6b04c189b4ec514afef6b606ebf0804db34343fd64546c0f24a2a77346117e5e

Sharing

Copy URL

Twitter E-mail

General

Target

6b04c189b4ec514afef6b606ebf0804db34343fd64546c0f24a2a77346117e5e
Size

865KB
MD5

6d825047b1cf625a16168728cc3158e4
SHA1

c9bcb08e4956fa509d11543f0c4f1146dd750fa2
SHA256

6b04c189b4ec514afef6b606ebf0804db34343fd64546c0f24a2a77346117e5e
SHA512

457baa14838ba9250b996582e99ab5ede42d4bb4cb9ac465140cc867ab68f98e5606e4aa71a5bc5c4549c2bd75c6b6fa336ab90d6a0d3743449a2d9122219d86
SSDEEP

12288:mnwL46GI2Kc3kwCJhP5YS3Myjvoy6YMHbEqKkRqg4y9wNqEwOhGtH4DmAe9s3ezI:ENDI2Kc3kwCTPCIOw/kRgq6KUHsz6p

Score

N/A

Malware Config

Signatures

Files

6b04c189b4ec514afef6b606ebf0804db34343fd64546c0f24a2a77346117e5e
.exe windows x86

a75dba3c1fe0f258c242df6ba763258a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??7ios@@QBEHXZ
?eatwhite@istream@@QAEXXZ
?setbuf@streambuf@@UAEPAV1@PADH@Z
??_7stdiobuf@@6B@
??_Gofstream@@UAEPAXI@Z
??4ostream_withassign@@QAEAAV0@ABV0@@Z
??0istream@@QAE@PAVstreambuf@@@Z
?attach@fstream@@QAEXH@Z
??4istream@@IAEAAV0@PAVstreambuf@@@Z
?overflow@strstreambuf@@UAEHH@Z
?ends@@YAAAVostream@@AAV1@@Z
?get@istream@@QAEHXZ
??1exception@@UAE@XZ
??_Gistrstream@@UAEPAXI@Z
??0Iostream_init@@QAE@AAVios@@H@Z
??_Distrstream@@QAEXXZ
?tie@ios@@QAEPAVostream@@PAV2@@Z
??4Iostream_init@@QAEAAV0@ABV0@@Z
??0istream@@IAE@XZ
??Bios@@QBEPAXXZ
??0ifstream@@QAE@XZ
??5istream@@QAEAAV0@AAI@Z
??_Eostream_withassign@@UAEPAXI@Z
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
??_Difstream@@QAEXXZ
?x_maxbit@ios@@0JA
?get@istream@@QAEAAV1@AAD@Z
??_Gistream_withassign@@UAEPAXI@Z
?opfx@ostream@@QAEHXZ
??_Gstdiobuf@@UAEPAXI@Z
??6ostream@@QAEAAV0@PBC@Z
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
??6ostream@@QAEAAV0@G@Z
?is_open@filebuf@@QBEHXZ
?gbump@streambuf@@IAEXH@Z
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
??0strstreambuf@@QAE@PAEH0@Z
?seekg@istream@@QAEAAV1@J@Z

dhcpsapi

DhcpEnumOptionValuesV5
DhcpDeleteSubnet
DhcpCreateClass
DhcpGetSubnetInfo
DhcpGetClientInfoV4
DhcpDsCleanup
DhcpRemoveMScopeElement
DhcpSetMScopeInfo
DhcpModifyClass
DhcpSetOptionValuesV5
DhcpEnumSubnetClientsV5
DhcpEnumOptions
DhcpSetOptionValues
DhcpGetMScopeInfo
DhcpSetOptionValue
DhcpServerSetConfig
DhcpAuditLogGetParams
DhcpServerSetDnsRegCredentials
DhcpSetClientInfoV4
DhcpEnumMScopeElements
DhcpGetOptionInfo
DhcpRpcFreeMemory
DhcpAddMScopeElement
DhcpAddSubnetElementV4
DhcpEnumSubnetClients
DhcpGetSuperScopeInfoV4
DhcpEnumOptionsV5
DhcpGetClassInfo
DhcpDeleteSuperScopeV4
DhcpRemoveOption
DhcpEnumMScopes
DhcpCreateOptionV5
DhcpGetOptionInfoV5
DhcpEnumSubnetElementsV5

ntdll

RtlGetAce
RtlIsGenericTableEmpty
RtlFindCharInUnicodeString
NtOpenThreadTokenEx
RtlInitUnicodeString
DbgUiGetThreadDebugObject
wcscspn
RtlFindNextForwardRunClear
atol
NtClearEvent
RtlLargeIntegerDivide
ZwQueryQuotaInformationFile
NtQueryInstallUILanguage
NtIsProcessInJob
bsearch
ZwAddBootEntry
RtlExtendedMagicDivide
_vsnwprintf
ZwSaveKey
NtOpenThread
ZwAllocateVirtualMemory
RtlCompareUnicodeString
RtlResetRtlTranslations
RtlAreBitsClear
RtlLocalTimeToSystemTime
ZwFlushVirtualMemory
NtEnumerateKey
RtlUpdateTimer
NtCreateNamedPipeFile
iswlower
NtAdjustPrivilegesToken
ZwSetUuidSeed
RtlAbsoluteToSelfRelativeSD
NtModifyBootEntry
ZwQuerySystemInformation
RtlNtPathNameToDosPathName
ZwQuerySystemEnvironmentValueEx
NtQuerySemaphore
RtlGetGroupSecurityDescriptor
strcmp
NtCallbackReturn
NtCreateProcessEx
ZwOpenThread

kernel32

GetTempPathW
GetStartupInfoW
ReleaseSemaphore
LoadResource
GetVDMCurrentDirectories
GetNumberOfConsoleInputEvents
UnhandledExceptionFilter
GetSystemTimeAdjustment
IsValidLanguageGroup
LoadLibraryA
LZStart
InterlockedExchange
FindNextVolumeMountPointA
GetSystemTime
WideCharToMultiByte
ReadConsoleInputW
TerminateJobObject
FindFirstVolumeMountPointW
CreateHardLinkW
SetConsoleCursorInfo
GetSystemInfo
SetUnhandledExceptionFilter
AddLocalAlternateComputerNameA
GetMailslotInfo
LocalUnlock
GetProcessHeap
FindResourceExW
GetTickCount
lstrlen
FindFirstFileA
FlushFileBuffers
AddVectoredExceptionHandler
CallNamedPipeW
CreateSemaphoreA
CreateDirectoryA
UTRegister
GetModuleHandleW
_llseek
GetNumaProcessorNode
PrivMoveFileIdentityW
VirtualAlloc
FileTimeToSystemTime

userenv

DeleteProfileW
UnloadUserProfile
LeaveCriticalPolicySection
GetDefaultUserProfileDirectoryA
CreateEnvironmentBlock
FreeGPOListW
GetAllUsersProfileDirectoryW
RsopLoggingEnabled
FreeGPOListA
GetPreviousFgPolicyRefreshInfo
ProcessGroupPolicyCompletedEx
WaitForUserPolicyForegroundProcessing
GetProfileType
GetGPOListW
WaitForMachinePolicyForegroundProcessing
GetProfilesDirectoryA
RsopAccessCheckByType
LoadUserProfileA
GetNextFgPolicyRefreshInfo
DestroyEnvironmentBlock
ExpandEnvironmentStringsForUserW
GetAppliedGPOListA
RefreshPolicy
UnregisterGPNotification
RsopSetPolicySettingStatus
DeleteProfileA
GetAppliedGPOListW
ExpandEnvironmentStringsForUserA
GetDefaultUserProfileDirectoryW
DllGetClassObject

mpr

WNetSupportGlobalEnum
WNetDisconnectDialog1A
WNetOpenEnumA
WNetCancelConnectionA
WNetGetUserA
WNetUseConnectionA
WNetAddConnectionW
WNetLogonNotify
WNetDisconnectDialog2
I_MprSaveConn
WNetGetProviderTypeA
WNetDirectoryNotifyA
WNetCloseEnum
WNetGetResourceParentW
WNetOpenEnumW
WNetGetResourceInformationW
WNetEnumResourceA
WNetConnectionDialog
WNetGetConnectionA
WNetGetPropertyTextA
WNetGetConnection3A
MultinetGetErrorTextA
WNetAddConnection3W
WNetAddConnectionA
WNetSetConnectionW
WNetGetResourceParentA
WNetDisconnectDialog
MultinetGetErrorTextW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 404KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a75dba3c1fe0f258c242df6ba763258a

Headers

DLL Characteristics

File Characteristics

Imports

msvcirt

dhcpsapi

ntdll

kernel32

userenv

mpr

Sections

.text Size: 162KB - Virtual size: 162KB

.rdata Size: 294KB - Virtual size: 294KB

.data Size: 404KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 162KB - Virtual size: 162KB

.rdata
Size: 294KB - Virtual size: 294KB

.data
Size: 404KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B