57311553fb74364545574103f812b0e43044f4cb26fd7d7c321de36444d3780b

Sharing

Copy URL

Twitter E-mail

General

Target

57311553fb74364545574103f812b0e43044f4cb26fd7d7c321de36444d3780b
Size

447KB
MD5

8be7dab3ad250aba59e807b5c7d5ad2a
SHA1

041d17fbb0224030e5fbebc94b328329bae3fb73
SHA256

57311553fb74364545574103f812b0e43044f4cb26fd7d7c321de36444d3780b
SHA512

8880294ce589a4c511426cd90ee575bd57d1c344a81183f9566d300504657b00a3579a186a2cdc1266a7630eecd1233e62aac592c2513b766c81585e6ea4cef4
SSDEEP

6144:r3jJYfwnnmxpY2jGPqkWDZnsZenhO31dRXdtOADVOGx7HNBc5h8TQ81BXAww:RYonmxpxfpOBjDOGJ3c5h8Tb1Aw

Score

N/A

Malware Config

Signatures

Files

57311553fb74364545574103f812b0e43044f4cb26fd7d7c321de36444d3780b
.exe windows x86

691ded370f435054cc378616b00e53b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegDeleteKeyW
RegCloseKey
RegNotifyChangeKeyValue
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
OpenProcessToken
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
InitializeAcl
InitializeSecurityDescriptor
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegLoadKeyW
RegUnLoadKeyW
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
OpenThreadToken
LookupAccountNameW
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegEnumValueW
ImpersonateLoggedOnUser
GetSecurityDescriptorLength
GetSidSubAuthority
RevertToSelf
InitializeSid
GetSidLengthRequired
AddAccessDeniedAce
LookupAccountSidW
CreateWellKnownSid
ConvertSidToStringSidW
SetTokenInformation
IsValidAcl
DeregisterEventSource
RegisterEventSourceW
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorA
CheckTokenMembership
CopySid

kernel32

FormatMessageW
UnmapViewOfFile
ReleaseMutex
OpenMutexW
LCMapStringW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
LocalFree
CreateFileW
lstrcmpW
CompareFileTime
RemoveDirectoryW
FindFirstFileW
FindNextFileW
GetDriveTypeW
FindClose
DuplicateHandle
GetCurrentThread
GetSystemDefaultLCID
VerSetConditionMask
VerifyVersionInfoW
UnhandledExceptionFilter
TerminateProcess
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
GetStartupInfoA
InterlockedCompareExchange
GetStringTypeExW
GetEnvironmentVariableW
lstrlenA
InterlockedExchange
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetVersionExA
OutputDebugStringW
LoadLibraryW
CreateFileMappingW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SearchPathW
ExpandEnvironmentStringsW
GetFileAttributesW
DeleteFileW
HeapSetInformation
GetCurrentProcessId
SetPriorityClass
SetEnvironmentVariableW
CreateMutexW
CreateFileA
GetLocalTime
FlushViewOfFile
DeleteFileA
CopyFileA
GetSystemTimeAsFileTime
MapViewOfFile
Sleep
MultiByteToWideChar
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetVersionExW
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetCurrentProcess
GetModuleFileNameW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
GetSystemDirectoryW
GetUserDefaultLCID
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetModuleHandleExW
GetProcAddress
GetLastError
WideCharToMultiByte
CompareStringW
FreeLibrary
CreateEventW
CreateThread
WaitForMultipleObjects
GetVolumeInformationW
SetEvent
WaitForSingleObject
CloseHandle
lstrlenW
GetCommandLineW

user32

UnregisterClassA
LoadStringW
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects
CharNextW
GetKeyboardLayout

msvcrt

_lseeki64
_fileno
wcspbrk
__pioinfo
__badioinfo
ferror
_itoa
_snprintf
_iob
isleadbyte
__mb_cur_max
mbtowc
isdigit
_controlfp
memmove
realloc
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_write
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_wcslwr
_errno
__CxxFrameHandler
wcsstr
malloc
memcpy
wcsrchr
memset
_wcsnicmp
wcsncmp
_vsnwprintf
calloc
free
_vscwprintf
_wcsicmp
_CxxThrowException
qsort
bsearch
_isatty
strncmp
_vsnprintf
_initterm
fprintf
wcschr
iswspace
_wtol
swscanf

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoImpersonateClient
CoRevertToSelf
CoInitializeSecurity
CoTaskMemFree

oleaut32

SysFreeString
SysStringLen
VarBstrCat
SysAllocStringLen
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
LoadRegTypeLi
LoadTypeLi

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

tquery

?ciNewNoThrow@@YGPAXI@Z
?ciNew@@YGPAXI@Z
?ciDelete@@YGXPAX@Z

shell32

ord165
SHGetFolderPathW
SHFileOperationW

userenv

GetUserProfileDirectoryW
GetProfilesDirectoryW
GetAllUsersProfileDirectoryW
GetDefaultUserProfileDirectoryW

mpr

WNetGetConnectionW

mssrch

??1CSearchServiceObj@@QAE@XZ
??0CSearchServiceObj@@QAE@XZ

netapi32

NetShareEnum
NetApiBufferFree

shlwapi

SHGetValueW
PathIsUNCServerShareW
PathSkipRootW
PathIsUNCW
PathStripToRootW
SHCopyKeyW
ord219
SHEnumKeyExW
SHEnumValueW
SHStrDupW
SHRegGetValueW
PathFileExistsW
ord154
SHDeleteKeyW
PathAppendW
SHDeleteValueW
PathIsUNCServerW
SHSetValueW
PathAddBackslashW
PathRemoveBackslashW

Sections

.text
Size: 301KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

691ded370f435054cc378616b00e53b5

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

wtsapi32

tquery

shell32

userenv

mpr

mssrch

netapi32

shlwapi

Sections

.text Size: 301KB - Virtual size: 301KB

.data Size: 15KB - Virtual size: 15KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 35KB - Virtual size: 37KB

.text
Size: 301KB - Virtual size: 301KB

.data
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 35KB - Virtual size: 37KB