0df9ae4533861140a20ae35fc15f17ba9ccbef9acd12ac2c5bf08ab8454b0557

Sharing

Copy URL Twitter E-mail

General

Target

0df9ae4533861140a20ae35fc15f17ba9ccbef9acd12ac2c5bf08ab8454b0557
Size

125KB
MD5

704974a130b89ac89d318ac628bff304
SHA1

89e93d12a2e7b950c0f2ab62d163cb110479494d
SHA256

0df9ae4533861140a20ae35fc15f17ba9ccbef9acd12ac2c5bf08ab8454b0557
SHA512

fd5f3e9c8ca5343f0ae5d04d453db1785c6fe797647e4d8594922b3b7aa51af2c7ace9e1efeb6130843202a48ad81b5934b54d134b18c6b6db9e6c74c6a703aa
SSDEEP

3072:q3NH3pEaIa1/XLfGiGo+eN2JfJsB/kQklMYZp8a9:yLXdNGo+y2xOlUOYX/9

Score

N/A

Malware Config

Signatures

Files

0df9ae4533861140a20ae35fc15f17ba9ccbef9acd12ac2c5bf08ab8454b0557
.dll windows x86

41c2b6c7308978a584a944aa1f4084a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
memset
_vsnwprintf
_itow_s
iswspace
wcsncmp
malloc
free
_initterm
_amsg_exit
_adjust_fdiv
_except_handler4_common
_XcptFilter

ntdll

NtClose
NtOpenProcessToken
WinSqmEventEnabled
WinSqmEventWrite
RtlCreateUnicodeString
RtlFreeUnicodeString
NtOpenThreadToken
WinSqmSetString
WinSqmStartSession
WinSqmIsOptedIn
WinSqmEndSession
RtlLengthSid
NtQueryInformationToken
RtlNtStatusToDosError
RtlEqualUnicodeString
RtlInitUnicodeString
RtlGetNtProductType
WinSqmAddToStream

kernel32

GlobalUnlock
GlobalLock
lstrlenW
SetLastError
InterlockedIncrement
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
LoadLibraryW
GetProcAddress
InterlockedCompareExchange
LoadLibraryA
InterlockedExchange
Sleep
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LockResource
LoadResource
FindResourceW
FormatMessageW
GetCurrentThread
InitializeCriticalSection
CreateThread
FreeLibrary
GetModuleHandleW
FreeLibraryAndExitThread
WaitForSingleObject
GetCurrentProcess
CloseHandle
CompareStringW
GetLastError
DisableThreadLibraryCalls
LocalFree
LocalAlloc
ExpandEnvironmentStringsA
GetModuleFileNameW
CheckElevationEnabled
DelayLoadFailureHook
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
InterlockedDecrement

user32

GetSysColorBrush
GetDC
InflateRect
SetScrollInfo
CallWindowProcW
OffsetRect
LoadImageW
RegisterClassW
LoadBitmapW
GetWindow
FrameRect
GetWindowTextW
DefWindowProcW
DestroyIcon
MapDialogRect
SystemParametersInfoW
UnregisterClassW
GetDlgItemTextW
SendDlgItemMessageW
DestroyWindow
GetSysColor
DrawFocusRect
DrawTextW
ReleaseDC
ShowScrollBar
LoadCursorW
SetCursor
GetClientRect
GetSystemMetrics
SetDlgItemTextW
CheckDlgButton
GetWindowLongW
IsWindowEnabled
IsDlgButtonChecked
MessageBoxW
GetWindowRect
MapWindowPoints
SetWindowPos
SetWindowTextW
IsWindowVisible
ShowWindow
GetParent
PostMessageW
GetFocus
SetFocus
EnableWindow
DialogBoxParamW
EndDialog
LoadIconW
GetDlgItem
SendMessageW
LoadStringW
RegisterWindowMessageW
RegisterClipboardFormatW
MoveWindow
GetScrollInfo
SetScrollPos
ScrollWindow
GetDesktopWindow
CreateWindowExW
GetDlgCtrlID
SetWindowLongW

gdi32

SelectObject
CreateFontIndirectW
GetObjectW
DeleteObject
SetBkMode
SetTextColor
SetBkColor

shlwapi

StrRChrW
StrChrW
PathAppendW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetWindowsAccountDomainSid
LookupAccountSidW
EqualPrefixSid
GetSidSubAuthority
IsValidSecurityDescriptor
IsValidAcl
IsWellKnownSid
DeleteAce
LookupAccountNameW
GetLengthSid
ConvertSidToStringSidW
EqualSid
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorControl
InitializeAcl
LsaClose
LsaFreeMemory
LsaQueryInformationPolicy
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorOwner
OpenThreadToken
DuplicateTokenEx
AdjustTokenPrivileges
SetThreadToken
CopySid
LsaOpenPolicy
GetSidSubAuthorityCount
LsaLookupSids

ole32

CoCreateInstance
ReleaseStgMedium
CoInitialize
CoCreateGuid
CoUninitialize

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SysFreeString
SysReAllocStringLen
SysAllocStringLen
SysAllocString

shell32

ord6
ord258
ord259

psapi

GetModuleBaseNameW

ntdsapi

DsBindWithSpnExW
DsCrackNamesW
DsUnBindW
DsFreeNameResultW
DsMakeSpnW

Exports

Exports

CreateSecurityPage
EditSecurity
EditSecurityAdvanced
IID_ISecurityInformation

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41c2b6c7308978a584a944aa1f4084a7

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

gdi32

shlwapi

advapi32

ole32

oleaut32

shell32

psapi

ntdsapi

Exports

Exports

Sections

.text Size: 95KB - Virtual size: 94KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 95KB - Virtual size: 94KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 6KB - Virtual size: 5KB