3e15fb3bf24db98f1d2d1dc33b22815cfa138b57027190ed5e2954200e0f0d8f

Sharing

Copy URL

Twitter E-mail

General

Target

3e15fb3bf24db98f1d2d1dc33b22815cfa138b57027190ed5e2954200e0f0d8f
Size

864KB
MD5

88445e9083904a9a213cba464c523a72
SHA1

9934545113bab91a320530b50f5e12b62ab0722f
SHA256

3e15fb3bf24db98f1d2d1dc33b22815cfa138b57027190ed5e2954200e0f0d8f
SHA512

1e461391dff36c54938cc93c2b1502037f0dbb52c2a72aabb92bec25c15c891fc0ce94d011d63024ffc8cd04e40b3de1e9385b634c089c31da6320673e7afc13
SSDEEP

24576:cnBTMfHuyPdElsxVuMzTBISUZmoXy11r:EMfnlxTzKli11

Score

N/A

Malware Config

Signatures

Files

3e15fb3bf24db98f1d2d1dc33b22815cfa138b57027190ed5e2954200e0f0d8f
.exe windows x86

7796b28b27dc28099ab4d65d53ee2942

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumaHighestNodeNumber
GetBinaryTypeW
VirtualAlloc
Process32NextW
EnumDateFormatsA
GetDriveTypeW
PurgeComm
IsValidCodePage
QueryInformationJobObject
GetCurrentConsoleFont
GlobalWire
Heap32Next
SetFilePointerEx
ZombifyActCtx
FindVolumeMountPointClose
QueryMemoryResourceNotification
CreateTimerQueue
IsBadReadPtr
GetWindowsDirectoryW
HeapWalk
SetComputerNameExW
GetConsoleScreenBufferInfo
LoadLibraryA
GlobalFindAtomA
GetConsoleTitleA
GetConsoleCursorInfo
GetModuleHandleA
GlobalGetAtomNameA
lstrcmp
GetConsoleFontInfo
SetConsoleActiveScreenBuffer
GetThreadLocale
CreateProcessInternalA
IsSystemResumeAutomatic
OpenSemaphoreW
EnumCalendarInfoA
FindFirstVolumeA
InitializeCriticalSection
GetProcessTimes
lstrcatW
LZSeek
QueryPerformanceFrequency
RtlUnwind
GetVersion
ScrollConsoleScreenBufferA
GetStartupInfoA
EraseTape

advapi32

CreateRestrictedToken
CredIsMarshaledCredentialA
MakeSelfRelativeSD
LsaSetTrustedDomainInfoByName
LsaLookupPrivilegeDisplayName
AddAccessAllowedObjectAce
SystemFunction023
AddAuditAccessAceEx
ConvertStringSDToSDRootDomainW
LsaQueryInformationPolicy
RegisterTraceGuidsA
WmiQuerySingleInstanceW
ElfReadEventLogA
EnumerateTraceGuids
ConvertStringSecurityDescriptorToSecurityDescriptorW
SystemFunction001
GetManagedApplicationCategories
LsaLookupNames2
QueryServiceLockStatusW
TreeResetNamedSecurityInfoW
TraceMessageVa
LogonUserW
StartServiceCtrlDispatcherA
DestroyPrivateObjectSecurity
ElfOpenEventLogA
FileEncryptionStatusA
AccessCheckByTypeResultListAndAuditAlarmA
ElfRegisterEventSourceW
ImpersonateSelf
WmiEnumerateGuids
SaferSetLevelInformation
GetAuditedPermissionsFromAclA
ConvertStringSDToSDDomainA
GetWindowsAccountDomainSid
AccessCheckAndAuditAlarmA
SetThreadToken
LsaEnumerateTrustedDomainsEx
SystemFunction040
ElfClearEventLogFileW
CloseServiceHandle
CryptImportKey
TraceEvent
EqualSid
CredReadDomainCredentialsA
CryptDecrypt
LsaRemoveAccountRights
RegSaveKeyA
GetExplicitEntriesFromAclW
FileEncryptionStatusW
CredReadW
SetNamedSecurityInfoExA
AddAccessDeniedAce
CredGetSessionTypes
LsaICLookupSidsWithCreds
AccessCheckByTypeResultList
EncryptedFileKeyInfo
SystemFunction011
AddAccessAllowedAceEx
UnregisterTraceGuids
RegOpenUserClassesRoot
RegQueryInfoKeyW
GetMultipleTrusteeOperationA

rtm

RtmGetAddressFamilyInfo
RtmBlockDeleteRoutes
RtmGetExactMatchDestination
RtmFindNextHop
RtmGetEnumNextHops
MgmGroupEnumerationStart
RtmReleaseNextHopInfo
RtmReleaseDests
RtmGetInstanceInfo
RtmDeregisterClient
RtmLockNextHop
RtmMarkDestForChangeNotification
RtmGetNextHopInfo
RtmLockRoute
RtmReleaseNextHops
RtmDeregisterEntity
RtmDeregisterFromChangeNotification
MgmGetMfeStats
RtmAddRouteToDest
NextMatchInTable
BestMatchInTable
RtmGetExactMatchRoute
DestroyTable
RtmCreateRouteListEnum
RtmGetEnumDests
MgmAddGroupMembershipEntry
RtmInvokeMethod
RtmIsMarkedForChangeNotification
RtmReleaseRouteInfo
RtmGetNextHopPointer
RtmIsBestRoute
SearchInTable
RtmReleaseDestInfo
DeleteFromTable
CheckTable
RtmDequeueRouteChangeMessage
RtmDeleteRouteList
RtmGetMostSpecificDestination
RtmGetInstances

esent

JetBeginSession
JetGetObjectInfo
JetInit@4
JetGetCounter
JetOpenFileSectionInstance
JetReadFileInstance
JetRestore2
JetSetIndexRange
JetUpdate@20
JetSetLS
JetGetBookmark
JetBeginTransaction2
JetRestore
JetFreeBuffer
JetGetColumnInfo
JetRetrieveKey
JetCloseTable@8
JetCreateDatabase2
JetBeginTransaction
JetCreateDatabase
JetMakeKey@20
JetCloseDatabase
JetSetColumnDefaultValue
JetEndExternalBackupInstance
JetEnableMultiInstance
JetMove
JetRetrieveColumns
JetOSSnapshotFreeze
JetResetSessionContext
JetIndexRecordCount
JetRollback
JetAttachDatabase
JetGetSystemParameter
JetCreateDatabaseWithStreaming
JetResetCounter
JetGetTableInfo
JetOpenDatabase
JetInit
JetDeleteColumn2
JetExternalRestore

ntdsapi

DsReplicaSyncW
DsListInfoForServerA
DsWriteAccountSpnA
DsRemoveDsServerW
DsReplicaSyncAllA
DsMapSchemaGuidsA
DsReplicaAddA
DsGetRdnW
DsReplicaModifyW
DsClientMakeSpnForTargetServerA
DsServerRegisterSpnW
DsReplicaDelA
DsReplicaSyncA
DsGetDomainControllerInfoA
DsReplicaSyncAllW
DsInheritSecurityIdentityW
DsReplicaAddW
DsIsMangledDnA
DsFreeDomainControllerInfoW
DsFreeNameResultA
DsListDomainsInSiteA
DsMakePasswordCredentialsW
DsListDomainsInSiteW
DsGetDomainControllerInfoW
DsMakeSpnA
DsInheritSecurityIdentityA
DsListRolesA
DsUnBindW
DsListSitesW
DsCrackNamesW
DsRemoveDsServerA
DsReplicaDelW
DsReplicaGetInfo2W
DsUnquoteRdnValueA

shlwapi

SHRegGetUSValueA
SHGetValueW
SHRegCreateUSKeyW
UrlCanonicalizeA
StrCatBuffA
StrRChrA
AssocQueryKeyW
UrlEscapeA
PathRemoveFileSpecW
PathAddExtensionW
StrRetToBufW
PathAppendW
PathCombineW
SHRegDeleteUSValueA
UrlHashA
SHSetValueA
SHQueryInfoKeyA
PathIsUNCServerW
SHRegCloseUSKey
SHCreateStreamOnFileW
ColorRGBToHLS
PathIsUNCA
PathMakePrettyW
SHDeleteOrphanKeyW
PathQuoteSpacesA
PathUnmakeSystemFolderW
StrCatBuffW
UrlCompareW
SHRegGetPathW
SHRegGetBoolUSValueA
StrIsIntlEqualW

Sections

.text
Size: 207KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 436KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7796b28b27dc28099ab4d65d53ee2942

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

rtm

esent

ntdsapi

shlwapi

Sections

.text Size: 207KB - Virtual size: 207KB

.rdata Size: 214KB - Virtual size: 214KB

.data Size: 436KB - Virtual size: 1.9MB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 207KB - Virtual size: 207KB

.rdata
Size: 214KB - Virtual size: 214KB

.data
Size: 436KB - Virtual size: 1.9MB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 1024B - Virtual size: 1024B