ec4a77a29d3f2ec6708c97223cb697c4cf066aa146b5c64d97cbdc535262c23c

Sharing

Copy URL Twitter E-mail

General

Target

ec4a77a29d3f2ec6708c97223cb697c4cf066aa146b5c64d97cbdc535262c23c
Size

829KB
MD5

0d30172ed28580279f200ad4d44395b0
SHA1

946326b851ce367e1940f0cb23ca9afdf9df52bb
SHA256

ec4a77a29d3f2ec6708c97223cb697c4cf066aa146b5c64d97cbdc535262c23c
SHA512

d644cdcbb20962667ed864d5a99cd10127e41edf302f666b1bed46abce158d69816aab60d039134c0d00ad6192b1733b9bb7ee9f8e62823a1a1c2ed79565821d
SSDEEP

24576:yFyK6ylBu7GabjrHx2NOqmgqU/Xv7nnR+6UKt:yFyfylBD2jts95q01J

Score

N/A

Malware Config

Signatures

Files

ec4a77a29d3f2ec6708c97223cb697c4cf066aa146b5c64d97cbdc535262c23c
.exe windows x86

3d0e515368cdd28d63351a579420f8e0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mapi32

HrQueryAllRows@24
EnableIdleRoutine@8
ScUNCFromLocalPath@12
MAPILogonEx
MNLS_lstrcmpW@8
ScInitMapiUtil@4
GetAttribIMsgOnIStg@12
HrAllocAdviseSink@12
FreePadrlist@4
HrSetOneProp@8
SzFindLastCh@8
PpropFindProp@12
FGetComponentPath@20
HexFromBin@12
HrDecomposeMsgID@24
DeinitMapiUtil@0

netapi32

DsRoleFreeMemory
I_NetGetForestTrustInformation
DsRoleAbortDownlevelServerUpgrade
DsGetDcNameA
NetpMergeFtinfo
I_NetServerSetServiceBitsEx
NetScheduleJobGetInfo
I_BrowserResetNetlogonState
I_NetlogonComputeServerDigest
I_NetAccountDeltas
I_NetServerAuthenticate
I_BrowserServerEnum
NetUseDel
I_NetServerTrustPasswordsGet
NetGroupDel
I_NetLogonUasLogon
NetWkstaUserEnum
NetScheduleJobAdd
NetLocalGroupDel
NetReplExportDirEnum
NetDfsRemoveStdRoot
NetDfsRename

samlib

SamGetAliasMembership
SamRemoveMemberFromForeignDomain
SamGetDisplayEnumerationIndex
SamDeleteGroup
SamQueryInformationAlias
SamRemoveMultipleMembersFromAlias
SamSetSecurityObject
SamEnumerateGroupsInDomain
SamiSetDSRMPassword
SamConnectWithCreds
SamGetGroupsForUser
SamRemoveMemberFromGroup
SamQuerySecurityObject

cfgmgr32

CM_Run_Detection_Ex
CM_Get_Device_Interface_Alias_ExA
CM_Get_Global_State
CM_Free_Res_Des_Handle
CM_Get_Class_Name_ExW
CM_Get_Parent_Ex
CM_Delete_DevNode_Key
CM_Register_Device_InterfaceW
CM_Get_DevNode_Registry_Property_ExA
CM_Get_Hardware_Profile_InfoW
CM_Open_Class_KeyW

ntdll

RtlEnumerateGenericTableWithoutSplayingAvl
ZwSetEaFile
ZwSetDefaultUILanguage
NtStopProfile
NtSetSystemTime
RtlFormatMessage
NtReplyWaitReceivePortEx
NtQuerySystemTime
RtlReAllocateHeap
NtResetWriteWatch
NtDeviceIoControlFile
_aullshr
RtlQueryRegistryValues
ZwOpenEvent
RtlIdentifierAuthoritySid
RtlAnsiCharToUnicodeChar
ZwSetSystemEnvironmentValueEx
ZwReadVirtualMemory
RtlAppendAsciizToString
ZwQuerySystemEnvironmentValue
ZwFlushKey
RtlVerifyVersionInfo
NtSetInformationFile

kernel32

DeleteTimerQueue
GetFileInformationByHandle
OpenEventA
GetNumberOfConsoleFonts
FindNextChangeNotification
ReleaseActCtx
SetTapeParameters
ExpandEnvironmentStringsW
LoadLibraryW
ConvertFiberToThread
FatalAppExitW
ShowConsoleCursor
SetLocaleInfoA
GetCurrentProcessId
GetOEMCP
RemoveDirectoryA
GetSystemWindowsDirectoryA
IsBadCodePtr
GetModuleHandleA

advapi32

RemoveTraceCallback
SystemFunction025
OpenSCManagerW
A_SHAUpdate
SetServiceStatus
EnumDependentServicesW
ElfBackupEventLogFileA
SaferGetPolicyInformation
EnableTrace
ConvertSecurityDescriptorToAccessW
RegNotifyChangeKeyValue
SaferSetPolicyInformation
WmiDevInstToInstanceNameA
ChangeServiceConfigA
WmiExecuteMethodA
ConvertAccessToSecurityDescriptorA
MD5Init
RegDeleteValueW
ReadEventLogW
QueryServiceConfig2W
SystemFunction035
SetEntriesInAclW
UninstallApplication
SystemFunction011
InitializeAcl

Sections

.text
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 181KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d0e515368cdd28d63351a579420f8e0

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

netapi32

samlib

cfgmgr32

ntdll

kernel32

advapi32

Sections

.text Size: 392KB - Virtual size: 391KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 181KB - Virtual size: 1.6MB

.rsrc Size: 163KB - Virtual size: 162KB

.reloc Size: 1024B - Virtual size: 848B

.text
Size: 392KB - Virtual size: 391KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 181KB - Virtual size: 1.6MB

.rsrc
Size: 163KB - Virtual size: 162KB

.reloc
Size: 1024B - Virtual size: 848B