80f145465c8decd950084ad89faeb9ebb94027f5c9d10459abd67d6925e68a03

Sharing

Copy URL Twitter E-mail

General

Target

80f145465c8decd950084ad89faeb9ebb94027f5c9d10459abd67d6925e68a03
Size

828KB
MD5

3904f918e513caae5c9703457e818134
SHA1

c6e12a1ade138b419cbd05952921aa978d1fa182
SHA256

80f145465c8decd950084ad89faeb9ebb94027f5c9d10459abd67d6925e68a03
SHA512

5aff2e70974b444a2ebe0a770217aa02b85754b848accf738ad314a279608d629349d153d7c00a6a1371e742cd7efc298ad80b960511810da2fef9c1449091e6
SSDEEP

24576:z1EM1dSBSlXsuSczk88v+q5cPgPiMjiUpAXG:ipSEQgmjSiMLpAX

Score

N/A

Malware Config

Signatures

Files

80f145465c8decd950084ad89faeb9ebb94027f5c9d10459abd67d6925e68a03
.exe windows x86

c62379478cd010bc39ba8510b77cf1cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

ImpersonateNamedPipeClient
DeregisterEventSource
LsaStorePrivateData
RegCreateKeyExA
GetTrusteeNameW
CryptGenRandom
LsaEnumeratePrivileges
CredDeleteA
SetSecurityDescriptorDacl
RegQueryInfoKeyW
SaferSetLevelInformation
BackupEventLogA
GetManagedApplicationCategories
WmiExecuteMethodA

wshcon

DllCanUnloadNow
DllGetClassObject
DLLGetDocumentation

cfgmgr32

CM_Get_Sibling
CM_Uninstall_DevNode_Ex
CM_Create_DevNodeA
CM_Setup_DevNode_Ex
CM_Get_Child_Ex
CM_Query_Remove_SubTree_Ex
CM_Get_DevNode_Registry_PropertyA
CM_Register_Device_InterfaceA
CM_Get_Device_ID_ExW
CM_Get_Device_ID_Size_Ex
CM_Get_Device_IDA
CM_Disable_DevNode_Ex
CM_Get_DevNode_Registry_PropertyW
CM_Add_Res_Des
CM_Uninstall_DevNode
CM_Get_Device_ID_List_Size_ExW

kernel32

lstrcpyn
GlobalDeleteAtom
GetConsoleKeyboardLayoutNameA
OutputDebugStringW
GetLongPathNameW
LZOpenFileW
lstrlenA
PeekConsoleInputA
GlobalMemoryStatusEx
GetConsoleCommandHistoryLengthW
GetQueuedCompletionStatus
SetLastError
LZRead
LZSeek
GetEnvironmentVariableA
LoadLibraryW
GetTickCount
GetUserDefaultLCID
SignalObjectAndWait
SetNamedPipeHandleState
SetDefaultCommConfigA

dhcpsapi

DhcpServerGetConfigV4
DhcpGetClassInfo
DhcpScanDatabase
DhcpEnumOptions
DhcpDeleteSubnet
DhcpGetMCastMibInfo
DhcpEnumMScopeClients
DhcpDeleteMScope
DhcpServerSetConfig
DhcpServerRedoAuthorization
DhcpAddSubnetElement
DhcpGetOptionInfoV5
DhcpSetOptionInfoV5
DhcpAddMScopeElement
DhcpGetAllOptionValues
DhcpDeleteMClientInfo
DhcpSetSuperScopeV4
DhcpEnumSubnetElements
DhcpGetSubnetInfo

w32topl

ToplGraphRemoveVertex
ToplEdgeGetToVertex
ToplHeapCreate
ToplVertexGetOutEdge
ToplVertexDestroy
ToplSTHeapDestroy
ToplGraphMakeRing
ToplHeapDestroy
ToplListNumberOfElements
ToplVertexGetParent
ToplPScheduleValid
ToplGraphNumberOfVertices

msvcrt

__set_app_type
_mbsstr
_getwch
rewind
wcscoll
_stat64
_getdllprocaddr
_purecall
vprintf
iswascii
exit
_ismbcgraph
$I10_OUTPUT
_wcslwr
_mbsset
_wcsnicoll
_memccpy
__getmainargs
_jn
clock
fgetwc
_splitpath
localeconv
_wstati64
_Gettnames
_ismbclower
__p__commode
__DestructExceptionObject
_ungetwch

user32

EndDialog
MessageBoxA

shell32

SHGetMalloc

Sections

.text
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 189KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c62379478cd010bc39ba8510b77cf1cb

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

wshcon

cfgmgr32

kernel32

dhcpsapi

w32topl

msvcrt

user32

shell32

Sections

.text Size: 383KB - Virtual size: 382KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 189KB - Virtual size: 1.6MB

.rsrc Size: 136KB - Virtual size: 136KB

.reloc Size: 1024B - Virtual size: 872B

.text
Size: 383KB - Virtual size: 382KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 189KB - Virtual size: 1.6MB

.rsrc
Size: 136KB - Virtual size: 136KB

.reloc
Size: 1024B - Virtual size: 872B