4d7f5cae61c3dbf238813cd2d91ac714145329b99e8c89bd8f4876c7601d6743

Sharing

Copy URL Twitter E-mail

General

Target

4d7f5cae61c3dbf238813cd2d91ac714145329b99e8c89bd8f4876c7601d6743
Size

785KB
MD5

26a092099c854da611951cafd9cea3c6
SHA1

a353bbc7cfa0cb0b3f4de22fa11f4aac3ed8a987
SHA256

4d7f5cae61c3dbf238813cd2d91ac714145329b99e8c89bd8f4876c7601d6743
SHA512

3db4d811fea71c3e34509aa2320c896c398e22a26f43a0e955fcb2892f09e882ac997560b86adb35fd884dc6913894eaad67928f131467cd8edc2df72c9c0f29
SSDEEP

12288:9F2C52rxuex3fFmt59/UVPqVZ6hnqwvBhCOUL9WPwaNCSeT03d//vH:f52rCt59/6AZ6hJs9WPfNB3N//

Score

N/A

Malware Config

Signatures

Files

4d7f5cae61c3dbf238813cd2d91ac714145329b99e8c89bd8f4876c7601d6743
.exe windows x86

630928a82f20f0d7b01e848fe5db3089

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualAlloc
SetCalendarInfoA
GetDevicePowerState
DeleteTimerQueueEx
SetEndOfFile
SetVolumeLabelA
GetVolumePathNameA
FoldStringA
GetSystemPowerStatus
GetDateFormatW
lstrcatW
SetVolumeMountPointW
SetThreadExecutionState
WaitForMultipleObjects
GlobalCompact
GetVersionExW
IsDebuggerPresent
OpenFileMappingA
GetTickCount
SetDefaultCommConfigW
WriteConsoleOutputW
GetPriorityClass
GetModuleFileNameW

setupapi

SetupInstallServicesFromInfSectionW
SetupDiDestroyDriverInfoList
SetupCloseInfFile
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupSetDirectoryIdW

advapi32

RegDeleteKeyA
LsaOpenAccount
IsTextUnicode
RegSetValueA
RegCreateKeyA
ElfRegisterEventSourceW
RegQueryInfoKeyA
LookupPrivilegeNameW
ConvertStringSidToSidW
ImpersonateAnonymousToken
CryptImportKey
GetSidSubAuthority
QueryServiceConfigA
CreateServiceW

netapi32

DsGetSiteNameW
NetGroupAddUser
DsRoleGetPrimaryDomainInformation
I_NetServerAuthenticate
NetLocalGroupGetMembers
I_NetServerSetServiceBitsEx
NetUserSetInfo
DsEnumerateDomainTrustsW
NetpwPathType
NetShareDel
NetShareAdd
NetWkstaTransportEnum
NetWkstaUserGetInfo
NetLocalGroupDelMembers

winsta

WinStationReset
LogonIdFromWinStationNameW
WinStationNameFromLogonIdW
WinStationFreeGAPMemory
WinStationGetAllProcesses
ServerLicensingOpenW
ServerLicensingClose
ServerLicensingGetAvailablePolicyIds
WinStationEnumerateW
ServerLicensingSetPolicy
WinStationOpenServerW
ServerLicensingGetPolicy
WinStationFreeMemory
WinStationConnectW
WinStationEnumerateProcesses

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 603KB - Virtual size: 946KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

630928a82f20f0d7b01e848fe5db3089

Headers

File Characteristics

Imports

kernel32

setupapi

advapi32

netapi32

winsta

Sections

.text Size: 8KB - Virtual size: 8KB

DATA Size: 603KB - Virtual size: 946KB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 512B - Virtual size: 48B

.text
Size: 8KB - Virtual size: 8KB

DATA
Size: 603KB - Virtual size: 946KB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 512B - Virtual size: 48B