandle0
FwpmTransactionBegin0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmFilterCreateEnumHandle0
FwpmFilterEnum0
FwpmFilterDestroyEnumHandle0
FwpmProviderContextCreateEnumHandle0
FwpmProviderContextEnum1
FwpmProviderContextDestroyEnumHandle0
IPsecDospStateCreateEnumHandle0
IPsecDospStateEnum0
IPsecDospStateDestroyEnumHandle0
IPsecDospGetStatistics0
FwpmEngineSetOption0
FwpmEngineGetOption0
FwpmNetEventsLost0
FwpmSystemPortsGet0
FwpmEngineOpen0
FwpmEngineClose0
FwpmGetAppIdFromFileName0
FwpmFreeMemory0
FwpmSubLayerAdd0
FwpmSubLayerDeleteByKey0
FwpmProviderContextAdd1
FwpmProviderContextDeleteById0
FwpmProviderContextDeleteByKey0
FwpmProviderAdd0
FwpmProviderDeleteByKey0
FwpmFilterAdd0
FwpmFilterDeleteById0
FwpmFilterDeleteByKey0
FwpmCalloutAdd0
FwpmCalloutDeleteById0
FwpmCalloutDeleteByKey0
FwpmCalloutGetSecurityInfoByKey0
FwpmCalloutSetSecurityInfoByKey0
FwpmEngineGetSecurityInfo0
FwpmEngineSetSecurityInfo0
FwpmFilterGetSecurityInfoByKey0
FwpmFilterSetSecurityInfoByKey0
IkeextSaDbGetSecurityInfo0
IkeextSaDbSetSecurityInfo0
IPsecSaDbGetSecurityInfo0
IPsecSaDbSetSecurityInfo0
FwpmLayerGetSecurityInfoByKey0
FwpmLayerSetSecurityInfoByKey0
FwpmNetEventsGetSecurityInfo0
FwpmNetEventsSetSecurityInfo0
FwpmProviderGetSecurityInfoByKey0
FwpmProviderSetSecurityInfoByKey0

rpcrt4

NdrMesTypeDecode2
MesDecodeBufferHandleCreate
MesEncodeDynBufferHandleCreate
I_RpcExceptionFilter
MesHandleFree
UuidFromStringW
UuidCreate

shlwapi

PathFindExtensionW

user32

LoadStringW

kernel32

HeapReAlloc
HeapAlloc
HeapFree
HeapCreate
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
EnterCriticalSection
DisableThreadLibraryCalls
CreateFileW
InterlockedIncrement
InterlockedDecrement
DeleteFileA
CreateFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
GetSystemInfo
FileTimeToSystemTime
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime
AttachConsole
GetModuleHandleExW
DeleteFileW
CreateProcessW
GetExitCodeProcess
SetEvent
WaitForSingleObject
OpenEventW
CreateEventW
CloseHandle
GetProcAddress
GetConsoleOutputCP
FormatMessageW
GetStdHandle
WriteFile
LocalFree
WideCharToMultiByte
MultiByteToWideChar
Sleep
LeaveCriticalSection

advapi32

StartTraceW
LookupAccountNameW
ConvertSidToStringSidW
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
GetLengthSid
CloseServiceHandle
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyTransactedW
RegOpenKeyExW
LsaOpenPolicy
EnableTrace
ControlTraceW
ConvertStringSidToSidW

netsh.exe

RegisterHelper
RegisterContext
PreprocessCommand
PrintMessageFromModule
MatchEnumTag
PrintMessage

iphlpapi

GetAdaptersAddresses

slc

SLGetWindowsInformationDWORD

nsi

NsiGetAllParameters
NsiSetAllParameters

Exports

Exports

IdpConfigAddPolicy
IdpConfigAllocateAndGetPolicy
IdpConfigFreePolicy
IdpConfigInitDefaultPolicy
IdpConfigRemovePolicy
InitHelperDll
WfpCaptureExportedW

Sections

.text
Size: 526KB - Virtual size: 525KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f1a9adfa779fbf1b18a190a97b57fc9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

crypt32

fwpuclnt

rpcrt4

shlwapi

user32

kernel32

advapi32

netsh.exe

iphlpapi

slc

nsi

Exports

Exports

Sections

.text Size: 526KB - Virtual size: 525KB

.data Size: 137KB - Virtual size: 141KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 39KB - Virtual size: 39KB

.text
Size: 526KB - Virtual size: 525KB

.data
Size: 137KB - Virtual size: 141KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 39KB - Virtual size: 39KB