36cebcf5d6e00172b2b4bae120b500053df415ff2fab29adc18108765204911c

General

Target

36cebcf5d6e00172b2b4bae120b500053df415ff2fab29adc18108765204911c
Size

1.6MB
MD5

bab260d386c8b7333a5a8e9dccf0cef7
SHA1

bb02b23072a57f8ac50ae55ceef151a0241edf34
SHA256

36cebcf5d6e00172b2b4bae120b500053df415ff2fab29adc18108765204911c
SHA512

8cdc8c11a0cc1b89f13592372268fa4bf08e95c856fb2eabdcec243c7221ee5588a1be93b0843276c633c7ceef017f3ef11c9e928f761c0ae298abb2213292e2
SSDEEP

49152:c6PQ5Y6iw0Eq6NJQWztwLav8GndTIdrGCaAZssUdfl:t4Cbw0f6NJQkrNndaFW9dfl

Score

N/A

Malware Config

Signatures

Files

36cebcf5d6e00172b2b4bae120b500053df415ff2fab29adc18108765204911c
.exe windows x86

09388a1cdaa9474a9752f541d94acb6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dbnmpntw

ConnectionError
ConnectionWrite
ConnectionVer
ConnectionClose

wtsapi32

WTSEnumerateServersA
WTSSetSessionInformationW
WTSFreeMemory
WTSVirtualChannelQuery
WTSOpenServerW
WTSVirtualChannelOpen
WTSRegisterSessionNotification
WTSEnumerateSessionsW
WTSVirtualChannelRead
WTSLogoffSession
WTSWaitSystemEvent
WTSQuerySessionInformationA
WTSSendMessageA
WTSVirtualChannelClose
WTSUnRegisterSessionNotification
WTSEnumerateProcessesA
WTSQueryUserToken

kernel32

HeapValidate
GetSystemTimeAsFileTime
CreateFileA
GetCurrentProcess
ReadConsoleA
FindResourceW
SetFilePointer
UpdateResourceA
GetConsoleAliasA
LoadLibraryA
WriteConsoleA
GetVersionExA
GetLongPathNameA
GetCurrentDirectoryA
GetLogicalDrives
QueryDosDeviceW
HeapCreate
CloseHandle
GetGeoInfoA
GetPrivateProfileSectionA
lstrcmpiA
ReadFile
GetProcessHeap

user32

IsCharLowerW
PeekMessageA
IsZoomed
GetCaretPos
GetMessageA
GetWindowLongA
IsWindowVisible
DispatchMessageA
GetWindowTextA
EnableWindow
IsWindow
IsChild
CreateWindowExA
IsDialogMessageA

qutil

AllocConnections
FreeFixupInfo
AllocFixupInfo
FreeConnections

cryptdll

MD5Init
CDLocateRng
CDBuildVect
MD5Final
MD5Update

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09388a1cdaa9474a9752f541d94acb6a

Headers

DLL Characteristics

File Characteristics

Imports

dbnmpntw

wtsapi32

kernel32

user32

qutil

cryptdll

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 1.6MB - Virtual size: 1.6MB

.rsrc Size: 25KB - Virtual size: 24KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 25KB - Virtual size: 24KB