e0d1350a730c093978f202f79ac8fc5efc03d25f2996e7ba247e28678cfc3442

Sharing

Copy URL Twitter E-mail

General

Target

e0d1350a730c093978f202f79ac8fc5efc03d25f2996e7ba247e28678cfc3442
Size

551KB
MD5

04884fef52086e896178c30ff1e42850
SHA1

1cb7e24e3719b8b58a5ef763c419c03a3c67e713
SHA256

e0d1350a730c093978f202f79ac8fc5efc03d25f2996e7ba247e28678cfc3442
SHA512

012ec3e5b203eca9ab459333888d7174bb753e6d0c894e1825cbe97b6123878075d98efd93b145f6a603b32baf59d9a2fa6b8ecb29c26a6f2ed44b40319c70a8
SSDEEP

12288:vlaL7m5GGdZk+vtz/1x6DYDy7MyZOE/ILqOe2errGnoU3g:vlKcht5x6DsZgNATo6nH3g

Score

N/A

Malware Config

Signatures

Files

e0d1350a730c093978f202f79ac8fc5efc03d25f2996e7ba247e28678cfc3442
.exe windows x86

109bd1600d7ae590de908d4e9d5894ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

wcstol
vfprintf
_c_exit
_wfsopen
wcstok
wcsstr
_ui64tow
_tolower
towupper
ungetwc
fopen
sprintf
wcsspn
_callnewh
__toascii
islower
clock
?what@exception@@UBEPBDXZ
_mktime64
_mbctolower

mpr

WNetAddConnection3W
WNetGetUniversalNameA
WNetCancelConnection2W
WNetOpenEnumA
WNetAddConnection2W
WNetCloseEnum
WNetEnumResourceW
WNetGetUniversalNameW
WNetGetUserW
WNetGetConnectionA
WNetGetProviderNameW
WNetOpenEnumW
WNetGetConnectionW
WNetUseConnectionW
WNetGetResourceInformationW
WNetGetLastErrorW
WNetEnumResourceA
WNetGetUserA

dnsapi

DnsNotifyResolver
DnsDhcpSrvRegisterTerm
DnsNameCompare_W
DnsNameCompareEx_W
DnsValidateName_W
DnsQueryConfig
DnsRecordListFree
DnsValidateName_UTF8
DnsReplaceRecordSetUTF8
DnsQuery_W
DnsQuery_UTF8
DnsDhcpSrvRegisterInit
DnsModifyRecordsInSet_UTF8
DnsStatusString

advapi32

StartServiceA
RegReplaceKeyA
RegSaveKeyW
AddAccessDeniedAce
AddAuditAccessAce
CopySid
CryptReleaseContext
RegEnumKeyA
SystemFunction005
LsaFreeMemory
ElfReportEventW
UnregisterTraceGuids
GetUserNameW
LsaSetDomainInformationPolicy
AddAccessAllowedObjectAce
RegOpenCurrentUser
RegReplaceKeyW
ConvertSidToStringSidW
QueryServiceLockStatusA
CryptDeriveKey
LsaOpenPolicy
CloseServiceHandle
CreateRestrictedToken
GetSidLengthRequired
EncryptFileW
AllocateAndInitializeSid
CryptContextAddRef

crypt32

I_CryptGetDefaultCryptProvForEncrypt

comctl32

_TrackMouseEvent
ImageList_Write
InitCommonControls
CreateStatusWindowW
CreateToolbarEx
ImageList_SetDragCursorImage
ImageList_Draw
ImageList_DrawEx
PropertySheetA
ImageList_DragMove
DestroyPropertySheetPage
ImageList_SetOverlayImage

user32

InsertMenuItemW
BeginPaint
GetUserObjectInformationA
MapWindowPoints
CharNextA
CreateIcon
UnhookWindowsHook
GetKeyState
EnumWindowStationsW
SetWinEventHook
TrackPopupMenu
PackDDElParam
LoadAcceleratorsA
SendMessageW
WinHelpW
SetCursor
GetWindowTextW

userenv

GetAllUsersProfileDirectoryW
GetUserProfileDirectoryW
RsopSetPolicySettingStatus
RsopResetPolicySettingStatus
GetAppliedGPOListW
FreeGPOListW
CreateEnvironmentBlock
GetUserProfileDirectoryA
RefreshPolicy
ExpandEnvironmentStringsForUserW
ForceSyncFgPolicy
UnregisterGPNotification
LoadUserProfileW
ProcessGroupPolicyCompleted
GetDefaultUserProfileDirectoryW
GetProfileType
DeleteProfileW
ProcessGroupPolicyCompletedEx
LeaveCriticalPolicySection
UnloadUserProfile
GetProfilesDirectoryW
RegisterGPNotification
EnterCriticalPolicySection
DestroyEnvironmentBlock

kernel32

FlushViewOfFile
GetHandleInformation
ReleaseMutex
CreateProcessInternalW
SetFileAttributesA
VirtualAlloc
Module32Next
GetLastError
FlushFileBuffers
GetLocaleInfoW
CreateFileA
CreateMutexA
RegisterWaitForSingleObjectEx
FindFirstFileA
SetNamedPipeHandleState
SetFileAttributesW
GlobalFindAtomA
GetConsoleCursorInfo
EnumLanguageGroupLocalesW
GetSystemDefaultLCID
WriteConsoleW
SetFilePointerEx
GetVersionExA
BindIoCompletionCallback
TlsSetValue
CompareFileTime
GetCommProperties
ContinueDebugEvent
FindClose
WriteProfileStringW
GetCurrentThread
Module32FirstW
GetFileAttributesW
GetSystemTimeAsFileTime
HeapAlloc
GetConsoleMode
LoadLibraryA
GetOverlappedResult

Sections

.text
Size: 19KB - Virtual size: 325KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 516KB - Virtual size: 822KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 118B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

109bd1600d7ae590de908d4e9d5894ba

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

mpr

dnsapi

advapi32

crypt32

comctl32

user32

userenv

kernel32

Sections

.text Size: 19KB - Virtual size: 325KB

.data Size: 516KB - Virtual size: 822KB

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 1024B - Virtual size: 118B

.text
Size: 19KB - Virtual size: 325KB

.data
Size: 516KB - Virtual size: 822KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 1024B - Virtual size: 118B