581e1792aadc9b2413f952349db7a10bf7097438efed61593fbbc52506b267be

Sharing

Copy URL Twitter E-mail

General

Target

581e1792aadc9b2413f952349db7a10bf7097438efed61593fbbc52506b267be
Size

702KB
MD5

22fa7f745849238fe8d548f15a3b5bfc
SHA1

dc7fd5ce65dece8f751a235efc28b0f963b63ace
SHA256

581e1792aadc9b2413f952349db7a10bf7097438efed61593fbbc52506b267be
SHA512

ff6664e6425151b2b3103b3e51aab44260f1d9c6cb3d4cc41c2e51548a8e8d4ea43126f8b8ccd38c61fc17387ef56eda71721a8f89470a93a66fa483a4d50808
SSDEEP

12288:RxJHDJJMBWF62lMcyJSDHFmnhXOnXrvvYt+kr9/X5aRaZ4fbGk3:RxJHDJJMQF62l/VmnhXOn7Fkr9Pp4DF

Score

N/A

Malware Config

Signatures

Files

581e1792aadc9b2413f952349db7a10bf7097438efed61593fbbc52506b267be
.exe windows x86

f2f4eb4b615a74c7918a78cbdfca12e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

WaitForInputIdle
SetWindowTextA
CharLowerBuffW
ClientToScreen
KillTimer
ShowScrollBar
GetClipCursor
GetLastInputInfo
ChangeClipboardChain
IsWindowVisible
CharLowerBuffA
ShowCursor
DefFrameProcW
SetKeyboardState
PostMessageW
GetSystemMenu
ReasonCodeNeedsComment
SetForegroundWindow
GetDesktopWindow
EnumDisplaySettingsExA
CharLowerA
GetClassInfoExW
SendMessageA
CharToOemW
InsertMenuA
GetAncestor
SetCaretBlinkTime
SetWindowsHookExA
DdeInitializeA
DrawTextW
InitializeLpkHooks
SwitchToThisWindow
CharNextA
GetCursorInfo
GetFocus
LoadMenuA
BeginPaint
SetScrollPos
EnumThreadWindows
GetNextDlgTabItem
RemovePropA
GetMenuInfo
ArrangeIconicWindows
EndTask
SetProcessWindowStation
MessageBoxTimeoutW
WinHelpW
GetMessageA
ScrollWindowEx
LoadLocalFonts
SendDlgItemMessageW
GetDlgItemTextW
CloseClipboard
GetWindowDC
GetWindow
GetMenuDefaultItem

netapi32

NetLocalGroupEnum
NetGroupGetInfo
NetShareEnum
NetpwPathType
NetRemoteTOD
DsRoleGetPrimaryDomainInformation
NetRenameMachineInDomain
NetDfsSetClientInfo
NetSessionEnum
NetFileEnum
NetGetJoinInformation
NetUserChangePassword
NetWkstaUserGetInfo
NetUserAdd
NetUserSetInfo
NetGetAnyDCName
NetRegisterDomainNameChangeNotification
DsEnumerateDomainTrustsW
NetShareDelSticky
I_NetServerReqChallenge
NetShareDel
NetServiceEnum
NetUserModalsGet
NetFileGetInfo
NetWkstaTransportEnum

kernel32

SetProcessWorkingSetSize
HeapReAlloc
SetMailslotInfo
SearchPathW
ExpandEnvironmentStringsW
HeapCreate
lstrcpynW
GetDriveTypeW
QueryDosDeviceA
IsSystemResumeAutomatic
ContinueDebugEvent
SetTermsrvAppInstallMode
GetStringTypeW
LCMapStringA
GetUserDefaultLCID
VirtualAlloc
FindVolumeClose
MoveFileWithProgressW
GetEnvironmentVariableW
SetConsoleTitleW
BuildCommDCBA
HeapUnlock
GetCommTimeouts

gdi32

GdiStartDocEMF
ResetDCW
GetBitmapDimensionEx
CLIPOBJ_ppoGetPath
GetTextExtentPointW
Polyline
EndPath
SetTextJustification
GetViewportOrgEx
SetPaletteEntries
GetStockObject
CreateDCW
EngStretchBlt
CreateFontIndirectA
InvertRgn
GetDeviceGammaRamp

rasapi32

RasGetEapUserIdentityW
RasEnumConnectionsA
RasSetEntryPropertiesW
RasEnumDevicesW
RasGetConnectStatusW
RasDialW
RasSetCredentialsW
RasConnectionNotificationW
RasDeleteEntryW
RasSetCustomAuthDataW
RasHangUpW
RasGetErrorStringW
RasValidateEntryNameW
RasGetCustomAuthDataW
RasEnumEntriesW
RasGetProjectionInfoW
RasGetEapUserDataW
RasSetAutodialAddressW
RasGetEntryDialParamsW
RasFreeEapUserIdentityW
RasGetAutodialAddressW
RasGetEntryHrasconnW
RasGetHport
RasGetSubEntryPropertiesW

msvcrt

isupper
wcstombs
_wtempnam
_swab
getchar
_lseeki64
memcmp
toupper
_mbctolower
mktime
scanf
_CxxThrowException
fflush
??0exception@@QAE@XZ
iswalnum
iswgraph
_expand
strcat
??0exception@@QAE@ABV0@@Z
fgetc
iswprint
exp
_mbscmp
iswctype
_control87
memchr
wcslen
fwrite
isxdigit

dnsapi

DnsQueryConfig
DnsDhcpSrvRegisterInit
DnsReplaceRecordSetUTF8
DnsValidateName_UTF8
DnsRecordListFree
DnsQuery_W
DnsQuery_UTF8
DnsNameCompareEx_W
DnsValidateName_W
DnsStatusString
DnsNameCompare_W
DnsNotifyResolver
DnsModifyRecordsInSet_UTF8
DnsDhcpSrvRegisterTerm

Sections

.text
Size: 18KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CRT
Size: 537KB - Virtual size: 866KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2f4eb4b615a74c7918a78cbdfca12e2

Headers

DLL Characteristics

File Characteristics

Imports

user32

netapi32

kernel32

gdi32

rasapi32

msvcrt

dnsapi

Sections

.text Size: 18KB - Virtual size: 347KB

CRT Size: 537KB - Virtual size: 866KB

.rsrc Size: 145KB - Virtual size: 144KB

.reloc Size: 512B - Virtual size: 128B

.text
Size: 18KB - Virtual size: 347KB

CRT
Size: 537KB - Virtual size: 866KB

.rsrc
Size: 145KB - Virtual size: 144KB

.reloc
Size: 512B - Virtual size: 128B