b51be42c7edb4843875d6dce6b654c95924da6a1d85b555253a3466cee9b3d90

Sharing

Copy URL

Twitter E-mail

General

Target

b51be42c7edb4843875d6dce6b654c95924da6a1d85b555253a3466cee9b3d90
Size

826KB
MD5

0da60b71e794f15c0cfa0aebb4ab4f5e
SHA1

628b2f671bf623db25cb597d83b8e43735f755a6
SHA256

b51be42c7edb4843875d6dce6b654c95924da6a1d85b555253a3466cee9b3d90
SHA512

5a25a9eafeb5687fde457237c924ee45eef555904a2328abd0fe502e4d02bd6d2b8b79767d2a2a865f82d0c926688628be01d18721a85660a714f26906ac2dd5
SSDEEP

12288:0wdfgrdpT0u5WBMLFOSBi9QHSRJw3+8MQIBFp7PbmNrUEzmKXQKhBBf7cVcRvkBf:0wVWU641S2biO8FORPbmdD7BfYVlIF

Score

N/A

Malware Config

Signatures

Files

b51be42c7edb4843875d6dce6b654c95924da6a1d85b555253a3466cee9b3d90
.exe windows x86

5ddb88c4b88b918014448068c36d148c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetHport
RasGetAutodialParamA
RasGetAutodialParamW
RasSetEntryDialParamsA
RasSetAutodialAddressW
DwEnumEntryDetails
RasSetEapUserDataW
RasDeleteEntryW
RasValidateEntryNameW
RasValidateEntryNameA
RasRenameEntryA
RasSetEntryPropertiesW
RasEnumDevicesA
RasGetLinkStatistics
RasConnectionNotificationA

kernel32

LocalFlags
BaseInitAppcompatCacheSupport
SetComputerNameExA
ReadFileEx
LZCloseFile
EraseTape
SetConsoleCtrlHandler
AddLocalAlternateComputerNameA
MapUserPhysicalPages
CreateDirectoryExW
SetConsoleTitleA
SetFileValidData
GlobalCompact
CreateEventW
GetThreadPriority
GetModuleHandleW
GetPrivateProfileSectionA
GetComputerNameA
BuildCommDCBA
LoadLibraryW
CreateFileMappingW
FatalAppExitA
GetCurrentThread
VirtualUnlock
HeapValidate
GetLastError
QueryPerformanceCounter
GetNumberOfConsoleInputEvents
FindNextFileA
LCMapStringA
CloseProfileUserMapping
GetLocaleInfoW
RegisterConsoleVDM
AddVectoredExceptionHandler
WriteConsoleW

wtsapi32

WTSRegisterSessionNotification
WTSSetSessionInformationA
WTSUnRegisterSessionNotification
WTSEnumerateProcessesA
WTSEnumerateProcessesW
WTSVirtualChannelWrite
WTSQueryUserToken
WTSFreeMemory
WTSQueryUserConfigW
WTSOpenServerA
WTSEnumerateServersW
WTSVirtualChannelPurgeOutput
WTSEnumerateSessionsW
WTSDisconnectSession
WTSQuerySessionInformationA
WTSSendMessageA
WTSQuerySessionInformationW
WTSVirtualChannelRead

netapi32

DsRoleGetDatabaseFacts
NetpwNameCompare
NetpwNameCanonicalize
NetRemoveAlternateComputerName
NetScheduleJobGetInfo
NetConfigGetAll
NetShareEnum
NetpwPathCanonicalize
I_NetServerPasswordSet2
NetReplSetInfo
I_NetDatabaseDeltas
NetLocalGroupAdd
NetDfsMove
NlBindingAddServerToCache
DsGetDcNameW
DsGetDcSiteCoverageA
NetReplExportDirUnlock

rasmontr

RutlCloseDumpFile
RutlAlloc
RutlParse
RutlStrDup
RutlCreateDumpFile
RutlAssignmentFromTokens
InitHelperDll
RutlAssignmentFromTokenAndDword

usp10

ScriptRecordDigitSubstitution
UspAllocTemp
LpkPresent
ScriptStringGetOrder
UspAllocCache
UspFreeMem
ScriptGetCMap
ScriptApplyDigitSubstitution

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ddb88c4b88b918014448068c36d148c

Headers

DLL Characteristics

File Characteristics

Imports

rasapi32

kernel32

wtsapi32

netapi32

rasmontr

usp10

Sections

.text Size: 372KB - Virtual size: 372KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 157KB - Virtual size: 1.6MB

.rsrc Size: 180KB - Virtual size: 179KB

.reloc Size: 1024B - Virtual size: 812B

.text
Size: 372KB - Virtual size: 372KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 157KB - Virtual size: 1.6MB

.rsrc
Size: 180KB - Virtual size: 179KB

.reloc
Size: 1024B - Virtual size: 812B