f09850c20ab0a5478868ceeefb8b70464b8d14612e0e9b8aab7d69c772d255ab

Sharing

Copy URL Twitter E-mail

General

Target

f09850c20ab0a5478868ceeefb8b70464b8d14612e0e9b8aab7d69c772d255ab
Size

831KB
MD5

04d9686d08a3b025fdfde2cdf79cd8f5
SHA1

42ca75b2ece7ab9cf8468c23b57328f58067f425
SHA256

f09850c20ab0a5478868ceeefb8b70464b8d14612e0e9b8aab7d69c772d255ab
SHA512

7e840d5cce073421ff51d9fb1bb4bdf65fc057f7c9aff75968bca004ec91ac263f44fbf0f52edd859a0443492be9a839917504f6016e2f809bec2e02470b1545
SSDEEP

24576:I58Jo45IRhwAL4yx6rS6/ffBCHlgU0BUN:I58L5IDwGxTA

Score

N/A

Malware Config

Signatures

Files

f09850c20ab0a5478868ceeefb8b70464b8d14612e0e9b8aab7d69c772d255ab
.exe windows x86

ae22df3957d66c260b8d63284a3266b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetAce
ReadEventLogA
RegEnumKeyA
I_ScSetServiceBitsA
GetSecurityDescriptorControl
SetNamedSecurityInfoExW
RegisterEventSourceW
TreeResetNamedSecurityInfoW
CredReadDomainCredentialsW
QueryServiceConfigA
ReportEventA
GetUserNameA
LookupAccountNameA
GetSecurityInfoExW
EnumServicesStatusExA
WmiReceiveNotificationsW
LogonUserW
A_SHAUpdate
ConvertStringSDToSDDomainW
ConvertAccessToSecurityDescriptorW
CryptDestroyHash
GetSidSubAuthority
RegisterIdleTask
LsaLookupPrivilegeValue
BuildTrusteeWithSidW
SaferSetPolicyInformation
SetSecurityInfoExW
AccessCheckByTypeResultListAndAuditAlarmW
CredpConvertTargetInfo

rasman

RasSetKey
RasPortSend
RasServerPortClose
RasGetHportFromConnection
RasPortStoreUserData
RasGetUserCredentials
RasRpcConnectServer
RasGetDialParams
RasRegisterRedialCallback
RasSetConnectionParams
RasConnectionEnum
RasRpcGetUserPreferences
RasPortGetBundle
RasPortDisconnect
RasPortCancelReceive
RasPortOpen

untfs

??0NTFS_MFT_FILE@@QAE@XZ
??1NTFS_ATTRIBUTE_LIST@@UAE@XZ
??1NTFS_UPCASE_TABLE@@UAE@XZ
?GetNext@NTFS_INDEX_TREE@@QAEPBU_INDEX_ENTRY@@PAKPAEE@Z
?GetNextAttributeRecord@NTFS_FRS_STRUCTURE@@QAEPAXPBXPAVMESSAGE@@PAE@Z
??0NTFS_UPCASE_FILE@@QAE@XZ
?Read@NTFS_SA@@QAEEPAVMESSAGE@@@Z
?QueryAttributeList@NTFS_FRS_STRUCTURE@@QAEEPAVNTFS_ATTRIBUTE_LIST@@@Z
??0NTFS_FRS_STRUCTURE@@QAE@XZ
??1NTFS_BITMAP@@UAE@XZ
?QueryAttributeListAttribute@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_ATTRIBUTE@@PAE@Z
?ResetIterator@NTFS_INDEX_TREE@@QAEXXZ
??1NTFS_BAD_CLUSTER_FILE@@UAE@XZ
??0NTFS_ATTRIBUTE@@QAE@XZ
??0NTFS_UPCASE_TABLE@@QAE@XZ
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
?Relocate@NTFS_CLUSTER_RUN@@QAEXVBIG_INT@@@Z
??1NTFS_BOOT_FILE@@UAE@XZ
?AddSecurityDescriptor@NTFS_FILE_RECORD_SEGMENT@@QAEEW4_CANNED_SECURITY_TYPE@@PAVNTFS_BITMAP@@@Z
?Read@NTFS_SA@@UAEEXZ
??1NTFS_BITMAP_FILE@@UAE@XZ
??0NTFS_ATTRIBUTE_RECORD@@QAE@XZ
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEVBIG_INT@@PAVNTFS_MFT_FILE@@@Z
?Initialize@NTFS_BOOT_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?QueryFileReference@NTFS_INDEX_TREE@@QAEEKPAXKPAU_MFT_SEGMENT_REFERENCE@@PAE@Z

kernel32

HeapCreate
SetComputerNameExW
QueryInformationJobObject
IsDBCSLeadByte
SetLocaleInfoA
RemoveDirectoryW
SetCommConfig
lstrcmpi
GetOEMCP
SetThreadContext
BackupSeek
GetCompressedFileSizeW
_hwrite
GetConsoleAliasExesW
ReleaseSemaphore
SetCriticalSectionSpinCount
LoadLibraryW
RequestDeviceWakeup
GlobalUnlock
FindResourceA
CreateThread
GetBinaryTypeW

gdi32

Ellipse
DdEntry52
UpdateICMRegKeyW
GdiEntry1
ExcludeClipRect
DdEntry8
EngTransparentBlt
GdiEntry10
CreateEnhMetaFileA
GdiEndPageEMF

Sections

.text
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae22df3957d66c260b8d63284a3266b3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

rasman

untfs

kernel32

gdi32

Sections

.text Size: 363KB - Virtual size: 362KB

.rdata Size: 161KB - Virtual size: 161KB

.data Size: 157KB - Virtual size: 1.6MB

.rsrc Size: 147KB - Virtual size: 147KB

.reloc Size: 1024B - Virtual size: 828B

.text
Size: 363KB - Virtual size: 362KB

.rdata
Size: 161KB - Virtual size: 161KB

.data
Size: 157KB - Virtual size: 1.6MB

.rsrc
Size: 147KB - Virtual size: 147KB

.reloc
Size: 1024B - Virtual size: 828B