b89766a48b658d1b54ceecc59597a617ed3b8ac3c24be8f2c1b07db717f51d5a

Sharing

Copy URL Twitter E-mail

General

Target

b89766a48b658d1b54ceecc59597a617ed3b8ac3c24be8f2c1b07db717f51d5a
Size

258KB
MD5

f831ef8dbf8a7aefbd64ff573cdfdc57
SHA1

665922fc4245613e33ce00424e0c6df7a4b96b34
SHA256

b89766a48b658d1b54ceecc59597a617ed3b8ac3c24be8f2c1b07db717f51d5a
SHA512

b3ce14f146bd11662c0c6def033d096ba9f5cd07c99fabb610f0577fad8bdce1db2168682802d382982bfb9cba01d13c1c7062812daeaddae7c138dfd771819f
SSDEEP

6144:lm6G50HU+Iwxs7MHDgxKMI2gO7+cFUp1/LNhOx/StbecB:lmYUDmZ72gmlE/Ogt

Score

N/A

Malware Config

Signatures

Files

b89766a48b658d1b54ceecc59597a617ed3b8ac3c24be8f2c1b07db717f51d5a
.exe windows x86

45c762f8b3d4889c1e3514f61339b988

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

socket
ioctlsocket
htons
accept
setsockopt
recv
closesocket
gethostbyname
inet_addr
getsockopt
select
send
WSAStartup
shutdown
connect
WSAGetLastError

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetSidSubAuthority
AddAccessAllowedAce
AreAllAccessesGranted
LsaOpenPolicySce
CryptGetProvParam
ConvertStringSDToSDRootDomainW
LsaOpenAccount
ObjectPrivilegeAuditAlarmA
FileEncryptionStatusW
UnregisterIdleTask
TraceEventInstance
BuildSecurityDescriptorW
RegisterServiceCtrlHandlerExA
SystemFunction031
OpenServiceW
SetSecurityInfo
LsaQueryForestTrustInformation
LsaCreateTrustedDomain
InitiateSystemShutdownExA
GetInformationCodeAuthzPolicyW
LsaFreeMemory
CredFree
RegCreateKeyExW
RegRestoreKeyW
OpenServiceA
CryptReleaseContext
UnregisterTraceGuids
SystemFunction001
LogonUserExW
CredWriteA
SaferComputeTokenFromLevel
CryptEncrypt
StartTraceW
GetCurrentHwProfileW
CryptSetProviderW
SetAclInformation
LookupPrivilegeValueW
GetTrusteeNameA
GetMultipleTrusteeOperationA
GetSecurityInfoExA
WmiFileHandleToInstanceNameW
GetTrusteeNameW
IsValidSid
ElfCloseEventLog
LookupPrivilegeValueA
SetNamedSecurityInfoA
AccessCheckAndAuditAlarmW
CreatePrivateObjectSecurity
CryptGetDefaultProviderA
CryptSignHashW
AdjustTokenPrivileges
SystemFunction009
NotifyChangeEventLog
LsaGetQuotasForAccount
ConvertStringSidToSidW
RegEnumValueA
AbortSystemShutdownA
CreateServiceA
RegisterEventSourceW
SetPrivateObjectSecurity
LsaCreateAccount
EnumServicesStatusExA
ComputeAccessTokenFromCodeAuthzLevel
LsaICLookupNames
LockServiceDatabase
DeleteAce
IsWellKnownSid

kernel32

UnmapViewOfFile
OutputDebugStringA
FlushFileBuffers
CreateDirectoryA
PeekNamedPipe
GetSystemTime
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetSystemDefaultLangID
LCMapStringA
GetLocalTime
DeleteCriticalSection
GetCommandLineA
IsBadCodePtr
GetSystemDefaultLCID
VirtualAlloc
lstrlenW
GetFileType
MoveFileA
WriteFile
CompareStringW
SetFilePointer
FindResourceA
lstrlenA
GetACP
TlsFree
CloseHandle
RaiseException
GetTimeZoneInformation
GetOEMCP
DeleteFileA
SetStdHandle
GetFileInformationByHandle
CompareStringA
LockFile
MapViewOfFile
RtlUnwind
LCMapStringW
GetComputerNameA
FreeEnvironmentStringsW
GetSystemInfo
LeaveCriticalSection
FormatMessageA
WideCharToMultiByte
GetTempPathA
GetSystemTimeAsFileTime
TlsGetValue
CreateFileA
CreateFileMappingA
HeapAlloc
HeapFree
HeapDestroy
TlsAlloc
FreeLibrary
EnterCriticalSection
SetEnvironmentVariableA
TlsSetValue
SetLastError
GetStdHandle
GetCurrentThreadId
HeapReAlloc
ReadFile
GetModuleHandleA
UnlockFile
VirtualFree
LoadResource
SetHandleCount
GetFileSize
LockResource
FileTimeToSystemTime
HeapSize
SetEndOfFile
HeapCreate
VirtualAllocEx
GlobalAlloc

rpcrt4

UuidCreate

ncobjapi

WmiCreateObject

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.BwOE
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.znDXy
Size: 512B - Virtual size: 225B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ZrKw
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HYgNH
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 210KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HOPMIAe
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reRsjUV
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yUbi
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qgPw
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.RdUaa
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uUlfV
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.PuWmPZL
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45c762f8b3d4889c1e3514f61339b988

Headers

File Characteristics

Imports

ws2_32

advapi32

kernel32

rpcrt4

ncobjapi

Sections

.text Size: 18KB - Virtual size: 18KB

.BwOE Size: 2KB - Virtual size: 1KB

.znDXy Size: 512B - Virtual size: 225B

.ZrKw Size: 3KB - Virtual size: 2KB

.HYgNH Size: 2KB - Virtual size: 2KB

.rdata Size: 210KB - Virtual size: 209KB

.HOPMIAe Size: 3KB - Virtual size: 2KB

.reRsjUV Size: 2KB - Virtual size: 1KB

.yUbi Size: 2KB - Virtual size: 1KB

.data Size: 6KB - Virtual size: 81KB

.qgPw Size: 1KB - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 3KB

.RdUaa Size: 3KB - Virtual size: 2KB

.uUlfV Size: 512B - Virtual size: 256B

.PuWmPZL Size: 2KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.BwOE
Size: 2KB - Virtual size: 1KB

.znDXy
Size: 512B - Virtual size: 225B

.ZrKw
Size: 3KB - Virtual size: 2KB

.HYgNH
Size: 2KB - Virtual size: 2KB

.rdata
Size: 210KB - Virtual size: 209KB

.HOPMIAe
Size: 3KB - Virtual size: 2KB

.reRsjUV
Size: 2KB - Virtual size: 1KB

.yUbi
Size: 2KB - Virtual size: 1KB

.data
Size: 6KB - Virtual size: 81KB

.qgPw
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 3KB

.RdUaa
Size: 3KB - Virtual size: 2KB

.uUlfV
Size: 512B - Virtual size: 256B

.PuWmPZL
Size: 2KB - Virtual size: 1KB