1e1a33738750608b792431f2677861fe52e888dcfde157f682c6adf7dd295cb7

Sharing

Copy URL Twitter E-mail

General

Target

1e1a33738750608b792431f2677861fe52e888dcfde157f682c6adf7dd295cb7
Size

875KB
MD5

0e437e4005126cfbc7a398b39de61df5
SHA1

1db3561e645da6840abe4fd52e75ce8a598a7bad
SHA256

1e1a33738750608b792431f2677861fe52e888dcfde157f682c6adf7dd295cb7
SHA512

5e61b3098653de7bae296febeec15456cf3d1bf82f2e216fb2fc5773439e712925ed9c18b4ecd545bba761a1525ca3502360a8e5ff943b80d3b30d5dfc51631e
SSDEEP

12288:JpDzJR+DG4nDBLHb/wAWVcpamg8gDPzPzHDp9xbcVLlI+AOlOaFwQdKiz2+hyPcL:ff+DtnDxUAWXrzjp91cVIOlOaF5zoLI

Score

N/A

Malware Config

Signatures

Files

1e1a33738750608b792431f2677861fe52e888dcfde157f682c6adf7dd295cb7
.exe windows x86

1a7e78b5db237884438ebe2dcbce7488

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winipsec

OpenTunnelFilterHandle
DeleteTunnelFilter
SPDApiBufferFree
OpenMMFilterHandle
GetMMPolicyByID
EnumTunnelFilters
GetMMFilter
AddQMPolicy
DeleteMMPolicy
CloseTunnelFilterHandle
CloseTransportFilterHandle
EnumIPSecInterfaces
AddTunnelFilter
SetMMPolicy
SetTransportFilter
MatchTunnelFilter
CloseMMFilterHandle
SetQMPolicy
GetMMPolicy
DeleteTransportFilter
GetQMPolicyByID
MatchTransportFilter
GetQMPolicy
EnumMMAuthMethods
SetMMFilter
AddMMPolicy

advapi32

GetLocalManagedApplications
LsaOpenTrustedDomainByName
AddAce
OpenBackupEventLogA
RegisterServiceCtrlHandlerW
RegDeleteKeyA
CredWriteA
GetWindowsAccountDomainSid
GetSecurityDescriptorSacl
GetAuditedPermissionsFromAclW
AccessCheckByTypeResultList
GetTrusteeNameA
CryptSetProvParam
SetNamedSecurityInfoExA
BuildTrusteeWithObjectsAndNameW
LsaRetrievePrivateData
RegisterIdleTask
LsaLookupPrivilegeName
RegUnLoadKeyA
RegSaveKeyA
CredReadW
CreatePrivateObjectSecurityWithMultipleInheritance
LsaLookupNames
LsaAddPrivilegesToAccount
LsaClearAuditLog
WmiDevInstToInstanceNameA
GetInheritanceSourceW

kernel32

LoadLibraryA
GetStringTypeExA
QueueUserAPC
AddLocalAlternateComputerNameW
GetModuleHandleA
EndUpdateResourceA
EnumUILanguagesA
FindNextVolumeMountPointA
WaitNamedPipeA
FindNextFileW
LocalFlags
GetConsoleFontInfo
SetCurrentDirectoryW
EnumSystemCodePagesW
lstrcmpi
ReadConsoleOutputAttribute
GlobalFindAtomA
CompareStringW
GetTickCount
GetSystemWindowsDirectoryA
GetDefaultCommConfigW
QueryInformationJobObject
CreateThread
OutputDebugStringW
GetPriorityClass
NlsGetCacheUpdateCount
RegisterConsoleIME

sqlwoa

_CreateFontIndirect@4
_trename
_GetVersionEx@4
_CreateFont@56
_ExtTextOut@32
_DefWindowProc@16
_GetDlgItemText@16
_GetObject@12
_PostMessage@16
_MessageBox@16
_GetProp@8
_LoadIcon@8
_SendMessage@16
_GetTextMetrics@8
_GetTextExtentPoint@16
newMultiByteFromWideCharSize
_GetTextExtentPoint32@16
_SetWindowText@8
_RemoveProp@8
_CreateWindowEx@48
_GetClassInfo@12
_GetDiskFreeSpaceEx@16
_DeleteFile@4
_LoadBitmap@8
_SendDlgItemMessage@20

ntdll

RtlxUnicodeStringToOemSize
RtlDeNormalizeProcessParams
RtlSetEnvironmentVariable
ZwShutdownSystem
NtNotifyChangeDirectoryFile
ZwQuerySecurityObject
RtlCompressBuffer
ZwCancelTimer
ZwAccessCheck
NtContinue
RtlMultiByteToUnicodeN
NtReplyPort
RtlFindSetBits
RtlSetTimer
RtlQueryDepthSList
wcsncat
RtlStringFromGUID
ZwQueryPortInformationProcess
PfxRemovePrefix
RtlDeleteRegistryValue
RtlInitCodePageTable
NtQueryDirectoryFile
RtlIpv4AddressToStringW
ZwUnmapViewOfSection
RtlDeleteTimer
RtlInitializeSListHead
RtlCompareString
ZwQueryTimerResolution
RtlAddAuditAccessAce
ZwReadVirtualMemory
RtlZeroMemory
RtlTraceDatabaseLock
ZwQueryOpenSubKeys
_CIlog
_wcslwr
RtlInitializeAtomPackage
RtlUpcaseUnicodeStringToOemString
iscntrl
RtlIpv4AddressToStringA
ZwSetBootOptions
RtlProtectHeap
ZwQueryBootEntryOrder
ZwQueryDefaultUILanguage
ZwQueryInstallUILanguage
RtlExtendedMagicDivide
RtlpEnsureBufferSize
ZwContinue
RtlRealSuccessor
RtlFormatMessage
ZwAcceptConnectPort
NtReadVirtualMemory
NtDeleteValueKey
RtlUnlockBootStatusData
NtSetSystemPowerState
ZwResetEvent
RtlLargeIntegerShiftRight
ZwRequestPort
NtQuerySystemEnvironmentValueEx
RtlGetDaclSecurityDescriptor
RtlEraseUnicodeString
__isascii
isalnum
NtCreateThread
NtSetLowEventPair
RtlCopySidAndAttributesArray
RtlAddAtomToAtomTable
RtlSetThreadPoolStartFunc
NtStopProfile
ZwTranslateFilePath
RtlComputePrivatizedDllName_U
NtResetWriteWatch
RtlIpv6StringToAddressW
RtlQueryTimeZoneInformation

wldap32

ldap_modify_extW
ldap_delete_ext_sW
ldap_rename_extA
ldap_modify_sA
ldap_bind_sW
ldap_modify_ext_sA
ldap_modrdn_s
ldap_parse_referenceW
ldap_startup
ldap_create_sort_controlW
ldap_add_ext_sA
ldap_simple_bind_sA
ldap_parse_extended_resultA

Sections

.text
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 178KB - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 191KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a7e78b5db237884438ebe2dcbce7488

Headers

DLL Characteristics

File Characteristics

Imports

winipsec

advapi32

kernel32

sqlwoa

ntdll

wldap32

Sections

.text Size: 401KB - Virtual size: 401KB

.rdata Size: 178KB - Virtual size: 177KB

.data Size: 191KB - Virtual size: 1.6MB

.rsrc Size: 103KB - Virtual size: 102KB

.reloc Size: 1024B - Virtual size: 944B

.text
Size: 401KB - Virtual size: 401KB

.rdata
Size: 178KB - Virtual size: 177KB

.data
Size: 191KB - Virtual size: 1.6MB

.rsrc
Size: 103KB - Virtual size: 102KB

.reloc
Size: 1024B - Virtual size: 944B