a4c36d6710fe718187ad2e6fb6dcc7454571e6f766d6aa10edfe79b1e1d43821

Sharing

Copy URL Twitter E-mail

General

Target

a4c36d6710fe718187ad2e6fb6dcc7454571e6f766d6aa10edfe79b1e1d43821
Size

238KB
MD5

cc356e2de206212d22424d696a9e90d6
SHA1

57294b80d3155d51df2c7b23794e80e04e5167aa
SHA256

a4c36d6710fe718187ad2e6fb6dcc7454571e6f766d6aa10edfe79b1e1d43821
SHA512

d7ce340b95da16a303c75342bf7cc4ffcbd878c7e9fe0406ac651741839013009cdf41fce2cb3cd5838b021b51a047dca515ef8bc6fc82d1c18dc6b897458020
SSDEEP

6144:DrPQ/PF73GZXVRGimr4bL3fmj4EQHYzItNs1lDl57f3:DbWPFs7GEbL3OjVQHYzItq1rBf3

Score

N/A

Malware Config

Signatures

Files

a4c36d6710fe718187ad2e6fb6dcc7454571e6f766d6aa10edfe79b1e1d43821
.exe windows x86

fc84d8bbc723c0a7a57522957d988c46

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
__p__fmode
_cexit
_XcptFilter
_exit
_c_exit
_itow
_purecall
__set_app_type
_controlfp
wcsncpy
wcscpy
_except_handler3
wcscat
wcsncat
wcschr
wcsrchr
_snprintf
_wcsicmp
wcslen
_snwprintf
_ltoa
wcscmp
sprintf
strchr
strtoul
strncpy
calloc
??2@YAPAXI@Z
realloc
??3@YAXPAX@Z
free
malloc
exit
_wsplitpath
_vsnwprintf
swprintf
_putws

advapi32

InitializeSecurityDescriptor
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
DeregisterEventSource
LookupAccountSidW
ChangeServiceConfigW
SetServiceStatus
ControlService
DeleteService
CreateServiceW
OpenSCManagerW
OpenServiceW
CryptGenRandom
RegSetKeySecurity
GetSecurityDescriptorLength
MakeSelfRelativeSD
ReportEventW
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
LsaClose
CloseServiceHandle
GetFileSecurityW
SetFileSecurityW
CryptAcquireContextW
CryptReleaseContext
RegNotifyChangeKeyValue
AllocateAndInitializeSid
FreeSid
RegDeleteValueW
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
RegEnumKeyExW
LookupPrivilegeValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
CopySid
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
OpenProcessToken
LookupAccountNameW
AddAce
GetAce
GetAclInformation
InitializeAcl
AddAccessAllowedAce
EqualSid
AdjustTokenPrivileges

kernel32

InterlockedCompareExchange
ResetEvent
WaitForMultipleObjects
SetErrorMode
InterlockedDecrement
GetSystemDirectoryW
GetACP
SetFilePointer
GetLocalTime
GetCommandLineW
Sleep
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetComputerNameW
ExpandEnvironmentStringsW
GetConsoleCP
LocalAlloc
FormatMessageW
LocalFree
CreateMutexW
CreateNamedPipeW
VirtualFree
OpenProcess
SetLastError
GetVersionExW
VirtualAlloc
lstrlenW
lstrcpyW
GetLastError
InterlockedIncrement
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
CloseHandle
GetCurrentProcess
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
lstrcpynW
GetModuleFileNameW
lstrcatW
FreeLibrary
lstrlenA
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetFileSize
CreateFileW
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
CreateEventW
InterlockedExchange
ReleaseMutex
PostQueuedCompletionStatus
DuplicateHandle
GetOEMCP
SetHandleInformation
CreateIoCompletionPort
CreateProcessW
ReadFile
WriteFile
PeekNamedPipe
GetSystemTime
SetEvent
TerminateThread
GetQueuedCompletionStatus
CreateThread

user32

LoadStringW
CloseWindowStation
CloseDesktop
SetUserObjectSecurity
GetProcessWindowStation
wsprintfA
LoadStringA
MessageBoxW
CharNextW
wsprintfW

ntlsapi

NtLicenseRequestA
NtLSFreeHandle

ole32

CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
CoInitializeEx
CoInitialize
CoUninitialize
CoInitializeSecurity
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
SetErrorInfo
VarI4FromStr
LoadTypeLi
VarBstrFromDate
VarDateFromUdate
UnRegisterTypeLi
SysStringByteLen
RegisterTypeLi
SysFreeString
SysStringLen
SysAllocStringLen

netapi32

NetApiBufferFree
NetGetJoinInformation
NetLocalGroupAdd
NetServerGetInfo

ws2_32

gethostbyaddr
WSAEnumNetworkEvents
accept
WSASetEvent
WSACloseEvent
WSACleanup
shutdown
WSAResetEvent
WSADuplicateSocketW
getpeername
WSAStartup
WSACreateEvent
socket
setsockopt
bind
listen
WSAEventSelect
closesocket
WSASetLastError
getservbyport
ntohs
htons
getservbyname
htonl
inet_ntoa
gethostbyname
WSAGetLastError
inet_addr

psapi

EnumProcesses

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 164KB - Virtual size: 428KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc84d8bbc723c0a7a57522957d988c46

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ntlsapi

ole32

oleaut32

netapi32

ws2_32

psapi

Sections

.text Size: 54KB - Virtual size: 53KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 18KB - Virtual size: 18KB

.vmp0 Size: 164KB - Virtual size: 428KB

.text
Size: 54KB - Virtual size: 53KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 18KB - Virtual size: 18KB

.vmp0
Size: 164KB - Virtual size: 428KB