fb7fd253164e6fdbdad7027ebb3f479dc53f5b792a9b1f4f8eb5fe7abe8d8321

Sharing

Copy URL Twitter E-mail

General

Target

fb7fd253164e6fdbdad7027ebb3f479dc53f5b792a9b1f4f8eb5fe7abe8d8321
Size

68KB
MD5

c201efec0f47794d5b2066d44f69a161
SHA1

3a2e2b5a197f0174320b157afdf5ef8bb9cfd6ca
SHA256

fb7fd253164e6fdbdad7027ebb3f479dc53f5b792a9b1f4f8eb5fe7abe8d8321
SHA512

cb63fd234834fef633ee3be5ab1cd8ec58452a128b3c91a40cdea8bc35ec1d92b7ad44d49d5d37e59f54f47303b6c1101dd2f6e21baa3beb7a1706c432cb88f2
SSDEEP

768:+7LFEKOGzhRlDxF2IpMCwYn3Gpdj7ZBbvTVaEmIi54kcGkc4Ns+s99/aB8xuk9l:ep7OgJ+kVcLX5qrcGk/lM9/a+Vv

Score

N/A

Malware Config

Signatures

Files

fb7fd253164e6fdbdad7027ebb3f479dc53f5b792a9b1f4f8eb5fe7abe8d8321
.exe windows x86

8452c04f00371159003ddbc750cbe91a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__setusermatherr
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_initterm
sprintf
strncpy
??2@YAPAXI@Z
wcscat
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_adjust_fdiv
_itoa
_c_exit
rand
toupper
towlower
wcsncat
wcschr
_wcsnicmp
wcscmp
strrchr
memmove
_stricmp
wcsrchr
isdigit
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
memchr
_strcmpi
wcscpy
strchr
_wcsicmp
wcslen
??3@YAXPAX@Z

advapi32

DuplicateTokenEx
LookupAccountSidW
CreateProcessAsUserW
ImpersonateLoggedOnUser
RevertToSelf
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
RegOpenKeyExA
RegQueryValueExA
RegLoadKeyA
RegSetValueExW
RegCreateKeyA
RegOpenKeyW
OpenProcessToken
LookupPrivilegeValueW
GetAce
ReportEventW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
AdjustTokenPrivileges
LogonUserW
RegOpenKeyExW
RegQueryValueExW
DeregisterEventSource
RegisterEventSourceW
AllocateAndInitializeSid
LookupAccountNameW
GetTokenInformation
EqualSid
RegCreateKeyW
OpenThreadToken
RegCloseKey
FreeSid

kernel32

ExpandEnvironmentStringsA
GetModuleFileNameA
FreeConsole
AllocConsole
CreateFileA
GetSystemDirectoryW
lstrcmpiW
LoadLibraryA
SetEnvironmentVariableA
SetEnvironmentVariableW
GetEnvironmentVariableW
GetExitCodeProcess
SetConsoleCtrlHandler
DuplicateHandle
GetCurrentProcess
GetCurrentThread
GetModuleHandleA
FormatMessageW
CreateEventW
WaitForSingleObject
lstrcpyW
ReleaseMutex
CloseHandle
GetCurrentProcessId
CreateNamedPipeW
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
TerminateProcess
IsDBCSLeadByte
WaitForMultipleObjects
GetLastError
GetTickCount
GlobalFree
GlobalAlloc
SetLastError
SetHandleInformation
GetStdHandle
WideCharToMultiByte
GetConsoleCP
GetProcAddress
LoadLibraryW
ReadFile
WriteFile
GetComputerNameW
GetLocalTime
CancelIo
lstrcpyA
lstrcatA
LocalFree
FormatMessageA
GetACP
GetOverlappedResult
ExitProcess
SetErrorMode
MultiByteToWideChar
GenerateConsoleCtrlEvent
SetConsoleScreenBufferSize
SetConsoleWindowInfo
GetConsoleScreenBufferInfo
CreateFileW
LoadLibraryExW
WriteConsoleInputA
ExpandEnvironmentStringsW
WriteConsoleW
ReadConsoleOutputA
ReadConsoleOutputW
WriteConsoleInputW
GetConsoleMode
FreeLibrary

ntdll

RtlSubAuthorityCountSid
RtlSubAuthoritySid
DbgPrint

user32

LoadStringW
wsprintfA
MapVirtualKeyW
VkKeyScanW
wsprintfW

oleaut32

VarBstrFromDate
VarDateFromUdate
SysFreeString

psapi

EnumProcesses

security

AcceptSecurityContext
ImpersonateSecurityContext
RevertSecurityContext
AcquireCredentialsHandleW
QuerySecurityPackageInfoW
DeleteSecurityContext
FreeCredentialsHandle
FreeContextBuffer

netapi32

NetGetDCName
NetGetAnyDCName
NetUserGetInfo
NetApiBufferFree

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCancelConnection2W
WNetCloseEnum
WNetAddConnection2W

ws2_32

setsockopt
ioctlsocket
WSASocketW
shutdown
WSAStartup
closesocket
WSACleanup
getpeername
inet_ntoa
gethostbyaddr
WSAGetLastError

shell32

SHGetFolderPathW

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8452c04f00371159003ddbc750cbe91a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

ntdll

user32

oleaut32

psapi

security

netapi32

mpr

ws2_32

shell32

Sections

.text Size: 48KB - Virtual size: 48KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 48KB - Virtual size: 48KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 18KB - Virtual size: 17KB