623576f5b2287fcd8e5bd12e7a80ce3f5baaf8576d474436fe122e9757ac54bd

General

Target

623576f5b2287fcd8e5bd12e7a80ce3f5baaf8576d474436fe122e9757ac54bd
Size

116KB
MD5

3b49f4b3d03fe20f3b004fe6e839a1e0
SHA1

6b5aca6600df6c8f742f4553780782ff8d0cec75
SHA256

623576f5b2287fcd8e5bd12e7a80ce3f5baaf8576d474436fe122e9757ac54bd
SHA512

a16ed58f3f8fc35e02b6d3964fa62047a03701d3cff3dd0c86865cfb58affd78039c0db9d06d93e31ea05c1c480688d54e609177b6fbe36b35e33f6cbd1f739f
SSDEEP

3072:ft1sglpfg4iSB3UTd/Ax4HrLGtfQIugX+QiBMRie/uo:1bY4iGEex4GfXugutMRbuo

Score

N/A

Malware Config

Signatures

Files

623576f5b2287fcd8e5bd12e7a80ce3f5baaf8576d474436fe122e9757ac54bd
.dll windows x86

caddd9e268e5bc2a8b67248bc1f72836

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
lstrcpynA
WideCharToMultiByte
FormatMessageA
LocalFree
HeapAlloc
MultiByteToWideChar
GetProcessHeap
GetCurrentThread
HeapReAlloc
HeapFree
GlobalAlloc
GetLastError
GetCurrentProcess
lstrcpyA

advapi32

LsaRemoveAccountRights
LsaAddAccountRights
OpenProcessToken
OpenThreadToken
ControlService
DeleteService
StartServiceA
OpenServiceA
OpenSCManagerA
QueryServiceStatus
CloseServiceHandle
LsaEnumerateAccountRights
EnumServicesStatusA
LsaNtStatusToWinError
LsaClose
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
LsaFreeMemory
LsaOpenPolicy
LookupAccountNameW

msvcrt

malloc
wcslen
memset
free
strstr
_except_handler3
_strlwr
_stricmp
_itoa

Exports

Exports

GetServiceNameFromDisplayName
GrantLogonAsAService
HasLogonAsAService
IsProcessUserAdministrator
IsServiceInstalled
IsServiceRunning
RemoveLogonAsAService
SendServiceCommand

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

caddd9e268e5bc2a8b67248bc1f72836

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 356B

.reloc Size: 512B - Virtual size: 408B

.text Size: 108KB - Virtual size: 112KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 356B

.reloc
Size: 512B - Virtual size: 408B

.text
Size: 108KB - Virtual size: 112KB