956ce9d26d65a9f1cdfb4f73665229efb83499176313bc61d175c22fb40d1714

Sharing

Copy URL Twitter E-mail

General

Target

956ce9d26d65a9f1cdfb4f73665229efb83499176313bc61d175c22fb40d1714
Size

268KB
MD5

98c5c2c1415afd95d8654e1a0ca96767
SHA1

65b8679d7e01ab1d60843c0db081f89b089eb27b
SHA256

956ce9d26d65a9f1cdfb4f73665229efb83499176313bc61d175c22fb40d1714
SHA512

8a3effc263a566f006ff4eb649226443825cf725ad067ebb6cd8bda356a03ee215f055b00777e3ad81a0708ddf24a3cfb8d5e14002d36afc29acd469e1149ef1
SSDEEP

6144:lgbOhz29WEzBU4qtmrzYOkE/YFRVMf+vv70Ga66eqlY5J:lgqJ/gBU4q2odFb36elD

Score

N/A

Malware Config

Signatures

Files

956ce9d26d65a9f1cdfb4f73665229efb83499176313bc61d175c22fb40d1714
.exe windows x86

2dfebe404adc52ccc83608b450e94f06

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

ClusterNodeOpenEnum
ClusterRegEnumKey
GetClusterResourceNetworkName
ClusterResourceEnum
GetClusterNetInterfaceKey
MoveClusterGroup
ClusterRegEnumValue
AddClusterResourceNode
ClusterGroupEnum
ClusterRegSetKeySecurity
OpenCluster
ClusterRegQueryValue
ClusterResourceTypeControl
ClusterEnum
ClusterNetInterfaceControl
CreateClusterResource
GetClusterNetworkId
GetClusterGroupKey
ClusterGroupOpenEnum
CloseClusterResource
GetClusterResourceState
GetClusterNotify
GetClusterNetworkKey
ClusterResourceCloseEnum
ClusterCloseEnum
ClusterRegGetKeySecurity
OnlineClusterResource
GetClusterNodeId
CreateClusterGroup
DeleteClusterResourceType
GetClusterGroupState
CreateClusterNotifyPort
DeleteClusterGroup
CloseClusterNetInterface
FailClusterResource
ClusterRegCloseKey
OpenClusterGroup
CreateClusterResourceType
EvictClusterNode
GetClusterNetInterfaceState
RemoveClusterResourceDependency
ClusterRegSetValue
DeleteClusterResource
ClusterNodeEnum
RemoveClusterResourceNode
ClusterRegCreateKey
CanResourceBeDependent
GetClusterNetInterface

user32

RegisterClassExA
CreateWindowExW

advapi32

QueryServiceConfig2A
ObjectDeleteAuditAlarmW
LsaQueryTrustedDomainInfo
GetTokenInformation
OpenServiceA
LsaSetDomainInformationPolicy
StartServiceCtrlDispatcherW
GetExplicitEntriesFromAclA
GetSidSubAuthority
LsaSetTrustedDomainInfoByName
LsaQueryTrustedDomainInfoByName
LsaSetTrustedDomainInformation
GetSecurityDescriptorLength
GetEffectiveRightsFromAclA
SetSecurityDescriptorSacl
ObjectCloseAuditAlarmA
RegLoadKeyA
OpenBackupEventLogA
GetTrusteeFormW
RegRestoreKeyW
LookupAccountSidW
GetSidIdentifierAuthority
RegQueryMultipleValuesW
LsaClose
RegSetValueA
GetSecurityDescriptorDacl
InitiateSystemShutdownA
RegEnumKeyA
GetTrusteeFormA
RegUnLoadKeyA
PrivilegedServiceAuditAlarmA
ReadEventLogA
OpenSCManagerW
LsaFreeMemory
LsaEnumerateTrustedDomains
GetUserNameW
RegisterServiceCtrlHandlerA
RegReplaceKeyW
LsaEnumerateAccountsWithUserRight
RegOpenKeyW
LsaSetInformationPolicy
LookupPrivilegeNameA
RegQueryInfoKeyA
StartServiceA
GetSecurityDescriptorSacl
InitializeSid
SetThreadToken
IsValidSecurityDescriptor
FindFirstFreeAce
ObjectCloseAuditAlarmW
LogonUserW
ObjectDeleteAuditAlarmA
RegCloseKey
LookupPrivilegeValueW
OpenBackupEventLogW
GetNamedSecurityInfoW
ImpersonateSelf
LsaLookupNames
InitializeSecurityDescriptor
LookupPrivilegeValueA
QueryServiceConfigA
MapGenericMask
GetFileSecurityW
LsaQueryInformationPolicy
GetKernelObjectSecurity
RegEnumKeyW
ObjectOpenAuditAlarmA
RegCreateKeyA
GetTrusteeTypeA
LookupPrivilegeDisplayNameW
RegQueryMultipleValuesA
PrivilegeCheck
RegCreateKeyW
GetTrusteeNameA
RegDeleteKeyW
RegNotifyChangeKeyValue
RegSetKeySecurity
GetNamedSecurityInfoA
RegSetValueExA
LookupAccountSidA
GetServiceDisplayNameA
RegOpenKeyExA
GetPrivateObjectSecurity
GetMultipleTrusteeA
SetNamedSecurityInfoW
GetServiceDisplayNameW
RegGetKeySecurity
QueryServiceStatus
LookupPrivilegeNameW
RegQueryInfoKeyW
GetSecurityInfo
GetSecurityDescriptorOwner
LsaNtStatusToWinError
RegOverridePredefKey
GetAce
InitiateSystemShutdownW
LsaRetrievePrivateData
LookupPrivilegeDisplayNameA
RegEnumKeyExA
SetAclInformation
QueryServiceConfigW
RegisterServiceCtrlHandlerW
IsValidAcl
RegReplaceKeyA
LsaLookupSids
RegSaveKeyW
RegOpenKeyA
SetPrivateObjectSecurity

msvcrt

_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__dllonexit
_onexit

kernel32

GetStartupInfoA
GetModuleHandleA

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2dfebe404adc52ccc83608b450e94f06

Headers

File Characteristics

Imports

clusapi

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 274KB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 274KB

.rsrc
Size: 20KB - Virtual size: 17KB