3691cc67f1d9887199235156c72f68f31ac55792e6d830e0254058332985e221

Sharing

Copy URL Twitter E-mail

General

Target

3691cc67f1d9887199235156c72f68f31ac55792e6d830e0254058332985e221
Size

529KB
MD5

c2705c736779de952ef635d9f1001b4a
SHA1

c9cb3d1f4c4e528ca0e76725d58385843a963160
SHA256

3691cc67f1d9887199235156c72f68f31ac55792e6d830e0254058332985e221
SHA512

d34dddaaa50d68c6a9f4f1246d33b57533c90c35ee78727495357d42efb793936f0d500646fe3bf8f8efdc349aba7d385f4f613e066157bb094a2cc7f773c604
SSDEEP

12288:NlLetjVFODwW+KnZ+PYudnVOtHcydO5B3h8sWIgNETVoZlxVRHGPDk9:NlLAdVqcydO5MrpuVoZlxV5EDE

Score

N/A

Malware Config

Signatures

Files

3691cc67f1d9887199235156c72f68f31ac55792e6d830e0254058332985e221
.dll windows x64

36e4d5414001278bb80d1f97ce1be672

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleInformation

advapi32

LookupPrivilegeNameW
EnumServicesStatusExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptImportKey
CryptDecrypt
CryptGetProvParam
CryptExportKey
CryptEnumProvidersW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetKeyParam
CryptGetUserKey
CredEnumerateW
CredFree
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
QueryUsersOnEncryptedFile
QueryRecoveryAgentsOnEncryptedFile
FreeEncryptionCertificateHashList
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
IsTextUnicode
CloseServiceHandle
CreateServiceW
OpenSCManagerW
OpenServiceW
StartServiceW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
DeleteService
CreateProcessAsUserW
CreateProcessWithLogonW
AllocateAndInitializeSid
FreeSid
SetKernelObjectSecurity
LookupAccountSidW
DuplicateTokenEx
QueryServiceObjectSecurity
SetServiceObjectSecurity
BuildSecurityDescriptorW
ConvertSidToStringSidW
ControlService

user32

GetWindowThreadProcessId
UpdateWindow
InvalidateRect
PostThreadMessageW
EnumWindowStationsW
EnumDesktopsW
EnumWindows
WaitForInputIdle

secur32

LsaEnumerateLogonSessions
LsaFreeReturnBuffer
GetUserNameExW
LsaGetLogonSessionData

crypt32

CryptAcquireCertificatePrivateKey
CertEnumCertificatesInStore
PFXExportCertStoreEx
CertGetNameStringW
CertEnumSystemStore
CertAddCertificateContextToStore
CertGetCertificateContextProperty
CertFreeCertificateContext
CertCloseStore
CertOpenStore

shlwapi

PathCombineW
PathIsRelativeW
PathCanonicalizeW

wtsapi32

WTSEnumerateSessionsW
WTSCloseServer
WTSEnumerateProcessesW
WTSOpenServerW
WTSFreeMemory

kernel32

GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
SetStdHandle
OutputDebugStringW
WriteConsoleW
SetEndOfFile
VirtualProtect
IsValidCodePage
GetConsoleCP
GetModuleFileNameW
GetFileType
SetFilePointerEx
ReadConsoleW
GetConsoleMode
IsDebuggerPresent
GetProcessHeap
ExitProcess
SetUnhandledExceptionFilter
ExitThread
MultiByteToWideChar
WriteFile
ReadFile
CloseHandle
CreateFileW
FreeLibraryAndExitThread
GetProcAddress
Sleep
FreeLibrary
LoadLibraryW
GetLastError
FlushFileBuffers
SetLastError
GetModuleHandleW
VirtualAllocEx
VirtualFreeEx
OpenProcess
CreateRemoteThread
WaitForSingleObject
VirtualProtectEx
GetCurrentProcess
ReadProcessMemory
WriteProcessMemory
TerminateProcess
GetProcessId
DuplicateHandle
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
ResumeThread
VirtualQueryEx
GetStdHandle
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
SetConsoleCursorPosition
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetNativeSystemInfo
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
WaitNamedPipeW
DebugActiveProcess
CreateProcessW
IsBadReadPtr
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
LocalFree
FormatMessageW
GetCurrentDirectoryW
GetComputerNameExW
GetVersionExW
OpenThread
TerminateThread
SuspendThread
Thread32First
Thread32Next
RaiseException
LoadLibraryExA
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
HeapFree
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetModuleHandleExW
HeapSize

Exports

Exports

DeinitServerExtension
InitServerExtension
ReflectiveLoader
ping

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36e4d5414001278bb80d1f97ce1be672

Headers

DLL Characteristics

File Characteristics

Imports

psapi

advapi32

user32

secur32

crypt32

shlwapi

wtsapi32

kernel32

Exports

Exports

Sections

.text Size: 348KB - Virtual size: 348KB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 11KB - Virtual size: 22KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 760B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 348KB - Virtual size: 348KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 11KB - Virtual size: 22KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 760B

.reloc
Size: 3KB - Virtual size: 2KB