70766a2508deffd1b02cfd74ea5d5e90b5d417bfa05b838f81482172cf83a663

Sharing

Copy URL Twitter E-mail

General

Target

70766a2508deffd1b02cfd74ea5d5e90b5d417bfa05b838f81482172cf83a663
Size

785KB
MD5

edd8a969279c38e0379cfee63849938b
SHA1

6a8631e9bdffd1c93e45bf55bfd7de66b7b16ed1
SHA256

70766a2508deffd1b02cfd74ea5d5e90b5d417bfa05b838f81482172cf83a663
SHA512

e7a4f9d4f24ad4511d86b8c8111c98367c2a799064e112b7d4534b08029dc43ee1dd8a224f7465ec419e95fbb2add6631448928e165b02dd7b6982e737d20501
SSDEEP

12288:aF2C52rxuex3fFmt59/UVPqVZ6hnqwvBhCOUL9WPwaNCSeTeVrZZ3d//vH:e52rCt59/6AZ6hJs9WPfNBLjN//

Score

N/A

Malware Config

Signatures

Files

70766a2508deffd1b02cfd74ea5d5e90b5d417bfa05b838f81482172cf83a663
.exe windows x86

630928a82f20f0d7b01e848fe5db3089

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualAlloc
SetCalendarInfoA
GetDevicePowerState
DeleteTimerQueueEx
SetEndOfFile
SetVolumeLabelA
GetVolumePathNameA
FoldStringA
GetSystemPowerStatus
GetDateFormatW
lstrcatW
SetVolumeMountPointW
SetThreadExecutionState
WaitForMultipleObjects
GlobalCompact
GetVersionExW
IsDebuggerPresent
OpenFileMappingA
GetTickCount
SetDefaultCommConfigW
WriteConsoleOutputW
GetPriorityClass
GetModuleFileNameW

setupapi

SetupInstallServicesFromInfSectionW
SetupDiDestroyDriverInfoList
SetupCloseInfFile
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupSetDirectoryIdW

advapi32

RegDeleteKeyA
LsaOpenAccount
IsTextUnicode
RegSetValueA
RegCreateKeyA
ElfRegisterEventSourceW
RegQueryInfoKeyA
LookupPrivilegeNameW
ConvertStringSidToSidW
ImpersonateAnonymousToken
CryptImportKey
GetSidSubAuthority
QueryServiceConfigA
CreateServiceW

netapi32

DsGetSiteNameW
NetGroupAddUser
DsRoleGetPrimaryDomainInformation
I_NetServerAuthenticate
NetLocalGroupGetMembers
I_NetServerSetServiceBitsEx
NetUserSetInfo
DsEnumerateDomainTrustsW
NetpwPathType
NetShareDel
NetShareAdd
NetWkstaTransportEnum
NetWkstaUserGetInfo
NetLocalGroupDelMembers

winsta

WinStationReset
LogonIdFromWinStationNameW
WinStationNameFromLogonIdW
WinStationFreeGAPMemory
WinStationGetAllProcesses
ServerLicensingOpenW
ServerLicensingClose
ServerLicensingGetAvailablePolicyIds
WinStationEnumerateW
ServerLicensingSetPolicy
WinStationOpenServerW
ServerLicensingGetPolicy
WinStationFreeMemory
WinStationConnectW
WinStationEnumerateProcesses

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 603KB - Virtual size: 946KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

630928a82f20f0d7b01e848fe5db3089

Headers

File Characteristics

Imports

kernel32

setupapi

advapi32

netapi32

winsta

Sections

.text Size: 8KB - Virtual size: 8KB

DATA Size: 603KB - Virtual size: 946KB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 512B - Virtual size: 48B

.text
Size: 8KB - Virtual size: 8KB

DATA
Size: 603KB - Virtual size: 946KB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 512B - Virtual size: 48B