374e2266e18f4be577da93d2788d8313e0cc2c695ffb4003efa15ff4d1c8d9d2

Sharing

Copy URL Twitter E-mail

General

Target

374e2266e18f4be577da93d2788d8313e0cc2c695ffb4003efa15ff4d1c8d9d2
Size

615KB
MD5

97daff2d47917c9b32b17c8a2fbe1be2
SHA1

56340acbc8ba55580df3a9c391b898792e6aa95d
SHA256

374e2266e18f4be577da93d2788d8313e0cc2c695ffb4003efa15ff4d1c8d9d2
SHA512

8fbae1c3d5cc6b4437d472390fc8d7bdaf2a556d24fd6c31b6e1ad09a22e92f968459b8b4d3e6346cf57960e10e1e089abcb0b4b149b54e9e8df05a7a2a462d1
SSDEEP

12288:711iE/NwMndvAX+yyBnvK72jIC8wKU+HPIitDvahA5WpKPew:711TaMndvAX+yyBnvK72jIC8wKU+HPIS

Score

N/A

Malware Config

Signatures

Files

374e2266e18f4be577da93d2788d8313e0cc2c695ffb4003efa15ff4d1c8d9d2
.exe windows x64

6f76bf7cec394e7b671959f843d08752

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVolumePathNameA
GetWindowsDirectoryW
OpenEventW
SetComputerNameExW
GetPrivateProfileSectionA
PeekNamedPipe
OpenWaitableTimerA
FindResourceW
GetFileAttributesA
DebugBreak
OpenEventA
GetTimeFormatA
DeleteTimerQueueEx
ReleaseMutex
GetPrivateProfileIntW
AddAtomA
GetDateFormatW
GetNamedPipeHandleStateW
FindFirstFileA
DefineDosDeviceW
SetLocaleInfoA
GetConsoleOutputCP
GetConsoleAliasA
CompareStringW
GetProfileStringW
GetUserDefaultLangID
GetThreadLocale
CreateEventA
CreateProcessA
GetPrivateProfileStructA
GetConsoleScreenBufferInfo
SetProcessPriorityBoost
GetShortPathNameW
GetVolumeInformationA
GlobalReAlloc
QueryInformationJobObject
CreateDirectoryExA
GetVolumeNameForVolumeMountPointA
ReplaceFileA
IsDBCSLeadByteEx
SetThreadExecutionState
SetTapeParameters
ResetWriteWatch
WriteConsoleA
GetSystemDirectoryA
GetNumberFormatA
GetLogicalDriveStringsW
GetThreadTimes
CreateDirectoryW
GetDevicePowerState
GetSystemWindowsDirectoryW
OpenProcess
SetProcessWorkingSetSize
CompareStringA
GetConsoleAliasW
SetWaitableTimer
MoveFileWithProgressA
GetNumberOfConsoleInputEvents
GetThreadPriority
OpenMutexW
CreateSemaphoreW
ConvertDefaultLocale
GetUserDefaultUILanguage
GetConsoleAliasExesA
SetThreadLocale
HeapSetInformation
GetWindowsDirectoryA
GetProcessIoCounters
IsValidCodePage
GetCPInfo
CreateNamedPipeA
ResetEvent
GetFileTime
SetNamedPipeHandleState
SetSystemPowerState
SetSystemTimeAdjustment
IsProcessorFeaturePresent
DeleteTimerQueueTimer
CreateMutexW
OpenWaitableTimerW
SetStdHandle
FreeEnvironmentStringsW
GetProcAddress
FormatMessageW
GetPrivateProfileSectionNamesW
CancelWaitableTimer
SetErrorMode
PostQueuedCompletionStatus
ExpandEnvironmentStringsW
GetPrivateProfileStringA
CreateToolhelp32Snapshot
GetComputerNameA
EraseTape
SetConsoleOutputCP
LoadResource
GetAtomNameA
SetTapePosition
SetPriorityClass
GetStringTypeA
DisconnectNamedPipe
GetDiskFreeSpaceExW
Module32FirstW
CreateFileMappingW
WideCharToMultiByte
FindAtomA
GetLongPathNameA
CreateWaitableTimerW
SetConsoleDisplayMode
CreateJobObjectW
GetStringTypeW
DosDateTimeToFileTime
SetConsoleActiveScreenBuffer
GetPrivateProfileSectionW
IsSystemResumeAutomatic
GetConsoleAliasExesLengthA
SearchPathA
GetTimeFormatW
GetFileInformationByHandle
LocalReAlloc
GetDiskFreeSpaceW
GetConsoleCP
DeleteAtom
GetTempFileNameA
GetFileType
GetShortPathNameA
GetVersion
GetSystemDefaultLCID
GetPriorityClass
FlushFileBuffers
GetTempPathW
SetConsoleMode
GetTempPathA
GetModuleFileNameA
GetVolumeInformationW
GetProcessAffinityMask
LCMapStringA
ReadFile
CreateNamedPipeW
SetThreadContext
GetUserDefaultLCID
OpenMutexA
AssignProcessToJobObject
DnsHostnameToComputerNameW
DeleteVolumeMountPointA
GetSystemWindowsDirectoryA
FindResourceA
VirtualAlloc
FindNextChangeNotification
VerSetConditionMask
MapUserPhysicalPagesScatter
CreateSemaphoreA
SetLocaleInfoW
GetVolumePathNameW

rpcrt4

RpcBindingInqAuthClientA
RpcBindingFromStringBindingA
NdrServerCall2
NdrMesTypeFree2
RpcAsyncCancelCall
NdrSimpleStructUnmarshall
NdrClientInitializeNew
RpcMgmtStatsVectorFree
RpcBindingSetOption
NdrServerInitialize
RpcMgmtSetServerStackSize

user32

GetUserObjectInformationW
IsChild
GetDialogBaseUnits

comctl32

_TrackMouseEvent
ImageList_GetDragImage
ImageList_Draw
ImageList_Replace
CreateStatusWindowW
ImageList_Add
ImageList_SetBkColor
ImageList_EndDrag
CreatePropertySheetPageA
ImageList_Destroy
InitCommonControlsEx
FlatSB_GetScrollPos
ImageList_DrawEx
ImageList_SetIconSize

advapi32

CryptDestroyKey
GetSecurityDescriptorDacl
SetEntriesInAclW
RegQueryMultipleValuesA
GetSidSubAuthorityCount
RegQueryValueExW
RegQueryValueExA
CryptAcquireContextW
AdjustTokenPrivileges
AreAllAccessesGranted
SetKernelObjectSecurity
RegSetValueW
FreeSid
AllocateAndInitializeSid
DuplicateTokenEx
RegOpenKeyExW
RegOpenKeyExA
GetLengthSid
CreateWellKnownSid
GetUserNameW
SetServiceStatus
LsaClose
QueryServiceStatus
EqualSid
OpenSCManagerA
RegQueryValueW
RegEnumKeyW
OpenProcessToken
LsaOpenPolicy
LsaQueryInformationPolicy
CryptHashData
SetSecurityDescriptorDacl
StartServiceW
RegEnumValueA
DeregisterEventSource
RegCreateKeyW
OpenServiceW
GetSecurityDescriptorGroup
GetAce
RegCreateKeyA
RegisterEventSourceW
RegQueryInfoKeyA
RegEnumValueW
CryptReleaseContext
ChangeServiceConfigW
CheckTokenMembership
GetSecurityDescriptorOwner
RegDeleteKeyW
GetSecurityDescriptorSacl
SetThreadToken
AddAce
CryptDestroyHash
LookupAccountSidW
SetNamedSecurityInfoW
GetAclInformation
AreAnyAccessesGranted
InitializeSecurityDescriptor
AddAuditAccessAce
RegSetValueExA
RegNotifyChangeKeyValue
GetCurrentHwProfileA
InitializeAcl
GetSidSubAuthority
GetTokenInformation
RegSetValueA
RegCreateKeyExA
GetCurrentHwProfileW
RegSetKeySecurity
RegOpenKeyA
OpenSCManagerW
AddAccessAllowedAce
RegQueryMultipleValuesW
GetSidLengthRequired
RegSetValueExW
RegCloseKey
AddAccessDeniedAce
SetTokenInformation
RegCreateKeyExW
GetKernelObjectSecurity
MakeSelfRelativeSD
StartServiceA
GetSidIdentifierAuthority
RegDeleteValueW

shell32

ShellExecuteExW
SHGetMalloc
SHFileOperationW
SHChangeNotify
SHBrowseForFolderW
ShellExecuteW
CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetFileInfoW
SHGetFolderPathW
SHBindToParent

ole32

CoUnmarshalInterface
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoGetCallContext
OleQueryLinkFromData
CreateFileMoniker
OleRegGetUserType
StringFromCLSID
CoRegisterSurrogate
HICON_UserFree
OleRegEnumVerbs
OleGetClipboard
HPALETTE_UserUnmarshal
OleSetMenuDescriptor
CoResumeClassObjects
GetHGlobalFromILockBytes
CoAllowSetForegroundWindow
CoRegisterClassObject
OleCreate
CreateDataCache
HWND_UserMarshal
OleLoadFromStream
CoGetCurrentLogicalThreadId
CoFreeLibrary
CoReleaseMarshalData
StgCreatePropSetStg
HWND_UserFree
HWND_UserSize
PropVariantCopy
StgCreateDocfileOnILockBytes
StgConvertPropertyToVariant
HWND_UserUnmarshal
OleSetAutoConvert
OleLoad
DcomChannelSetHResult
CoGetClassObject

oleaut32

SysAllocStringByteLen
VariantCopy
SysStringLen
SysFreeString
VariantClear
VariantChangeType
VariantCopyInd
VariantChangeTypeEx
SafeArrayGetUBound
SafeArrayCreate
SysReAllocStringLen
SetErrorInfo
SafeArrayPtrOfIndex
SysAllocStringLen
GetErrorInfo
SafeArrayGetLBound
VariantInit
GetActiveObject

Sections

.text
Size: 537KB - Virtual size: 537KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 45KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6f76bf7cec394e7b671959f843d08752

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

user32

comctl32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 537KB - Virtual size: 537KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 45KB - Virtual size: 46KB

.pdata Size: 512B - Virtual size: 72B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 537KB - Virtual size: 537KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 45KB - Virtual size: 46KB

.pdata
Size: 512B - Virtual size: 72B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 512B - Virtual size: 12B