ffda9bdc46be26d0d9e351a31800ab399f96b76b2950904cd4e3ece73a5a9d89

Sharing

Copy URL Twitter E-mail

General

Target

ffda9bdc46be26d0d9e351a31800ab399f96b76b2950904cd4e3ece73a5a9d89
Size

346KB
MD5

0b423207d73e1c66f193c9070ec545c0
SHA1

972c1636584463f6d6a60dd1d288abdcc71f9c63
SHA256

ffda9bdc46be26d0d9e351a31800ab399f96b76b2950904cd4e3ece73a5a9d89
SHA512

e77dc9c00f6081f5bfcb326e14b88bdaf450651c7c3b4923982338131308d4f18e7518c0e1a4835b0dcae1ef73ae8d2a9cf58beff6450cc85ca5fbd56a9e92f2
SSDEEP

6144:kKYj3NAilR0FcmjUmCwiz+jdMnIH3FXH3nXH3n63hQ:a3NAif0Fcehiz+jsIH3FXH3nXH3n63S

Score

N/A

Malware Config

Signatures

Files

ffda9bdc46be26d0d9e351a31800ab399f96b76b2950904cd4e3ece73a5a9d89
.exe windows x86

669877872fcb400dee1ec1a2b6f80a5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

FreeSid
RegCloseKey
RegSetKeySecurity
EqualSid
GetAce
GetAclInformation
GetSecurityDescriptorDacl
AllocateAndInitializeSid
RegGetKeySecurity
RegOpenKeyExA
SystemFunction025
SystemFunction027
RegQueryValueExA
RegQueryValueExW
RegConnectRegistryW
RegSetValueExA
AbortSystemShutdownA
InitiateSystemShutdownExA
CryptAcquireContextW

kernel32

CreateThread
CreateEventW
SetMailslotInfo
GetComputerNameW
InitializeCriticalSection
Sleep
LocalFree
GetModuleHandleW
LeaveCriticalSection
SetThreadUILanguage
GetConsoleOutputCP
GetProcessHeap
HeapAlloc
SetEvent
HeapFree
lstrlenA
CreateMailslotA
CreateFileW
WriteFile
LocalAlloc
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
InterlockedExchange
CloseHandle
DeleteCriticalSection
ReadFile
GetLastError
EnterCriticalSection
GetLocalTime
GetOverlappedResult
WaitForMultipleObjects
WaitForSingleObject
GetStdHandle

msvcrt

?terminate@@YAXXZ
_controlfp
free
isleadbyte
_iob
_snprintf
_itoa
printf
_wsetlocale
_vsnwprintf
time
srand
wctomb
rand
memcpy
strchr
iswctype
strtol
strtoul
_strnicmp
_stricmp
fprintf
__iob_func
_errno
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
malloc
fwprintf
memmove
memset
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs

ntdsapi

DsBindW
DsGetDomainControllerInfoW
DsFreeDomainControllerInfoW
DsUnBindW

logoncli

DsGetForestTrustInformationW
DsGetDcNameWithAccountW
I_NetLogonControl
I_NetLogonControl2
NetLogonGetTimeServiceParentDomain
NetGetDCName
I_NetGetDCList
DsEnumerateDomainTrustsA
DsGetDcNameW
DsAddressToSiteNamesExA
DsGetDcNameA
DsGetDcSiteCoverageA
DsGetSiteNameA
I_NetlogonComputeServerDigest
DsDeregisterDnsHostRecordsA
DsGetDcOpenA
DsGetDcNextA
DsGetDcCloseW
I_NetlogonGetTrustRid
I_NetlogonComputeClientDigest

rpcrt4

RpcStringFreeW
UuidToStringW
RpcStringFreeA
UuidToStringA
UuidFromStringA

ws2_32

htonl
ntohs
WSAStartup
WSACleanup
getaddrinfo
WSAAddressToStringA
freeaddrinfo
WSAStringToAddressA
WSAGetLastError

ntdll

RtlInitAnsiString
NlsMbCodePageTag
RtlxAnsiStringToUnicodeSize
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlxUnicodeStringToOemSize
RtlUpcaseUnicodeStringToOemString
RtlInitString
NlsMbOemCodePageTag
RtlOemStringToUnicodeString
RtlLengthSid
RtlUnwind
RtlSystemTimeToLocalTime
RtlTimeToTimeFields
RtlConvertSidToUnicodeString
RtlFreeUnicodeString

netutils

NetApiBufferAllocate
NetApiBufferFree
NetpwNameCompare

bcrypt

BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptGetProperty
BCryptDestroyKey
BCryptEncrypt
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptDecrypt
BCryptDestroyHash

user32

LoadStringW

Sections

.text
Size: 242KB - Virtual size: 241KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

669877872fcb400dee1ec1a2b6f80a5b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdsapi

logoncli

rpcrt4

ws2_32

ntdll

netutils

bcrypt

user32

Sections

.text Size: 242KB - Virtual size: 241KB

.data Size: 56KB - Virtual size: 93KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 45KB - Virtual size: 46KB

.text
Size: 242KB - Virtual size: 241KB

.data
Size: 56KB - Virtual size: 93KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 45KB - Virtual size: 46KB