9b8257000b05116a3631630c44b9f6b18c13e5bc5635c1fa3f20a01f70380909

Sharing

Copy URL Twitter E-mail

General

Target

9b8257000b05116a3631630c44b9f6b18c13e5bc5635c1fa3f20a01f70380909
Size

64KB
MD5

1f7bcf150c79af186d1472a3af724f60
SHA1

462bbc6e41f3628562a3a64bd2bfd370c1f49ca2
SHA256

9b8257000b05116a3631630c44b9f6b18c13e5bc5635c1fa3f20a01f70380909
SHA512

e9fa51927672bf5c15dfb5616637f53066797a780cddf7539ca623e510d75cd5c01c116a7a2bdbdce62f504b0a59389c1783072b0ab76d34f9853c8f2d93c1fc
SSDEEP

768:pn2IAZ3HbOexil4o3HbkJ3G9Z+1qhqOHtAEn:pAHqOSHI49Z+zwtAEn

Score

N/A

Malware Config

Signatures

Files

9b8257000b05116a3631630c44b9f6b18c13e5bc5635c1fa3f20a01f70380909
.exe windows x64

0a198382df071beccfa7109bb8db9fa3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleW
CloseHandle
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
GetProcAddress
GetComputerNameExW
LocalFree
FormatMessageW
FreeLibrary
LoadLibraryW
OpenProcess
ReadProcessMemory
GetLastError
GetCurrentProcess
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter

advapi32

IsTextUnicode
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
LogonUserW

msvcp60

??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@H@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@H@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@AEBV12@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBGAEBV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@PEBG_KAEBV?$allocator@G@1@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBAHAEBV12@@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBAHPEBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@PEBG@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAPEAGXZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAPEAGXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@K@Z
?str@?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@AEBV12@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@PEBG@Z
??_D?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAXXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV01@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV12@PEBG_K@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAAAEAV01@AEBV01@@Z
??6std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@0@AEAV10@PEBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QEAA@AEBV?$allocator@G@1@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPEBGXZ@4GB
??1_Winit@std@@QEAA@XZ
??1Init@ios_base@std@@QEAA@XZ
??0_Winit@std@@QEAA@XZ
??0Init@ios_base@std@@QEAA@XZ
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
?endl@std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@1@AEAV21@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QEAAAEAV01@G@Z
??6std@@YAAEAV?$basic_ostream@GU?$char_traits@G@std@@@0@AEAV10@AEBV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z

secur32

LsaGetLogonSessionData
LsaFreeReturnBuffer
LsaEnumerateLogonSessions

psapi

GetModuleInformation

netapi32

NetApiBufferFree
NetUserGetInfo

msvcrt

_c_exit
_exit
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
__C_specific_handler
_onexit
__dllonexit
free
toupper
memset
??2@YAPEAX_K@Z
memcmp
memcpy
_wcsicmp
_XcptFilter

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a198382df071beccfa7109bb8db9fa3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

msvcp60

secur32

psapi

netapi32

msvcrt

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 636B

.rsrc Size: 39KB - Virtual size: 40KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 636B

.rsrc
Size: 39KB - Virtual size: 40KB