5cef29e367c5f2eb81fd95467523574d9b8fdc9ac73f803df694bfbc0ce4b116

Sharing

Copy URL

Twitter E-mail

General

Target

5cef29e367c5f2eb81fd95467523574d9b8fdc9ac73f803df694bfbc0ce4b116
Size

168KB
MD5

25e8ddd00e3952a6cd5ed6600a68c1c0
SHA1

02fc16e8f9cfa0719cb3836313556fdef21a9ad6
SHA256

5cef29e367c5f2eb81fd95467523574d9b8fdc9ac73f803df694bfbc0ce4b116
SHA512

abb43229cafd20ed69f70b27e98e7de58297b48bb7fdb3ae53bd7b0e0479f7a7ff0e4ab3e00b9170201c6ff929aee66b4e0ee69ff316925f45208b67d93494cd
SSDEEP

3072:QPI4X1XxoKWO1Rv97jYZ+nqUSIIm1CujxHIBzVWfwjTy9xW1MOpY48:QPI45iKzeQqUSi1/jxoBhW4Ty9AY4

Score

N/A

Malware Config

Signatures

Files

5cef29e367c5f2eb81fd95467523574d9b8fdc9ac73f803df694bfbc0ce4b116
.exe windows x86

05ccea887b6331524b0fce965644c761

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsnicmp
_itow
wcsrchr
time
_except_handler3
memmove
wcschr
_c_exit
_wtol
wcscspn
_XcptFilter
_cexit
wcscat
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
wcscpy
wcsncpy
_wcsicmp
wcslen
exit
wcsncmp
_exit
_ultow

advapi32

RegOpenKeyW
ConvertSidToStringSidW
LogonUserExW
LsaStorePrivateData
LsaLookupNames
LsaQueryInformationPolicy
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
RegSetKeySecurity
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
AllocateAndInitializeSid
SystemFunction029
SystemFunction005
RegGetKeySecurity
GetSecurityDescriptorDacl
GetLengthSid
CopySid
InitializeAcl
AddAce
SetSecurityDescriptorDacl
OpenThreadToken
LsaOpenPolicy
LsaLookupSids
LsaFreeMemory
LsaClose
ImpersonateLoggedOnUser
CreateProcessAsUserW
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
InitiateSystemShutdownExW
RevertToSelf

kernel32

LoadLibraryW
GetDriveTypeW
OpenEventW
CreateMutexW
ReleaseMutex
ExitThread
FormatMessageW
lstrcmpiW
DelayLoadFailureHook
GetExitCodeThread
LoadLibraryExW
SetProcessShutdownParameters
SetConsoleCtrlHandler
SetErrorMode
SetUnhandledExceptionFilter
LoadLibraryA
QueryPerformanceCounter
GetCurrentThreadId
UnhandledExceptionFilter
GetCurrentThread
LocalAlloc
LocalFree
Sleep
LeaveCriticalSection
EnterCriticalSection
SetLastError
CloseHandle
CreateThread
GetLastError
CreateProcessW
ExpandEnvironmentStringsW
InitializeCriticalSection
HeapAlloc
HeapFree
TerminateProcess
WaitForSingleObject
HeapCreate
FreeLibrary
GetProcAddress
GetModuleHandleExW
InterlockedCompareExchange
CreateNamedPipeW
ReadFile
CancelIo
GetOverlappedResult
WaitForMultipleObjects
ConnectNamedPipe
TransactNamedPipe
WriteFile
GetTickCount
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetModuleHandleW
GetComputerNameW
CreateEventW
SetEvent
ResetEvent
DeviceIoControl
CreateFileW
ResumeThread
GetCurrentProcessId

user32

LoadStringW
wsprintfW
BroadcastSystemMessageW
MessageBoxW
RegisterServicesProcess

rpcrt4

RpcServerRegisterAuthInfoW
RpcBindingFree
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcStringBindingComposeW
NdrClientCall2
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
NdrAsyncServerCall
RpcServerListen
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcServerUnregisterIf
NdrAsyncClientCall
RpcServerRegisterIf
NdrServerCall2
I_RpcBindingIsClientLocal
RpcRevertToSelf
RpcImpersonateClient
I_RpcMapWin32Status
RpcStringBindingParseW
RpcStringFreeW
RpcBindingToStringBindingW
RpcServerRegisterIfEx
RpcServerUseProtseqEpW

ntdll

RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
NtCreateKey
NtQueryValueKey
NtSetValueKey
NtDeleteValueKey
NtEnumerateKey
NtQuerySecurityObject
NtOpenKey
NtDeleteKey
RtlSetControlSecurityDescriptor
RtlValidSecurityDescriptor
RtlLengthSecurityDescriptor
RtlSetEnvironmentVariable
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
NtOpenThreadToken
NtAccessCheck
NtAccessCheckAndAuditAlarm
NtSetInformationThread
RtlConvertSharedToExclusive
NtDuplicateToken
NtQueryInformationToken
RtlQuerySecurityObject
RtlSetSecurityObject
RtlValidRelativeSecurityDescriptor
RtlMapGenericMask
RtlCopyUnicodeString
NtSetInformationFile
NtQueryInformationFile
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtWaitForSingleObject
NtQueryDirectoryFile
NtDeleteFile
NtSetInformationProcess
RtlUnhandledExceptionFilter
NtSetEvent
NtOpenProcessToken
RtlSetProcessIsCritical
RtlInitializeCriticalSection
RtlConvertExclusiveToShared
RtlRegisterWait
RtlGetNtProductType
RtlEqualUnicodeString
RtlLengthSid
RtlCopySid
NtOpenDirectoryObject
NtQueryDirectoryObject
RtlCompareUnicodeString
RtlInitAnsiString
RtlAnsiStringToUnicodeString
RtlNewSecurityObject
RtlAddAce
RtlSetOwnerSecurityDescriptor
RtlSetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlSubAuthorityCountSid
RtlFreeHeap
NtLoadDriver
NtUnloadDriver
RtlExpandEnvironmentStrings_U
RtlAdjustPrivilege
NtFlushKey
NtOpenFile
RtlDosPathNameToNtPathName_U
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlFreeUnicodeString
RtlAreAllAccessesGranted
NtDeleteObjectAuditAlarm
NtCloseObjectAuditAlarm
RtlDeregisterWait
RtlQueueWorkItem
RtlCopyLuid
RtlReleaseResource
RtlAcquireResourceExclusive
RtlAcquireResourceShared
RtlInitializeResource
RtlDeleteSecurityObject
RtlLockBootStatusData
RtlGetSetBootStatusData
RtlUnlockBootStatusData
NtInitializeRegistry
NtQueryKey
NtClose
RtlInitUnicodeString
NtSetSystemEnvironmentValue
RtlNtStatusToDosError
NtShutdownSystem
NtAdjustPrivilegesToken
RtlNtStatusToDosErrorNoTeb
RtlInitializeSid
RtlAllocateHeap
RtlLengthRequiredSid
RtlSubAuthoritySid
RtlUnicodeStringToAnsiString

userenv

UnloadUserProfile
CreateEnvironmentBlock
LoadUserProfileW
DestroyEnvironmentBlock

scesrv

ScesrvInitializeServer
ScesrvTerminateServer

umpnpmgr

RegisterScmCallback
PNP_SetActiveService
PNP_GetDeviceRegProp
PNP_GetDeviceListSize
PNP_GetDeviceList
PNP_HwProfFlags
RegisterServiceNotification
DeleteServicePlugPlayRegKeys

ncobjapi

WmiCreateObjectWithFormat
WmiEventSourceConnect
WmiSetAndCommitObject

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05ccea887b6331524b0fce965644c761

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

rpcrt4

ntdll

userenv

scesrv

umpnpmgr

ncobjapi

Sections

.text Size: 102KB - Virtual size: 102KB

.data Size: 63KB - Virtual size: 63KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 102KB - Virtual size: 102KB

.data
Size: 63KB - Virtual size: 63KB

.rsrc
Size: 2KB - Virtual size: 1KB