91572c28b7e29f7049eadf9d94e440364d5e756ed38859bcf87c365f94b8f3b7

Sharing

Copy URL Twitter E-mail

General

Target

91572c28b7e29f7049eadf9d94e440364d5e756ed38859bcf87c365f94b8f3b7
Size

844KB
MD5

1b89b3b22435874bc364926d8616d220
SHA1

1a8274eb1aa71ff7c0d576d3dc545a71271447a8
SHA256

91572c28b7e29f7049eadf9d94e440364d5e756ed38859bcf87c365f94b8f3b7
SHA512

91ac117667a2ae7aa0b9cadee7e70c1d5e95933af82f56a98faf79ae172c139149b18fe6a4e56aa17a051d40887e7c01133d09ef14b411ec05d9291c6f0b4089
SSDEEP

24576:SfM1NYL1ZzRzQZj1NPg5i1Sj57nyTTzgSNJ:SfM1E1ZzJM1NPCVjlnwMSN

Score

N/A

Malware Config

Signatures

Files

91572c28b7e29f7049eadf9d94e440364d5e756ed38859bcf87c365f94b8f3b7
.dll windows x86

e4ed6679f2802c9704ab6c969e2c9ef6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_ui64tow_s
wcstok_s
_i64tow_s
_wcstoi64
_CxxThrowException
__RTDynamicCast
_ftol2_sse
floor
memcmp
_except_handler4_common
realloc
_errno
_onexit
__dllonexit
iswctype
_wcsnicmp
wcstoul
_ultow
_unlock
_lock
??1type_info@@UAE@XZ
__CxxFrameHandler3
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
memset
wcsrchr
malloc
wcscpy_s
iswspace
memmove
wcspbrk
_wcstoui64
wcsncpy_s
wcscspn
wcsspn
??0exception@@QAE@XZ
memcpy_s
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
wcsncmp
_vsnwprintf
memmove_s
wcschr
wcsnlen
free
_itow_s
memcpy

ntdll

EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
EtwUnregisterTraceGuids
RtlLengthSid
RtlCreateUnicodeString
RtlFreeUnicodeString
RtlNtStatusToDosError
RtlEqualUnicodeString
RtlGetNtProductType
RtlInitUnicodeString
RtlAddScopedPolicyIDAce
RtlCreateAcl
RtlSubAuthoritySid
RtlConvertSidToUnicodeString
RtlEqualSid
RtlCopySid
RtlValidSid
RtlGetSaclSecurityDescriptor
RtlInitializeCriticalSectionEx
RtlDeleteCriticalSection
RtlInitializeSid
RtlSubAuthorityCountSid
EtwTraceMessage
RtlNtStatusToDosErrorNoTeb
RtlRunOnceExecuteOnce
WinSqmIsOptedIn
WinSqmEndSession
WinSqmSetString
WinSqmStartSession
WinSqmIsOptedInEx
WinSqmSetDWORD
WinSqmIncrementDWORD
WinSqmAddToStream
RtlIsCapabilitySid
RtlIsPackageSid

kernel32

ResolveDelayLoadedAPI
DelayLoadFailureHook
LoadLibraryExW
GetProcAddress
ExpandEnvironmentStringsA
RegQueryValueExA
LocalAlloc
LocalFree
InterlockedDecrement
InterlockedExchangeAdd
TlsGetValue
GetCurrentProcess
FlushInstructionCache
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RegOpenKeyExA
GetProcessHeap
HeapAlloc
CompareStringW
GetLastError
CheckElevationEnabled
InterlockedIncrement
CreateThreadpoolWait
SetThreadpoolWait
AcquireSRWLockShared
ReleaseSRWLockShared
SetEvent
CompareStringEx
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceExW
HeapFree
FormatMessageW
DisableThreadLibraryCalls
InitializeCriticalSection
DeactivateActCtx
TlsFree
DeleteCriticalSection
LocalReAlloc
LoadLibraryW
CreateThread
FreeLibrary
CloseHandle
WaitForSingleObjectEx
GetModuleHandleW
FreeLibraryAndExitThread
HeapReAlloc
WaitForThreadpoolWaitCallbacks
CloseThreadpoolWait
GlobalLock
GlobalUnlock
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
lstrcmpiW
HeapDestroy
HeapSize
InterlockedExchange
InterlockedCompareExchange
VirtualFree
InterlockedPopEntrySList
IsProcessorFeaturePresent
VirtualAlloc
InterlockedPushEntrySList
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringA
FindResourceW
GetCurrentThread
ActivateActCtx
ReleaseActCtx
CreateActCtxW
RegCloseKey
TlsAlloc
lstrcmpW
RaiseException
LoadLibraryExA

user32

GetSystemMetrics
MessageBoxW
LoadImageW
GetAncestor
GetDC
ReleaseDC
RegisterWindowMessageW
GetWindow
GetWindowPlacement
SetWindowPlacement
RegisterClassW
UnregisterClassW
MapDialogRect
SystemParametersInfoW
DestroyIcon
GetDlgCtrlID
DefWindowProcW
GetScrollInfo
SetScrollPos
ScrollWindow
GetClientRect
CallWindowProcW
OffsetRect
MoveWindow
ShowScrollBar
InflateRect
IsWindowVisible
GetSysColorBrush
GetSysColor
IsWindowEnabled
EnumDisplaySettingsW
CreateWindowExW
keybd_event
SetTimer
KillTimer
ClientToScreen
RegisterClipboardFormatW
DrawTextW
UnregisterClassA
SendMessageW
GetDlgItem
LoadCursorW
SetCursor
SetWindowLongW
GetWindowLongW
LoadStringW
SetFocus
GetFocus
RedrawWindow
DialogBoxParamW
FrameRect
GetActiveWindow
PostMessageW
GetDlgItemTextW
GetParent
EnableWindow
SetWindowPos
MapWindowPoints
GetWindowRect
ShowWindow
GetDesktopWindow
DestroyWindow
EndDialog
SetDlgItemTextW
SetWindowTextW
SendDlgItemMessageW
DrawFocusRect
LoadIconW
SetScrollInfo

gdi32

DeleteObject
GetTextExtentPoint32W
SetTextColor
SetBkColor
SetBkMode
GetObjectW
SelectObject
CreateFontIndirectW

shlwapi

ord12
PathAppendW
StrRChrW
StrChrW
ord219

advapi32

AddAccessAllowedAce
LsaOpenPolicy
GetSidSubAuthorityCount
OpenProcessToken
LookupAccountNameW
DeleteAce
SetSecurityDescriptorOwner
LookupAccountSidW
IsWellKnownSid
IsValidSid
GetLengthSid
EqualSid
AllocateAndInitializeSid
EqualPrefixSid
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
CopySid
EventUnregister
EventRegister
GetAce
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
SetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
EventWrite
GetSecurityDescriptorControl
SetThreadToken
AdjustTokenPrivileges
DuplicateTokenEx
OpenThreadToken
GetWindowsAccountDomainSid
LsaLookupSids
GetSidSubAuthority
IsValidAcl
IsValidSecurityDescriptor
LsaGetAppliedCAPIDs

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoGetMalloc
CoTaskMemRealloc
ReleaseStgMedium
CoCreateGuid

oleaut32

SafeArrayAccessData
SysAllocString
SysAllocStringLen
SafeArrayUnaccessData
SysFreeString
SysReAllocStringLen

shell32

ord258
ord6
ord259

ntdsapi

DsFreeNameResultW
DsCrackNamesW
DsUnBindW
DsBindWithSpnExW

xmllite

CreateXmlReader

Exports

Exports

CreateSecurityPage
EditResourceCondition
EditSecurity
EditSecurityAdvanced
GetLocalizedStringForCondition
GetTlsIndexForClaimDictionary
IID_ISecurityInformation

Sections

.text
Size: 323KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 462KB - Virtual size: 462KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4ed6679f2802c9704ab6c969e2c9ef6

Headers

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

gdi32

shlwapi

advapi32

ole32

oleaut32

shell32

ntdsapi

xmllite

Exports

Exports

Sections

.text Size: 323KB - Virtual size: 323KB

.data Size: 16KB - Virtual size: 18KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 13B

.rsrc Size: 462KB - Virtual size: 462KB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 323KB - Virtual size: 323KB

.data
Size: 16KB - Virtual size: 18KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 13B

.rsrc
Size: 462KB - Virtual size: 462KB

.reloc
Size: 31KB - Virtual size: 31KB