dc8cc62af0bf91e9e840b9d60f40152b5e6df513f1eb9d3a7ce13b32c50cdfa2

Sharing

Copy URL Twitter E-mail

General

Target

dc8cc62af0bf91e9e840b9d60f40152b5e6df513f1eb9d3a7ce13b32c50cdfa2
Size

51KB
MD5

a664f7ad46a250bc446bb149f6059218
SHA1

5560d412a8b3b30fba1c46123153b3990af87931
SHA256

dc8cc62af0bf91e9e840b9d60f40152b5e6df513f1eb9d3a7ce13b32c50cdfa2
SHA512

bbf3836dc9415aafb4c59764cdfe2ae4bc9d45694fbbb99dd585f59afd8c4ffbf7748fc2cf5763261b7264efefd0c657dd20ffdb8c23f6fb5a1b51010b08b2af
SSDEEP

1536:dbVhEHxjLzLW0rA92Sv2H6Mlq6N7cyCXX01LU:ZnEHxjLzL09zv2H6Mlqg7RCQU

Score

N/A

Malware Config

Signatures

Files

dc8cc62af0bf91e9e840b9d60f40152b5e6df513f1eb9d3a7ce13b32c50cdfa2
.exe windows x86

48c7fbd4c01d5cda1933f6890fffc9a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcImpersonateClient
RpcStringBindingComposeW
UuidCreate
UuidToStringA
RpcBindingFromStringBindingW
RpcStringFreeW
RpcStringBindingComposeA
RpcEpResolveBinding
RpcBindingFree
RpcStringFreeA
RpcBindingSetAuthInfoExW
NdrClientCall2
RpcBindingFromStringBindingA
RpcRevertToSelf

advapi32

GetSecurityDescriptorOwner
CryptGetProvParam
CryptGetHashParam
RegQueryInfoKeyA
RegSetKeySecurity
SystemFunction040
QueryServiceStatus
AddAccessAllowedAce
CryptExportKey
RegQueryValueExA
CryptGetKeyParam
CryptVerifySignatureA
A_SHAInit
RegCreateKeyExW
OpenSCManagerW
ControlService
RegQueryValueExW
CryptImportKey
RegCloseKey
CryptGenKey
OpenThreadToken
LookupPrivilegeValueA
GetAce
RegQueryInfoKeyW
CryptCreateHash
RegEnumValueA
AdjustTokenPrivileges
MD5Update
SetSecurityDescriptorOwner
SystemFunction041
SetSecurityDescriptorDacl
CryptSetHashParam
CloseServiceHandle
RegDeleteKeyA
GetSidSubAuthorityCount
CryptDecrypt
RegSetValueExW
RegSetValueExA
A_SHAFinal
CryptDestroyHash
CryptEncrypt
GetUserNameA
UnlockServiceDatabase
InitializeSecurityDescriptor
OpenServiceW
LsaNtStatusToWinError
CopySid
StartServiceW
QueryServiceConfigA
RegEnumValueW
CryptGenRandom
GetSidSubAuthority
InitializeAcl
GetSecurityDescriptorDacl
LockServiceDatabase
RegEnumKeyExA
GetSidIdentifierAuthority
RegNotifyChangeKeyValue
ChangeServiceConfigA
GetLengthSid
StartServiceA
CryptSetKeyParam
MD5Final
LookupAccountSidW
RegCreateKeyExA
CryptGetUserKey
RegDeleteValueA
RegEnumKeyA
CryptReleaseContext
CryptSetProviderA
MD5Init
OpenProcessToken
IsValidSid
EqualSid
CryptDestroyKey
RegDeleteKeyW
RegEnumKeyExW
CryptHashData
A_SHAUpdate
CryptAcquireContextA
FreeSid
GetTokenInformation
RegOpenKeyExA
RegConnectRegistryW
SetSecurityDescriptorGroup
RegDeleteValueW
CryptGetDefaultProviderW
CryptSetProvParam
RegGetKeySecurity
GetUserNameW
CryptDeriveKey
AllocateAndInitializeSid
RegOpenKeyExW
RegConnectRegistryA
CryptSignHashA

kernel32

SetEndOfFile
FileTimeToLocalFileTime
CompareStringW
FreeLibraryAndExitThread
TlsSetValue
CreateThread
DelayLoadFailureHook
GetSystemDefaultLangID
DeleteFileA
OutputDebugStringA
WaitForSingleObject
TlsGetValue
CreateMutexA
WideCharToMultiByte
GetTickCount
GetFileAttributesA
GetCurrentThread
GetDateFormatW
lstrlenA
GetFileAttributesW
FormatMessageW
GetModuleFileNameA
OpenMutexA
MultiByteToWideChar
lstrcmpA
FindClose
CreateMutexW
GetComputerNameA
InitializeCriticalSection
CreateFileMappingW
FindFirstChangeNotificationA
FindNextFileA
GetSystemTimeAsFileTime
VirtualAlloc
ExpandEnvironmentStringsA
OpenFileMappingW
InterlockedIncrement
GetVersionExA
GetUserDefaultLCID
InterlockedDecrement
GetTempPathA
EnterCriticalSection
GetTimeFormatW
GetACP
CompareStringA
FindNextChangeNotification
GetSystemTime
WriteFile
OpenEventA
SetFileAttributesA
GetFileAttributesExW
lstrcpyA
CreateFileMappingA
DuplicateHandle
GetComputerNameW
CreateFileW
DeleteCriticalSection
UnhandledExceptionFilter
GetDateFormatA
ReadFile
FindFirstFileA
DeleteFileW
UnmapViewOfFile
GetModuleHandleA
QueryPerformanceCounter
LoadLibraryExA
OpenMutexW
FindCloseChangeNotification
SystemTimeToFileTime
ExpandEnvironmentStringsW
GetLocalTime
TerminateProcess
CompareFileTime
SetFilePointer
WaitForMultipleObjectsEx
GetFileSize
GetLastError
CreateDirectoryW
Sleep
GetCurrentProcessId
LocalReAlloc
SetEvent
SetFileAttributesW
InterlockedExchange
FileTimeToSystemTime
PulseEvent
TlsAlloc
MapViewOfFile
LoadLibraryExW
InterlockedCompareExchange
FindFirstFileW
LeaveCriticalSection
LoadLibraryA
GetModuleFileNameW
lstrlenW
GetEnvironmentVariableA
ReleaseMutex
WaitForSingleObjectEx
CreateEventA
CreateFileA
FindFirstChangeNotificationW
GetTempFileNameA
ExitThread
FormatMessageA
lstrcatA
FindNextFileW
GetCurrentProcess
GetTimeFormatA
TlsFree
SetLastError
LocalAlloc
SetUnhandledExceptionFilter
GetCurrentThreadId
LocalFree
LocalSize
GetProcAddress
CloseHandle
FreeLibrary

adsldpc

ADsFreeColumn

user32

GetSystemMetrics
wsprintfW
LoadStringA
GetProcessDefaultLayout
MessageBoxA
LoadStringW
wsprintfA
MessageBoxW

msasn1

ASN1utf8string_free
ASN1_Encode
ASN1Free
ASN1BEREncExplicitTag
ASN1BEREncEoid
ASN1BEREncChar16String
ASN1octetstring_free
ASN1BERDecZeroCharString
ASN1_CloseModule
ASN1BERDecBitString2
ASN1BERDecPeekTag
ASN1BEREncOpenType
ASN1BEREncObjectIdentifier2
ASN1BEREoid_free
ASN1CEREncEndBlk
ASN1objectidentifier2_cmp
ASN1BEREncBitString
ASN1_Decode
ASN1_CreateDecoder
ASN1BEREncEndOfContents
ASN1BEREncS32
ASN1ztcharstring_free
ASN1BEREncOctetString
ASN1CEREncFlushBlkElement
ASN1BEREoid2DotVal
ASN1BERDecEoid
ASN1DecRealloc
ASN1CEREncBeginBlk
ASN1BEREncBool
ASN1BERDecUTF8String
ASN1BERDecExplicitTag
ASN1_FreeDecoded
ASN1bitstring_free
ASN1charstring_free
ASN1BERDecOctetString
ASN1BERDecObjectIdentifier2
ASN1open_free
ASN1BEREncSX
ASN1_CreateModule
ASN1_CreateEncoder
ASN1BERDecOpenType
ASN1CEREncGeneralizedTime
ASN1BEREncUTF8String
ASN1_FreeEncoded
ASN1_SetEncoderOption
ASN1BERDecS32Val
ASN1_CloseDecoder
ASN1EncSetError
ASN1BERDecOctetString2
ASN1BERDecOpenType2
ASN1DecSetError
ASN1BERDecUTCTime
ASN1BERDecCharString
ASN1BERDecEndOfContents
ASN1BERDecNotEndOfContents
ASN1char16string_free
ASN1BERDecBitString
ASN1BEREncMultibyteString
ASN1intx_free
ASN1BERDecU32Val
ASN1CEREncUTCTime
ASN1char32string_free
ASN1BEREncU32
ASN1BERDecGeneralizedTime
ASN1_CloseEncoder
ASN1BERDecSXVal
ASN1BEREncCharString
ASN1BEREncChar32String
ASN1BERDecBool
ASN1BERDecChar16String
ASN1BERDecChar32String
ASN1CEREncNewBlkElement
ASN1BERDecMultibyteString
ASN1BERDotVal2Eoid

msvcrt

_ltoa
wcscmp
wcslen
_itow
qsort
_ltow
_initterm
_ultoa
__dllonexit
_snwprintf
isxdigit
malloc
wcschr
wcscat
_snprintf
free
memmove
memcpy
sprintf
isupper
_wcsnicmp
_wcsicmp
strtoul
wcscpy
_adjust_fdiv
_onexit
isdigit
strncpy
strncmp
_except_handler3
atol
bsearch

Sections

.textbss
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

48c7fbd4c01d5cda1933f6890fffc9a7

Headers

File Characteristics

Imports

rpcrt4

advapi32

kernel32

adsldpc

user32

msasn1

msvcrt

Sections

.textbss Size: - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 412B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 448B

.idata Size: 52KB - Virtual size: 52KB

.textbss
Size: - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 412B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 448B

.idata
Size: 52KB - Virtual size: 52KB