e18d079837e5efc0cfd912a51f2bb5aef3963a1d5d1748a2847825d1c84fb816

Sharing

Copy URL Twitter E-mail

General

Target

e18d079837e5efc0cfd912a51f2bb5aef3963a1d5d1748a2847825d1c84fb816
Size

501KB
MD5

0a5ecd6423f82b4780a37b18b25e4030
SHA1

964efbc9ac050054f6b78903708c5913c01c9e0b
SHA256

e18d079837e5efc0cfd912a51f2bb5aef3963a1d5d1748a2847825d1c84fb816
SHA512

03902ebb4635e5b83ba3a01c8d7191a3e6198d0d101e1eab286e7ae66eb59c63b5f5d155991a797834430494925285051c97f625c4817f622bb87072056a97cf
SSDEEP

12288:fLrgV2bhQxaZRQ1kJASqNQ7H/KL34FfJvWN:TA2b2oZkkJAJu7fpJ

Score

N/A

Malware Config

Signatures

Files

e18d079837e5efc0cfd912a51f2bb5aef3963a1d5d1748a2847825d1c84fb816
.dll windows x64

92d42c80597c09f35b90077e57c32f4f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_wtoi
memmove
_purecall
wcschr
_wcsicmp
towupper
wcsstr
_wcsnicmp
_vsnwprintf
__C_specific_handler
_unlock
__dllonexit
malloc
_onexit
memset
_vsnprintf
memcpy
memcmp
_ultow
wcscpy_s
_initterm
free
_lock
_amsg_exit
_XcptFilter
ceil

rpcrt4

RpcStringFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcBindingVectorFree
RpcBindingFromStringBindingW
RpcAsyncCancelCall
RpcBindingSetObject
RpcBindingCreateW
RpcBindingBind
RpcBindingUnbind
RpcBindingServerFromClient
RpcRevertToSelf
I_RpcFilterDCOMActivation
RpcMgmtEnableIdleCleanup
RpcStringBindingComposeW
RpcRaiseException
NdrServerCall2
I_RpcExceptionFilter
NdrClientCall2
Ndr64AsyncClientCall
RpcServerInqBindings
I_RpcBindingInqMarshalledTargetInfo
I_RpcBindingInqWireIdForSnego
RpcBindingSetOption
RpcRevertToSelfEx
RpcImpersonateClient
I_RpcBindingInqLocalClientPID
I_RpcBindingInqTransportType
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
NdrAsyncServerCall
NdrAsyncClientCall
MesEncodeFixedBufferHandleCreate
MesDecodeBufferHandleCreate
MesHandleFree
NdrMesTypeDecode2
NdrMesTypeAlignSize2
NdrMesTypeEncode2
RpcErrorGetNextRecord
RpcErrorEndEnumeration
RpcErrorResetEnumeration
RpcErrorStartEnumeration
RpcErrorSaveErrorInfo
UuidCreate
RpcServerRegisterAuthInfoW
RpcMgmtSetServerStackSize
RpcMgmtIsServerListening
RpcServerListen
RpcServerUseProtseqEpExW
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoExW
RpcBindingReset
RpcBindingCopy
RpcBindingFree
RpcServerRegisterIfEx

ntdll

RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAce
RtlCreateAcl
RtlCreateVirtualAccountSid
NtQueryMutant
NtDuplicateToken
RtlSubAuthoritySid
RtlInitializeSid
RtlLengthRequiredSid
NtAllocateLocallyUniqueId
WinSqmSetDWORD
RtlAllocateAndInitializeSid
NtClose
NtQueryInformationFile
NtOpenFile
RtlFreeUnicodeString
RtlCreateUnicodeString
RtlLengthSid
RtlNtStatusToDosError
RtlGetSaclSecurityDescriptor
RtlCopySid
NtOpenKey
NtQueryKey
RtlInitializeCriticalSectionAndSpinCount
NtQuerySystemInformation
EtwGetTraceLoggerHandle
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
NtQueryInformationToken
NtCompareTokens
RtlEqualSid
RtlDeleteCriticalSection
RtlImageNtHeader
RtlAllocateHeap
RtlFreeHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitializeCriticalSection
RtlEqualUnicodeString
RtlInitUnicodeString
EtwTraceMessage

api-ms-win-core-localregistry-l1-1-0

RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegOpenUserClassesRoot
RegLoadMUIStringW
RegGetValueW
RegSetValueExW
RegCloseKey

api-ms-win-security-base-l1-1-0

GetSidSubAuthority
GetAce
GetSidLengthRequired
RevertToSelf
ImpersonateAnonymousToken
CopySid
GetTokenInformation
EqualSid
IsValidSid
CreateWellKnownSid
GetLengthSid
FreeSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
GetSecurityDescriptorLength
AccessCheck
SetTokenInformation
DuplicateTokenEx
CheckTokenMembership
ImpersonateLoggedOnUser
DuplicateToken
InitializeSid

api-ms-win-service-core-l1-1-0

RegisterServiceCtrlHandlerExW
SetServiceStatus

api-ms-win-service-winsvc-l1-1-0

ControlService
QueryServiceStatus

api-ms-win-service-management-l1-1-0

OpenServiceW
StartServiceW
OpenSCManagerW
CloseServiceHandle

api-ms-win-service-management-l2-1-0

QueryServiceStatusEx

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

sspicli

FreeContextBuffer
EnumerateSecurityPackagesW
LogonUserExExW

kernel32

GetSystemWow64DirectoryW
GetSystemDirectoryW
SearchPathW
OpenFileMappingW
CreateFileW
UnmapViewOfFile
MapViewOfFile
InterlockedPushEntrySList
SetLastError
CreateFileMappingW
GetModuleHandleW
LoadLibraryExW
FindActCtxSectionGuid
GetModuleHandleExW
MapViewOfFileEx
ReleaseActCtx
FindActCtxSectionStringW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockShared
AddRefActCtx
GetDriveTypeW
TlsSetValue
OpenProcess
InitializeCriticalSection
IsWow64Process
GetComputerNameExW
OpenEventW
ExpandEnvironmentStringsW
GetVersionExW
WaitForMultipleObjects
GetExitCodeProcess
CompareFileTime
CheckElevationEnabled
GetFullPathNameW
CreateMutexW
SetThreadpoolWait
CreateThreadpool
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CloseThreadpool
CreateThreadpoolWait
OpenThread
GetProcessIdOfThread
ReleaseMutex
FindFirstFileW
FindClose
UnregisterWait
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
InterlockedPopEntrySList
InitializeSListHead
HeapAlloc
HeapFree
GetProcessHeap
lstrcmpW
Sleep
GetLastError
GetSystemInfo
TlsAlloc
FreeLibrary
GetProcAddress
LoadLibraryExA
DelayLoadFailureHook
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
VirtualQuery
VirtualAlloc
VirtualProtect
SetThreadStackGuarantee
CreateThread
CloseHandle
SleepEx
DeleteTimerQueueTimer
CreateTimerQueueTimer
lstrlenW
RegisterWaitForSingleObject
LocalAlloc
LocalFree
EnterCriticalSection
LeaveCriticalSection
CreateEventW
SetEvent
TlsGetValue
QueueUserWorkItem
DuplicateHandle
CompareStringW
GetCurrentThread
GetModuleFileNameW
DeleteCriticalSection

Exports

Exports

CoGetComCatalog
GetRPCSSInfo
ServiceMain
WhichService

Sections

.text
Size: 402KB - Virtual size: 402KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92d42c80597c09f35b90077e57c32f4f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

ntdll

api-ms-win-core-localregistry-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

api-ms-win-security-sddl-l1-1-0

sspicli

kernel32

Exports

Exports

Sections

.text Size: 402KB - Virtual size: 402KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 8KB - Virtual size: 8KB

.pdata Size: 22KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 402KB - Virtual size: 402KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 8KB - Virtual size: 8KB

.pdata
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 3KB - Virtual size: 2KB