f0fd9a2b739f9b6e625973dccf5aeab03875435977183c757f568f1b58d39cfa

Sharing

Copy URL

Twitter E-mail

General

Target

f0fd9a2b739f9b6e625973dccf5aeab03875435977183c757f568f1b58d39cfa
Size

38KB
MD5

44363c976a95afb96606eb316f46e2c0
SHA1

25b6d7f834d467722571f0367a37ac43264a91a1
SHA256

f0fd9a2b739f9b6e625973dccf5aeab03875435977183c757f568f1b58d39cfa
SHA512

7387fb2dab23cf213f42a94ec54fabdfa4f06bb73596b01ae22ba9bfe375a3a3e0819c39dbbf7ead416902d3aa805919930ee894806986497ff5c924907585f9
SSDEEP

768:iiNboL5VySu8qzzPhYxmzavQLRl4Mup2e6SGyQr:iiNbyt85YxJvQNDoMtBr

Score

N/A

Malware Config

Signatures

Files

f0fd9a2b739f9b6e625973dccf5aeab03875435977183c757f568f1b58d39cfa
.exe windows x86

506cfb47e3153895cc804d0b3f7b553d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LsaSetTrustedDomainInformation
LsaCreateTrustedDomain
SystemFunction018
GetInformationCodeAuthzPolicyW
ChangeServiceConfig2W
LogonUserExA
ElfOpenBackupEventLogA
NotifyBootConfigStatus
LsaDeleteTrustedDomain
LookupAccountNameW
ClearEventLogW
LsaGetQuotasForAccount
ConvertSDToStringSDRootDomainA
I_ScSendTSMessage
GetCurrentHwProfileW
CryptGetUserKey
LsaSetTrustedDomainInfoByName
RemoveTraceCallback
GetServiceKeyNameA
LsaSetSecret
LsaDelete
AbortSystemShutdownW
CreatePrivateObjectSecurityWithMultipleInheritance
RegOpenKeyW
GetNamedSecurityInfoA
SetThreadToken
TrusteeAccessToObjectW
EqualSid
I_ScSetServiceBitsW
RegReplaceKeyW
LookupPrivilegeDisplayNameW
ConvertStringSDToSDDomainA
RegDeleteKeyW
WmiSetSingleItemW
SystemFunction041
RegSaveKeyExA
CommandLineFromMsiDescriptor
ElfBackupEventLogFileW
CryptSetProvParam
GetTraceEnableLevel
LsaICLookupSidsWithCreds
ElfBackupEventLogFileA
StopTraceW
InitializeSecurityDescriptor
CredReadA
CryptEnumProvidersW
GetSecurityInfo
CryptVerifySignatureA
CryptGetDefaultProviderA
CreateServiceW
AddAuditAccessAce
LookupPrivilegeValueW
RegisterServiceCtrlHandlerExA
ConvertSidToStringSidA
SetSecurityDescriptorRMControl
ElfCloseEventLog
LsaQueryTrustedDomainInfo
RegEnumKeyExA
MD4Final
SystemFunction016
SystemFunction002
CredWriteW
CryptSetHashParam
ImpersonateNamedPipeClient
CryptExportKey
UnregisterTraceGuids
CredDeleteW
CryptImportKey
RegCreateKeyExW
CredGetSessionTypes
ConvertStringSDToSDRootDomainA
GetPrivateObjectSecurity
ConvertStringSDToSDRootDomainW
FreeEncryptionCertificateHashList

msvcirt

??0streambuf@@IAE@PADH@Z
??0ostrstream@@QAE@XZ
??0istream_withassign@@QAE@PAVstreambuf@@@Z
?clrlock@ios@@QAAXXZ
??_Eistrstream@@UAEPAXI@Z
??_Distream@@QAEXXZ
?get@istream@@IAEAAV1@PADHH@Z
?xsputn@streambuf@@UAEHPBDH@Z
??_7ostream@@6B@
?unlockc@ios@@KAXXZ
??1strstream@@UAE@XZ
??5istream@@QAEAAV0@AAE@Z
??_8ofstream@@7B@
??_Difstream@@QAEXXZ
?ends@@YAAAVostream@@AAV1@@Z
??0ostream_withassign@@QAE@XZ
?attach@ofstream@@QAEXH@Z
?in_avail@streambuf@@QBEHXZ
??4istream@@IAEAAV0@ABV0@@Z
??_Gexception@@UAEPAXI@Z
??_7fstream@@6B@
?pbase@streambuf@@IBEPADXZ
??1stdiobuf@@UAE@XZ
??_Distream_withassign@@QAEXXZ
?what@exception@@UBEPBDXZ
?rdbuf@ios@@QBEPAVstreambuf@@XZ
??4stdiostream@@QAEAAV0@AAV0@@Z
?sync@istream@@QAEHXZ
?dbp@streambuf@@QAEXXZ
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?sputc@streambuf@@QAEHH@Z
??0ofstream@@QAE@PBDHH@Z
?getint@istream@@AAEHPAD@Z
??4fstream@@QAEAAV0@AAV0@@Z
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
?is_open@ofstream@@QBEHXZ
?open@filebuf@@QAEPAV1@PBDHH@Z
??0ostream@@IAE@ABV0@@Z
??0ifstream@@QAE@PBDHH@Z
?seekp@ostream@@QAEAAV1@J@Z
??0fstream@@QAE@HPADH@Z

hlink

HlinkResolveMonikerForData
HlinkCreateShortcut
OleSaveToStreamEx
HlinkUpdateStackItem
HlinkGetValueFromParams
HlinkCreateBrowseContext
HlinkResolveShortcut
HlinkCreateFromData
HlinkCreateExtensionServices
HlinkPreprocessMoniker
HlinkParseDisplayName
HlinkQueryCreateFromData
HlinkCreateShortcutFromMoniker
HlinkNavigate
HlinkTranslateURL
HlinkCreateFromString
HlinkCreateShortcutFromString
HlinkIsShortcut
HlinkNavigateToStringReference
HlinkOnNavigate
DllGetClassObject
HlinkSetSpecialReference
HlinkResolveStringForData
HlinkOnRenameDocument
HlinkResolveShortcutToMoniker
HlinkCreateFromMoniker
HlinkResolveShortcutToString
HlinkGetSpecialReference
HlinkClone

kernel32

WaitNamedPipeA
GetOEMCP
HeapCreate
CreateSemaphoreA
FreeLibrary
BeginUpdateResourceA
IsSystemResumeAutomatic
lstrcmpW
WTSGetActiveConsoleSessionId
VirtualAlloc
GetSystemDirectoryA
GlobalAlloc
GetConsoleWindow
CreateDirectoryExW
SetThreadUILanguage
DeleteFileA
LocalAlloc
GetTempFileNameW
BackupWrite
SetPriorityClass
SetConsoleMode
GetHandleInformation
ReadConsoleInputExA
DeleteTimerQueueTimer
SetConsoleActiveScreenBuffer
GetLocaleInfoW
DuplicateConsoleHandle
ConvertThreadToFiber
GetFullPathNameA
SetThreadPriority
ExitProcess
SetThreadContext
LoadModule
GetFileAttributesExW
WriteConsoleInputVDMW
SetMessageWaitingIndicator
GetCommState
LoadLibraryA
PrivCopyFileExW
GetProcessVersion
GetDefaultCommConfigW
TzSpecificLocalTimeToSystemTime
MoveFileWithProgressW
RemoveDirectoryA
EndUpdateResourceW

upnp

DllGetClassObject
HrRehydratorInvokeServiceAction
HrRehydratorCreateServiceObject

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

506cfb47e3153895cc804d0b3f7b553d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

msvcirt

hlink

kernel32

upnp

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 7KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 1024B - Virtual size: 1024B