4247019bb250e26b45143080f3b451bea60d54b39ab2f87eecc818e76594b61e

Sharing

Copy URL Twitter E-mail

General

Target

4247019bb250e26b45143080f3b451bea60d54b39ab2f87eecc818e76594b61e
Size

134KB
MD5

cda9aff3909a261b22274037a89e4bc7
SHA1

f9e7fa3003ba676d54212777b1276f4b97a57ab2
SHA256

4247019bb250e26b45143080f3b451bea60d54b39ab2f87eecc818e76594b61e
SHA512

f285dad98de55b5045e653661b8ae98413f0db64aeade0e783bfc17af5e88ac856c88fd97c41d86a9c5b707735391d9beb8e7a35b7fe2cddc2389743f8820b6c
SSDEEP

3072:f3HE1BM9f2XuOcMIv5fRtoAXHz/Rt6Qi2kCActXjI:PHEHcf2+OcM+5bocHzZttkCLt

Score

N/A

Malware Config

Signatures

Files

4247019bb250e26b45143080f3b451bea60d54b39ab2f87eecc818e76594b61e
.exe windows x86

13bf94915cb4f3b060bb7bc96cdc418e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetAccessPermissionsForObjectW
OpenProcessToken
RegDisablePredefinedCache
OpenServiceW
LsaGetSystemAccessAccount
SetTraceCallback
IsValidAcl
LsaQueryDomainInformationPolicy
GetNamedSecurityInfoA
SystemFunction004
LsaSetInformationPolicy
SetInformationCodeAuthzLevelW
CredpDecodeCredential
MSChapSrvChangePassword
LsaLookupPrivilegeValue
LookupPrivilegeNameW
GetExplicitEntriesFromAclA
ChangeServiceConfig2A
IsValidSid
LsaStorePrivateData
LsaClose
WmiQuerySingleInstanceMultipleW
FileEncryptionStatusA
SaferiIsExecutableFileType
OpenSCManagerW
CryptDestroyHash
SaferCloseLevel
GetInformationCodeAuthzLevelW
LsaCreateSecret
RegQueryInfoKeyW
CredGetSessionTypes
WmiMofEnumerateResourcesA
LsaLookupNames
ConvertSecurityDescriptorToAccessNamedW
CryptGetProvParam
SaferGetLevelInformation
ReportEventA
LsaSetQuotasForAccount

wldap32

ldap_initW
ldap_startup
ldap_controls_freeA
ldap_compare_extA
ldap_err2stringA
ldap_start_tls_sA
ldap_modrdnW
ldap_set_option
ber_bvdup
ber_skip_tag
ldap_parse_referenceA
ldap_parse_page_control
ldap_create_page_control
ldap_msgfree
cldap_open
ldap_parse_resultA
ber_bvecfree
ldap_memfreeW
ldap_modify_ext_sW
ldap_explode_dnA
ldap_search_init_pageW
ldap_delete_ext_s
ldap_deleteW
ldap_dn2ufnW
ldap_value_free_len
ldap_create_sort_controlW
ldap_search_s
ldap_create_page_controlW
ldap_sslinit
ldap_rename_extA
ldap_parse_sort_controlA
ber_flatten
ldap_search_extW
ldap_memfreeA
ldap_free_controlsW
ldap_rename_extW
ldap_escape_filter_elementA
ldap_modify_extA

kernel32

FormatMessageA
GetBinaryType
BindIoCompletionCallback
SetCommConfig
GetTickCount
FindFirstVolumeA
SetConsoleCursorInfo
SetLocalPrimaryComputerNameA
GenerateConsoleCtrlEvent
SetStdHandle
GetLocaleInfoW
VerifyVersionInfoW
IsWow64Process
EnumCalendarInfoA
GetVolumePathNameA
SetErrorMode
GlobalMemoryStatus
ReleaseMutex
GetCompressedFileSizeW
GetUserDefaultLangID
SwitchToThread
WriteProfileStringA
FillConsoleOutputCharacterW
AddConsoleAliasW
GetTapeParameters
SetComputerNameW
GetConsoleCursorMode
SetComPlusPackageInstallStatus
LoadLibraryA
SetThreadPriorityBoost
LocalSize
lstrcmp
GetConsoleAliasesA
GetFileSize
DeleteFileA
CommConfigDialogA
AreFileApisANSI
LocalAlloc
BuildCommDCBW
GetConsoleCommandHistoryA
VirtualAlloc
OutputDebugStringA
lstrcpyW
CreateTimerQueueTimer
GetPrivateProfileSectionNamesA
LocalUnlock
GetStartupInfoW

msvcrt

__RTtypeid
atan
_spawnvp
_wfopen
__p__winmajor
_mbclen
_mbsicmp
atof
__p__pctype
_winmajor
_ismbclegal
_rmtmp
fseek
_chgsign
tolower
_spawnlp
_wutime
_tzset
wcstombs
_cexit
_wfreopen
_execl
_heapadd
__lc_collate_cp
_get_osfhandle
_strcmpi
sprintf
_ltoa
_wtol
_aligned_free
iswcntrl
_getpid
_wcsnicmp
_lfind
_copysign
_ftime
_ismbbkalnum
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
cos
_lseeki64
_setmode
_stat
sin
_setsystime

user32

EndDialog
MessageBoxW

ntdll

NtImpersonateClientOfPort
toupper
strtol
ZwListenPort
NtSetThreadExecutionState
wcstoul
ZwSetInformationFile
RtlEqualString
_wtol
LdrAddRefDll
NtSetDefaultHardErrorPort
RtlQueueApcWow64Thread
ZwQueryMultipleValueKey
NtWaitForDebugEvent
RtlCompareString
RtlGenerate8dot3Name
NtNotifyChangeKey
ZwCreateEventPair
RtlCompareMemory
NtRenameKey
NtQuerySemaphore
RtlDebugPrintTimes
RtlInsertElementGenericTableAvl
RtlEnumProcessHeaps
_ltow
RtlGetCompressionWorkSpaceSize
RtlQueryRegistryValues
NtFreeUserPhysicalPages
ZwDeviceIoControlFile
_CIpow
RtlpNtOpenKey
RtlCancelTimer
NtCreateProcess
NtSaveKey
RtlConvertSidToUnicodeString
NtCreateMutant
_allmul
vDbgPrintExWithPrefix
NtSetEvent

shell32

SHGetMalloc

Sections

.text
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13bf94915cb4f3b060bb7bc96cdc418e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

wldap32

kernel32

msvcrt

user32

ntdll

shell32

Sections

.text Size: 87KB - Virtual size: 87KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 22KB - Virtual size: 135KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 184B

.text
Size: 87KB - Virtual size: 87KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 22KB - Virtual size: 135KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 184B