4785ad3cb17aff7b695b23c83c8a5bfebde3ca565ad6239d50cc43952cc52f41

Sharing

Copy URL Twitter E-mail

General

Target

4785ad3cb17aff7b695b23c83c8a5bfebde3ca565ad6239d50cc43952cc52f41
Size

281KB
MD5

b1c7fa8ff80ade75f329b2392ae67f55
SHA1

d2d10752671259de4851d281fa458c863dab8565
SHA256

4785ad3cb17aff7b695b23c83c8a5bfebde3ca565ad6239d50cc43952cc52f41
SHA512

ebbe76c602f1a5bcb3720bbf177daab7807249e83fe5dc8bcc737453c75b3d92ab2ed38874e9c0d3010361982052fe1261c49058e1259c3700c886b9547e45c1
SSDEEP

6144:2rR/oF4ZZC85+nCLVs8SjTdi8J3Rz+nPnxRmog9P6swyoI+J5YHByfZ:2xv9cdNJWRY9Bwy6Ksx

Score

N/A

Malware Config

Signatures

Files

4785ad3cb17aff7b695b23c83c8a5bfebde3ca565ad6239d50cc43952cc52f41
.exe windows x86

eb400d04a30c89dc0c022f5446209535

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcscmp
__CxxFrameHandler
memmove
??2@YAPAXI@Z
swprintf
sprintf
strstr
wcscat
??3@YAXPAX@Z
exit
wcsstr
wcslen
wcscpy
free
malloc
mbstowcs
_wcsupr
towupper
wcsncpy
fclose
fflush
mbtowc
___mb_cur_max_func
fopen
wcschr
_wcsicmp
wcsrchr
_c_exit
_exit
_XcptFilter
_cexit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp

advapi32

InitializeAcl
AddAccessAllowedAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegDeleteKeyW
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyW
InitiateSystemShutdownExW
RegCreateKeyExW
RegSetValueExW
RegUnLoadKeyW
RegLoadKeyW
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegisterServiceCtrlHandlerW
LookupPrivilegeValueW
PrivilegeCheck
AllocateAndInitializeSid
IsValidSid
FreeSid
CheckTokenMembership
OpenThreadToken
OpenProcessToken
SetServiceStatus
StartServiceCtrlDispatcherW
GetLengthSid

kernel32

SetVolumeMountPointW
FreeLibrary
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
lstrcatW
InterlockedDecrement
GetComputerNameExW
ExitThread
InterlockedIncrement
lstrlenA
GetFileAttributesW
FindClose
FindFirstFileW
CreateFileA
GetProcAddress
LoadLibraryW
ResumeThread
SetLastError
DeleteVolumeMountPointW
GetComputerNameW
IsBadCodePtr
CompareStringW
lstrcpyA
IsBadWritePtr
GetSystemDirectoryW
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryA
SetEndOfFile
SetFilePointerEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalAlloc
TerminateThread
FindFirstVolumeW
GetCurrentThreadId
HeapAlloc
GetProcessHeap
HeapFree
QueryDosDeviceW
DeviceIoControl
CloseHandle
CreateFileW
DefineDosDeviceW
GetDriveTypeW
Sleep
LocalFree
GetLastError
lstrcmpiA
SetEvent
lstrcmpW
lstrlenW
FormatMessageW
GetModuleHandleW
CreateEventW
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
GetCurrentProcess
GetCurrentThread
CreateThread
SetErrorMode
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
IsBadStringPtrW
IsBadReadPtr
lstrcpyW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW

user32

PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadIconW
LoadCursorW
RegisterClassW
BroadcastSystemMessageW
PostMessageW
DestroyWindow
RegisterDeviceNotificationW
wsprintfW
LoadStringW
UnregisterDeviceNotification
PostQuitMessage
DefWindowProcW
ShowWindow
CreateWindowExW

ntdll

RtlExtendedIntegerMultiply
NtDeviceIoControlFile
NtQueryVolumeInformationFile
NtQuerySystemTime
RtlAdjustPrivilege
RtlExtendedLargeIntegerDivide
NtQuerySystemInformation
RtlFreeUnicodeString
NtOpenFile
RtlCreateUnicodeString
NtFsControlFile
NtWriteFile
NtReadFile
NtFlushBuffersFile
NtClose
RtlInitUnicodeString
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject

ole32

CoSuspendClassObjects
CoRevertToSelf
CoImpersonateClient
CoTaskMemAlloc
CoTaskMemFree
CoSetProxyBlanket
CoTaskMemRealloc
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoInitializeSecurity
CoInitializeEx

rpcrt4

RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
RpcServerRegisterIf
RpcServerListen
RpcBindingInqAuthClientW
RpcMgmtStopServerListening
RpcServerUnregisterIf
UuidFromStringW
UuidEqual
UuidCreate
RpcImpersonateClient
RpcRevertToSelf
NdrServerCall2

setupapi

SetupDiDestroyDeviceInfoList
CM_Locate_DevNodeW
CM_Get_Device_IDW
CM_Get_Device_ID_Size_Ex
CM_Get_DevNode_Status_Ex
SetupDiOpenDeviceInterfaceW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInfoW
CM_Get_Parent_Ex
CM_Get_Device_ID_List_ExW
CM_Get_Device_ID_List_Size_ExW
SetupDiGetClassDevsW
CM_Reenumerate_DevNode_Ex
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW

clusapi

GetNodeClusterState

dmutil

AddEntryBootFileMbr
LowNtWriteFile
LowNtReadFile
LowNtReadOnlyAttributeOff
GetSystemVolume
DynamicSupport
FreeRgszw
RgszwFromArgs
RgszwFromValist
RgszwDupRgszw
GetErrorData
AddEntryBootFileGpt
GetInstallDirectoryPath
TranslateError

osuninst

IsUninstallImageValid

ntdsapi

DsMakeSpnW

Sections

.text
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb400d04a30c89dc0c022f5446209535

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ntdll

ole32

rpcrt4

setupapi

clusapi

dmutil

osuninst

ntdsapi

Sections

.text Size: 209KB - Virtual size: 209KB

.data Size: 15KB - Virtual size: 19KB

Size: 53KB - Virtual size: 53KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 209KB - Virtual size: 209KB

.data
Size: 15KB - Virtual size: 19KB

.rsrc
Size: 2KB - Virtual size: 2KB