f8858ed0330f8f23f7b212dcadd2f4e1be309c26770797167db435a37fab3137

Sharing

Copy URL Twitter E-mail

General

Target

f8858ed0330f8f23f7b212dcadd2f4e1be309c26770797167db435a37fab3137
Size

472KB
MD5

269fe41749ce1a0f568023cbd33f5650
SHA1

2a868b826bd4425bb85c88d4bb72a90092b21dd8
SHA256

f8858ed0330f8f23f7b212dcadd2f4e1be309c26770797167db435a37fab3137
SHA512

d1083054281603b3def726ab89fc691bccf5eae941eb9fbbfbcc907ac6ad558a84e10a6f22293b863d11fcc8a090365ff5fe0edb22dcb7aba01238512eba5442
SSDEEP

6144:StNceLJIw1rOt9pdYamXnrdbMKw7w1rOt9pdYamXnrdbMKwE:SfRD5OLpdNIrd4Ds5OLpdNIrd4DE

Score

N/A

Malware Config

Signatures

Files

f8858ed0330f8f23f7b212dcadd2f4e1be309c26770797167db435a37fab3137
.exe windows x86

4118834ae1918861b0f28d700aa947a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegDeleteValueW
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCloseKey
RegSetValueExW
RegCreateKeyW
RegSetValueExA
RegQueryValueExA
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyA
RegOpenKeyExA
RegEnumValueW
RegOpenKeyExW
CopySid
EqualSid
InitializeSecurityDescriptor
ConvertStringSidToSidW
SetSecurityDescriptorDacl
SetEntriesInAclW
CreateWellKnownSid
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
GetKernelObjectSecurity
GetTokenInformation
OpenProcessToken
InitializeAcl
SetSecurityInfo
IsValidSid
GetSecurityDescriptorSacl
GetLengthSid
AddMandatoryAce
RegOverridePredefKey
RegOpenCurrentUser
GetSidSubAuthority
GetSidSubAuthorityCount
GetAce

kernel32

lstrcmpiA
GetProcAddress
EnterCriticalSection
SetFileAttributesA
GetExitCodeThread
lstrcmpiW
DeleteCriticalSection
DuplicateHandle
CloseHandle
DeleteFileW
DeleteFileA
CreateThread
lstrcmpA
CreateDirectoryExA
WideCharToMultiByte
CopyFileW
GetFileAttributesA
MultiByteToWideChar
lstrlenW
RemoveDirectoryA
FindClose
LocalAlloc
FindNextFileA
GetTempPathA
GetCurrentProcess
InterlockedCompareExchange
SetEvent
CreateEventW
HeapSetInformation
GetVersionExA
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
CreateFileW
GetFileAttributesW
LeaveCriticalSection
LoadLibraryW
OpenProcess
FindFirstFileA
InitializeCriticalSection
GetModuleFileNameW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
SetLastError
ResumeThread
SuspendThread
VirtualProtect
VirtualAlloc
FlushInstructionCache
WaitForSingleObject
GetModuleHandleW
VirtualFree
VirtualQuery
SetThreadContext
GetThreadContext
GetCurrentThread
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetProcessHeap
InterlockedExchange
GetLastError
SetProcessShutdownParameters
lstrlenA
FreeLibrary
CreateProcessW
LoadLibraryExW
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
LocalFree

user32

LoadStringW
CharNextW
PostQuitMessage

msvcrt

memset
wcstok
__wgetmainargs
_cexit
_XcptFilter
exit
_wcmdln
_initterm
memcpy_s
_amsg_exit
__setusermatherr
__p__commode
_wcsnicmp
_vsnprintf
_vsnwprintf
wcsrchr
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_controlfp
_exit

psapi

GetModuleBaseNameW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
CoUninitialize
CoInitialize
CoRevertToSelf
CoTaskMemFree
CoImpersonateClient
CoTaskMemAlloc
CoGetCallContext
StringFromGUID2
CoInitializeSecurity
CoInitializeEx

oleaut32

RegisterTypeLi
UnRegisterTypeLi
RegisterTypeLibForUser
SysFreeString
SysStringLen
SysAllocString
UnRegisterTypeLibForUser

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

urlmon

CompatFlagsFromClsid
CoInternetSetFeatureEnabled
CoInternetCreateSecurityManager
ord107
Extract

wintrust

CryptCATAdminAddCatalog
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext

iertutil

ord658
ord650
ord201
ord200

ntdll

NtFreeVirtualMemory

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4118834ae1918861b0f28d700aa947a8

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

psapi

ole32

oleaut32

rpcrt4

urlmon

wintrust

iertutil

ntdll

Sections

.text Size: 43KB - Virtual size: 43KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 404KB - Virtual size: 403KB

.reloc Size: 23KB - Virtual size: 26KB

.text
Size: 43KB - Virtual size: 43KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 404KB - Virtual size: 403KB

.reloc
Size: 23KB - Virtual size: 26KB