ae7875b91420fcc2c34464c5c49e0b96bd393dd70226cee5a41c495291dde23f

Sharing

Copy URL Twitter E-mail

General

Target

ae7875b91420fcc2c34464c5c49e0b96bd393dd70226cee5a41c495291dde23f
Size

781KB
MD5

1212fa3c880fcb67c04635f3dfb4f6f0
SHA1

eade8c3ab37306a91aac13685460de6aa8e70c77
SHA256

ae7875b91420fcc2c34464c5c49e0b96bd393dd70226cee5a41c495291dde23f
SHA512

cd425aa47204c5a6c9b543fc72ff61fa879e4d31da46b021f2a53439bfde1b30a42a6f0a6114c837f1d35e5fe932cd3f160ec464d44cf878049c23f3907e8303
SSDEEP

12288:Lx9b2qrtq9GaA6WzpO2Un/0l0YmwWVpVOeZbkefeRWDo:LP2oodARY2UI0YmwWspBRWs

Score

N/A

Malware Config

Signatures

Files

ae7875b91420fcc2c34464c5c49e0b96bd393dd70226cee5a41c495291dde23f
.exe windows x86

af1b9be288963da87900a6d9958016b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

rtutils

TraceRegisterExW
TraceVprintfExA
RouterLogEventExW
RouterLogEventA
RouterLogDeregisterA
LogEventA
RouterLogEventExA
TracePrintfExA
TraceDumpExA
RouterLogRegisterA
RouterLogDeregisterW
LogErrorA
MprSetupProtocolFree
RouterLogEventW
TraceDeregisterExA
TracePrintfW
TraceDeregisterA
TracePrintfExW
RouterLogRegisterW
TracePrintfA
TraceDeregisterW
RouterLogEventDataA
MprSetupProtocolEnum
RouterLogEventStringW
LogEventW
TracePutsExA
TraceRegisterExA
RouterLogEventStringA

crypt32

I_CertSrvProtectFunction

shlwapi

PathFindNextComponentW
StrCSpnIW
SHAutoComplete
SHRegQueryInfoUSKeyW
SHQueryValueExW
StrSpnW
SHDeleteValueW
PathGetArgsW
wnsprintfW
StrCpyNW
SHDeleteKeyW
StrDupW
PathSkipRootW
HashData
PathRemoveExtensionA
PathRemoveFileSpecA
StrSpnA
StrStrW
StrRChrW
UrlCanonicalizeW

msvcrt

wcsncmp
labs
iswspace
_CIlog10
_finite
strncat
__toascii
??1exception@@UAE@XZ
_mbsnextc
_mbsdec
fseek
floor
??9type_info@@QBEHABV0@@Z
memcmp
_access
_setjmp3
isalpha
_ismbblead
_mbsnbcnt
_mbscpy
_mbsinc
wcstol
_acmdln
bsearch
_fullpath
??_V@YAXPAX@Z

advapi32

RegisterServiceCtrlHandlerA
ControlService
SetSecurityDescriptorGroup
CryptExportKey
RegOpenKeyExW
WmiOpenBlock
SetFileSecurityA
LsaICLookupNames
ObjectCloseAuditAlarmA
DeregisterEventSource
LsaCreateSecret
LsaLookupNames
SystemFunction012
RegisterEventSourceW
RegQueryValueExA
RegOpenKeyW
RegRestoreKeyA
CryptGetUserKey
QueryServiceConfigA
AllocateLocallyUniqueId
GetSecurityDescriptorDacl
LsaQueryInformationPolicy
InitializeSid
GetTokenInformation
InitiateSystemShutdownExW
SystemFunction041
RegisterServiceCtrlHandlerExW
CryptVerifySignatureW
RegCreateKeyExW

setupapi

CM_Get_DevNode_Registry_Property_ExW
SetupDiSetClassInstallParamsA
pSetupGetGlobalFlags
SetupDiGetSelectedDevice
SetupGetIntField
SetupInstallFilesFromInfSectionW
CM_Get_Device_ID_ExW
SetupAddInstallSectionToDiskSpaceListW
SetupFindFirstLineA
CM_Get_Sibling
CM_Get_Next_Res_Des_Ex
CM_Get_Device_ID_List_SizeW
SetupDiGetDeviceRegistryPropertyW
CM_Open_DevNode_Key_Ex
SetupQuerySourceListW
SetupDiRemoveDeviceInterface
CM_Get_Sibling_Ex
CM_Setup_DevNode
CM_Get_Device_ID_ListW
pSetupSetGlobalFlags
CM_Free_Log_Conf_Handle
CM_Query_And_Remove_SubTreeW
SetupDiGetDriverInfoDetailW
SetupGetLineTextA
SetupDiOpenDeviceInfoA
SetupDiSetSelectedDevice

kernel32

ReleaseMutex
SetThreadLocale
SetFileAttributesA
lstrcatA
CreateMutexA
DebugBreak
GetShortPathNameW
ContinueDebugEvent
ReadConsoleA
SetTimerQueueTimer
GetDefaultCommConfigW
SetStdHandle
GlobalMemoryStatus
VirtualAlloc
EraseTape
SetConsoleScreenBufferSize
WritePrivateProfileStructA
RtlUnwind
SearchPathW
QueueUserWorkItem
ReadConsoleInputW
GetNumberOfConsoleInputEvents
SwitchToThread
VirtualQueryEx
GetSystemInfo
WaitForSingleObjectEx
GetDriveTypeA
SizeofResource
EnumLanguageGroupLocalesW
GetDateFormatA
MoveFileWithProgressW

netapi32

NetFileEnum
NetShareDel
NetUserSetInfo
NetServerGetInfo
NetGetAnyDCName
NetShareEnum
NetLocalGroupGetInfo
NetUseDel
DsGetSiteNameW
I_NetServerReqChallenge
NetLocalGroupDelMembers
NetUserGetInfo
NetGroupDel
DsGetDcNameW
NetValidateName
NetUnregisterDomainNameChangeNotification
NetRenameMachineInDomain
NetUserChangePassword
NetRemoteTOD
NetServiceEnum
NetConnectionEnum
NetServiceInstall
NetStatisticsGet
NetServiceControl

user32

ShowOwnedPopups
UnhookWindowsHookEx
EnumDesktopsA
GetCursorPos
LoadStringW
MessageBeep
SystemParametersInfoA
SendMessageW
UnregisterClassA
SetLastErrorEx
LockSetForegroundWindow
CharToOemA
GetMonitorInfoA

Sections

.text
Size: 91KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 223KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: 81KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 87KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 137KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 798B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af1b9be288963da87900a6d9958016b4

Headers

DLL Characteristics

File Characteristics

Imports

rtutils

crypt32

shlwapi

msvcrt

advapi32

setupapi

kernel32

netapi32

user32

Sections

.text Size: 91KB - Virtual size: 550KB

.rdata Size: 223KB - Virtual size: 292KB

.bss Size: 81KB - Virtual size: 279KB

.rdata Size: 87KB - Virtual size: 244KB

.edata Size: 137KB - Virtual size: 171KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 1024B - Virtual size: 798B

.text
Size: 91KB - Virtual size: 550KB

.rdata
Size: 223KB - Virtual size: 292KB

.bss
Size: 81KB - Virtual size: 279KB

.rdata
Size: 87KB - Virtual size: 244KB

.edata
Size: 137KB - Virtual size: 171KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 1024B - Virtual size: 798B