2a72404e20bcd8b988c45fe83c069c97b7503ee2827205be486de6ee5f260813

Sharing

Copy URL Twitter E-mail

General

Target

2a72404e20bcd8b988c45fe83c069c97b7503ee2827205be486de6ee5f260813
Size

874KB
MD5

04adb59b031df64e9064c182321ef0cc
SHA1

a356dd39bb03874a83239609444a6744938217ef
SHA256

2a72404e20bcd8b988c45fe83c069c97b7503ee2827205be486de6ee5f260813
SHA512

087d5af45fbe48ae8fc190277d78ab1fdc2ada238e9317eeeb3a5c60e1bdc95551de6c87cdd5220f505597163ffdd1cd80b96e539578ff8913bcacebe337bfba
SSDEEP

24576:fbsxD75gSbCPQ5Jl+h3PjrhrgMaxh5Fo7AvM72jf:D+FlbOygjrhrgHns79S

Score

N/A

Malware Config

Signatures

Files

2a72404e20bcd8b988c45fe83c069c97b7503ee2827205be486de6ee5f260813
.exe windows x86

ec252f991b945dad2a4041b400266772

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlunirl

_ChooseColor_@4
_AddFontResource_@4
_RegRestoreKey_@12
_QueryServiceLockStatus_@16
_CreateFile@28
_SetCurrentDirectory_@4
_SetMenuItemInfo_@16
_GetTempFileName_@16
_lstrcpy_@8
_RegCreateKeyEx_@36
_DeviceCapabilities_@20
_GetKeyNameText_@12
_RegSaveKey_@12
_GetOutlineTextMetrics_@12
_LookupAccountSid_@28
_GetFileSecurity_@20
_DefDlgProc_@16
_OpenSemaphore_@12
_RegUnLoadKey_@8
_GetDiskFreeSpace_@20
_NDdeShareDel_@12
_CreateFontIndirect@4
_CharUpperBuff_@8
_CreateDirectoryEx_@12
_CreateStatusWindow_@16
_ReportEvent_@36
_EnumDisplaySettings_@12

winsta

ServerLicensingLoadPolicy
ServerLicensingGetPolicy
WinStationInstallLicense
WinStationGetLanAdapterNameA
ServerLicensingSetPolicy
WinStationUnRegisterConsoleNotification
WinStationConnectCallback
WinStationFreeGAPMemory
WinStationQueryUpdateRequired
WinStationSendMessageW
ServerGetInternetConnectorStatus
WinStationEnumerateW

scecli

SceDcPromoCreateGPOsInSysvolEx
SceSetupUpdateSecurityKey
SceAddToNameStatusList
InitializeChangeNotify
SceSetupGenerateTemplate
SceSetupUnwindSecurityFile
SceSvcGetInformationTemplate
SceBrowseDatabaseTable
SceGetTimeStamp
SceAddToNameList
SceConfigureConvertedFileSecurity
DllRegisterServer
SceEnforceSecurityPolicyPropagation
SceRegisterRegValues
SceGetServerProductType
SceGetSecurityProfileInfo
SceDcPromoteSecurity
SceGetAnalysisAreaSummary
SceSysPrep
SceStartTransaction
SceSetupMoveSecurityFile
SceAddToObjectList
SceEnumerateServices
SceSvcFree
SceCopyBaseProfile
SceSvcSetInformationTemplate
SceSetupUpdateSecurityService
SceProcessSecurityPolicyGPOEx
SceSvcSetInfo
SceAnalyzeSystem
SceSetupBackupSecurity
SceSetupSystemByInfName
SceCloseProfile
SceGetDatabaseSetting
SceOpenProfile
SceSvcQueryInfo
SceSetupRootSecurity
SceFreeProfileMemory
SceOpenPolicy
SceGetObjectChildren
SceSvcConvertTextToSD

kernel32

WriteConsoleOutputW
UnlockFile
LoadLibraryW
GlobalAddAtomA
QueryDepthSList
ActivateActCtx
SetLocalPrimaryComputerNameA
GetCurrentThread
DeleteFileA
GlobalSize
GetModuleHandleW
RemoveDirectoryW
OpenFileMappingA
TransactNamedPipe
UnregisterWait
HeapSummary
IsValidCodePage
GetModuleHandleExW
OpenJobObjectA
GetThreadLocale
GetConsoleScreenBufferInfo

advapi32

MD5Update
RegisterServiceCtrlHandlerExA
IsValidAcl
LsaSetDomainInformationPolicy
RegisterServiceCtrlHandlerA
LsaDeleteTrustedDomain
LookupAccountNameA
DuplicateToken
CryptHashSessionKey
ElfReportEventA

Sections

.text
Size: 435KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 199KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ec252f991b945dad2a4041b400266772

Headers

DLL Characteristics

File Characteristics

Imports

sqlunirl

winsta

scecli

kernel32

advapi32

Sections

.text Size: 435KB - Virtual size: 435KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 199KB - Virtual size: 1.7MB

.rsrc Size: 122KB - Virtual size: 121KB

.reloc Size: 1024B - Virtual size: 892B

.text
Size: 435KB - Virtual size: 435KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 199KB - Virtual size: 1.7MB

.rsrc
Size: 122KB - Virtual size: 121KB

.reloc
Size: 1024B - Virtual size: 892B