24609b1f576b3cd5bc80f4d0d3a7be739c85b29aefb804d15b9ee08d97535d81

Sharing

Copy URL Twitter E-mail

General

Target

24609b1f576b3cd5bc80f4d0d3a7be739c85b29aefb804d15b9ee08d97535d81
Size

817KB
MD5

130233a65dbcfab8309c56b7b7c1e3fb
SHA1

a39544f0901fe91019a6830906d98f894795015d
SHA256

24609b1f576b3cd5bc80f4d0d3a7be739c85b29aefb804d15b9ee08d97535d81
SHA512

b64164e57666eee7ceedf258b239f5e5790568884a8ba6631109bc8bb2f92a1b8124683fac46d223c3f67ad530ac50cb05933805e62b3bb1a60dfd8abf69a2f0
SSDEEP

12288:lTHgydDZSuC6Cwy2D6mTEaSOEHiJdmN1lvBm5UvVjAtcDlarscRn8if3qceLUF8y:FHget31Lm/rlJ9wWBcRn8iJc9Rn

Score

N/A

Malware Config

Signatures

Files

24609b1f576b3cd5bc80f4d0d3a7be739c85b29aefb804d15b9ee08d97535d81
.exe windows x86

8228aaa06766d7aaf105782a8f3aa2cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsA
GetConsoleAliasExesLengthW
GetConsoleNlsMode
GetNumberOfConsoleFonts
AddConsoleAliasA
IsDebuggerPresent
GetConsoleInputExeNameW
FindFirstFileA
WriteConsoleInputW
MulDiv
CreateEventW
OpenJobObjectW
EnumResourceTypesW
CreateTimerQueueTimer
VirtualAlloc
FreeEnvironmentStringsW
FatalAppExitW
GetShortPathNameW
GetStdHandle
HeapSetInformation
CmdBatNotification
GetEnvironmentVariableW
SetConsoleTitleW
GetDefaultCommConfigA
GetDiskFreeSpaceExW
GetPrivateProfileIntW
EnumResourceNamesA
WritePrivateProfileStructA
lstrlen
RegisterConsoleOS2
LoadLibraryA
_hread

netapi32

NetEnumerateComputerNames
NetLocalGroupAddMembers
NetpAddTlnFtinfoEntry
NetWkstaGetInfo
I_BrowserServerEnum
NetAuditClear
NetReplImportDirAdd
I_NetServerSetServiceBitsEx
NetpDbgPrint
DsRoleGetDatabaseFacts
NetReplExportDirSetInfo
RxNetAccessSetInfo
I_NetLogonControl
I_NetLogonControl2
NetGroupDel
NetDfsGetDcAddress
NetReplExportDirUnlock
NetpIsUncComputerNameValid
DsGetDcNextW
NetpHexDump
I_BrowserResetStatistics
DsEnumerateDomainTrustsA
NetDfsManagerGetConfigInfo
RxNetAccessGetInfo
NetLocalGroupAdd
NetpNetBiosReset
I_BrowserSetNetlogonState
NetDfsAdd
I_NetLogonUasLogoff
I_NetGetForestTrustInformation
NetUseAdd

untfs

Extend
?Write@NTFS_ATTRIBUTE@@UAEEPBXVBIG_INT@@KPAKPAVNTFS_BITMAP@@@Z
?Extend@NTFS_MASTER_FILE_TABLE@@QAEEK@Z
??1NTFS_BITMAP@@UAE@XZ
?Initialize@NTFS_BITMAP_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
Recover
?QueryClusterFactor@NTFS_SA@@QBEEXZ
??1NTFS_ATTRIBUTE_LIST@@UAE@XZ
FormatEx
??1NTFS_UPCASE_TABLE@@UAE@XZ
?Save@NTFS_INDEX_TREE@@QAEEPAVNTFS_FILE_RECORD_SEGMENT@@@Z
??0NTFS_UPCASE_TABLE@@QAE@XZ
??1NTFS_EXTENT_LIST@@UAE@XZ
?ComputeDupInfoSignature@NTFS_MFT_INFO@@CGXPAU_DUPLICATED_INFORMATION@@QAE@Z
??1NTFS_MFT_FILE@@UAE@XZ
??1NTFS_BAD_CLUSTER_FILE@@UAE@XZ
?ReadNext@NTFS_FRS_STRUCTURE@@QAEEVBIG_INT@@@Z
?Initialize@NTFS_FILE_RECORD_SEGMENT@@QAEEXZ
??1NTFS_ATTRIBUTE_RECORD@@UAE@XZ
?Flush@NTFS_FILE_RECORD_SEGMENT@@QAEEPAVNTFS_BITMAP@@PAVNTFS_INDEX_TREE@@E@Z
??0NTFS_ATTRIBUTE@@QAE@XZ
?Initialize@NTFS_BAD_CLUSTER_FILE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@@Z
?Initialize@NTFS_ATTRIBUTE@@QAEEPAVLOG_IO_DP_DRIVE@@KPBXKKPBVWSTRING@@G@Z
?Initialize@NTFS_ATTRIBUTE_DEFINITION_TABLE@@QAEEPAVNTFS_MASTER_FILE_TABLE@@E@Z
?Write@NTFS_FILE_RECORD_SEGMENT@@UAEEXZ

ntdll

ZwTranslateFilePath
CsrClientCallServer
RtlAddAce
CsrSetPriorityClass
_ftol
RtlGetNtProductType
ZwTraceEvent
strcmp
memchr
ZwPrivilegeObjectAuditAlarm
RtlConvertToAutoInheritSecurityObject
NtQueryDefaultUILanguage
ZwQueryEvent
NtOpenThread
islower
NtProtectVirtualMemory
ZwResetWriteWatch
NtReplaceKey
RtlDeleteElementGenericTableAvl
ZwReleaseSemaphore
NtDisplayString
NtReleaseSemaphore
RtlLargeIntegerShiftLeft
NtPulseEvent
RtlDuplicateUnicodeString

Sections

.text
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 177KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8228aaa06766d7aaf105782a8f3aa2cd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

netapi32

untfs

ntdll

Sections

.text Size: 408KB - Virtual size: 407KB

.rdata Size: 89KB - Virtual size: 88KB

.data Size: 177KB - Virtual size: 1.5MB

.rsrc Size: 140KB - Virtual size: 139KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 408KB - Virtual size: 407KB

.rdata
Size: 89KB - Virtual size: 88KB

.data
Size: 177KB - Virtual size: 1.5MB

.rsrc
Size: 140KB - Virtual size: 139KB

.reloc
Size: 1KB - Virtual size: 1KB