3d6378750d713270bbafc1a18754626d148396253429a6a70c018eadb988120a

Sharing

Copy URL Twitter E-mail

General

Target

3d6378750d713270bbafc1a18754626d148396253429a6a70c018eadb988120a
Size

56KB
MD5

d1162368219522a671669c5427cf5bd3
SHA1

712635b52f147a062cbc1642f4237c7473f7489c
SHA256

3d6378750d713270bbafc1a18754626d148396253429a6a70c018eadb988120a
SHA512

66148b85a8961f6e2f52154fd569ff5e8e893efd8747961701249e9ffc86bc418a6caeb2d0f59b2fc2553a877b966ab929a7ade31066b83417678b3e06843642
SSDEEP

768:RZSu+8MhzHazqMwGJmHGz7tqesFaD7HjTa/HQMyYyH3bfLmkD:RZSJhOzrZJmHGdXmanHj2PQ9YybzTD

Score

N/A

Malware Config

Signatures

Files

3d6378750d713270bbafc1a18754626d148396253429a6a70c018eadb988120a
.exe windows x86

3734aa5999462ffbc6a465c8b81e2dba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

CloseClusterResource
GetClusterFromNetInterface
ClusterResourceCloseEnum
ClusterNodeCloseEnum
OfflineClusterGroup
ClusterRegQueryValue
ChangeClusterResourceGroup
ClusterRegEnumValue
SetClusterNetworkPriorityOrder
GetClusterInformation
GetClusterResourceKey
ClusterRegDeleteValue
ClusterResourceOpenEnum
GetClusterFromResource
ClusterRegCloseKey
DeleteClusterResource
OfflineClusterResource
ClusterControl
EvictClusterNode
FailClusterResource

rpcrt4

RpcCancelThreadEx
I_RpcSessionStrictContextHandle
NdrServerContextUnmarshall
I_RpcFreeBuffer
NdrUserMarshalBufferSize
I_RpcBindingIsClientLocal
NdrClientContextUnmarshall
IUnknown_AddRef_Proxy
NdrComplexArrayUnmarshall

ws2_32

ioctlsocket
getservbyname
WSAGetServiceClassNameByClassIdW
getprotobyname
listen
setsockopt
inet_ntoa
WSAGetServiceClassInfoW
WSASetEvent
WSASend
getservbyport

mpr

WNetCancelConnectionA
WNetConnectionDialog
WNetUseConnectionW

kernel32

ExitThread
GetCurrentProcess
SetLastError
GetNumberFormatW
GetLastError
ExitThread
GetModuleHandleW
GetCurrentProcessId
CreateThread
WaitForSingleObject
ResumeThread

ntdll

NtWaitForSingleObject
NtResumeThread

esent

JetGetTableColumnInfo
JetRetrieveKey
JetGotoPosition
JetGetBookmark
JetSetSessionContext
JetInit
JetRestore2
JetBeginSession
JetSetCurrentIndex4
JetGetDatabaseFileInfo
JetDupCursor
JetOpenFile
JetOpenTempTable3
JetSetIndexRange
JetIntersectIndexes
JetIndexRecordCount
JetGetColumnInfo
JetGetIndexInfo
JetGetCurrentIndex
JetCloseDatabase
JetSeek
JetAddColumn
JetSetColumnDefaultValue
JetStopBackup
JetCompact

rtm

RtmGetEnumRoutes
RtmCreateRouteList
RtmReleaseDests
RtmIgnoreChangedDests
RtmDeregisterFromChangeNotification
RtmGetNextHopPointer
RtmDeleteNextHop
RtmReferenceHandles
RtmGetRouteInfo
RtmReleaseEntities
RtmInvokeMethod
RtmReleaseRouteInfo
RtmRegisterEntity
RtmDeregisterEntity

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3734aa5999462ffbc6a465c8b81e2dba

Headers

DLL Characteristics

File Characteristics

Imports

clusapi

rpcrt4

ws2_32

mpr

kernel32

ntdll

esent

rtm

Sections

.text Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 4KB