383035e84fbf350248c186eea347f9e8e4bfae4d1104a75f74d684a45e6b51f2

Sharing

Copy URL Twitter E-mail

General

Target

383035e84fbf350248c186eea347f9e8e4bfae4d1104a75f74d684a45e6b51f2
Size

214KB
MD5

613f1fb6093af9df9de2f9d89c91cc87
SHA1

d7f098676448c4775a38d29e027830c43f1476b7
SHA256

383035e84fbf350248c186eea347f9e8e4bfae4d1104a75f74d684a45e6b51f2
SHA512

fe4accb22ed3e9a1498201b107063d430e9dac1c9c75905bc2576808802927875bc87a324f940fb87e73b6cacd59c7b666884f8df586d8fed7e21831bfbc755c
SSDEEP

3072:ejFX9KMutuI3u4g4NUTrKeCnCADtX2kRQwHNcT3n9VMOscHImPCG8gfbkWFCkIjx:uX9+tuJ4xNUTrfe1X259i4N3h7r

Score

N/A

Malware Config

Signatures

Files

383035e84fbf350248c186eea347f9e8e4bfae4d1104a75f74d684a45e6b51f2
.exe windows x86

9350e190375290368653be75573eb978

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
CreateWellKnownSid
CreateProcessWithLogonW
CreateProcessAsUserW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
CloseServiceHandle
DeleteService
OpenSCManagerW
OpenServiceW
StartServiceW
QueryServiceStatusEx
ControlService
IsTextUnicode
ConvertSidToStringSidW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
ConvertStringSidToSidW
CryptExportKey
CryptAcquireContextW
CryptGetKeyParam
CryptReleaseContext
CryptEnumProvidersW
CryptGetProvParam
CryptDestroyKey
CryptGetUserKey
OpenEventLogW
GetNumberOfEventLogRecords
ClearEventLogW
CreateServiceW
SetServiceObjectSecurity
BuildSecurityDescriptorW
QueryServiceObjectSecurity
AllocateAndInitializeSid
FreeSid
CryptGetHashParam
CryptSetKeyParam
SystemFunction032
SystemFunction005
CryptImportKey
SystemFunction025
CryptCreateHash
CryptDecrypt
CryptDestroyHash
LsaFreeMemory
CryptHashData
OpenThreadToken
SetThreadToken
DuplicateTokenEx
CheckTokenMembership
CredFree
CredEnumerateW
MD4Final
MD4Init
MD4Update

crypt32

CryptBinaryToStringW
CryptAcquireCertificatePrivateKey
CertGetNameStringW
CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertEnumSystemStore
PFXExportCertStoreEx

cryptdll

CDGenerateRandomBits
CDLocateCheckSum
MD5Final
MD5Update
MD5Init
CDLocateCSystem

shlwapi

PathIsRelativeW
PathCanonicalizeW
PathCombineW

samlib

SamCloseHandle
SamFreeMemory
SamEnumerateUsersInDomain
SamOpenUser
SamLookupNamesInDomain
SamLookupIdsInDomain
SamOpenDomain
SamGetAliasMembership
SamLookupDomainInSamServer
SamRidToSid
SamQueryInformationUser
SamConnect
SamEnumerateDomainsInSamServer
SamGetGroupsForUser

secur32

LsaConnectUntrusted
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
LsaFreeReturnBuffer
LsaDeregisterLogonProcess

shell32

CommandLineToArgvW

user32

IsCharAlphaNumericW

ntdll

wcstol
wcstoul
wcsstr
_wcsnicmp
_stricmp
_wcsicmp
wcschr
wcsrchr
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
RtlInitUnicodeString
RtlEqualUnicodeString
NtQueryObject
NtQuerySystemInformation
RtlGetCurrentPeb
NtQueryInformationProcess
RtlCreateUserThread
RtlStringFromGUID
RtlFreeUnicodeString
RtlGetNtVersionNumbers
RtlUpcaseUnicodeString
RtlAppendUnicodeStringToString
NtResumeProcess
RtlAdjustPrivilege
NtSuspendProcess
NtTerminateProcess
RtlEqualString
_chkstk
_aullrem

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
OutputDebugStringA
GetCurrentProcessId
GetCurrentThread
SetCurrentDirectoryW
IsWow64Process
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
GetStdHandle
SetConsoleCursorPosition
Sleep
GetProcAddress
LoadLibraryW
FreeLibrary
FindNextFileW
FindClose
GetFileAttributesW
GetSystemTimeAsFileTime
FindFirstFileW
SetConsoleTitleW
SetConsoleOutputCP
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetTimeFormatW
GetDateFormatW
CreateRemoteThread
WaitForSingleObject
SetLastError
CreateProcessW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
WriteProcessMemory
VirtualProtect
VirtualAllocEx
VirtualProtectEx
VirtualAlloc
ReadProcessMemory
VirtualFreeEx
VirtualQueryEx
VirtualFree
VirtualQuery
SetFilePointer
DeviceIoControl
DuplicateHandle
GetLastError
OpenProcess
GetCurrentProcess
FileTimeToSystemTime
LocalAlloc
LocalFree
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
GetFileSizeEx
GetCurrentDirectoryW
CloseHandle

msvcrt

_isatty
_lseeki64
_read
__pioinfo
__badioinfo
realloc
_write
ungetc
_controlfp
?terminate@@YAXXZ
wcstombs
iswctype
ferror
malloc
wctomb
_itoa
_snprintf
_lock
_unlock
_errno
localeconv
fflush
_wfopen
_iob
vwprintf
fclose
free
_wcsdup
_fileno
_setmode
memset
memcpy
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
calloc
isdigit
mbtowc
__mb_cur_max
isleadbyte
isxdigit
vfwprintf

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9350e190375290368653be75573eb978

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

crypt32

cryptdll

shlwapi

samlib

secur32

shell32

user32

ntdll

kernel32

msvcrt

Sections

.text Size: 88KB - Virtual size: 88KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 34KB - Virtual size: 35KB

.text
Size: 88KB - Virtual size: 88KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 34KB - Virtual size: 35KB