97d4dde60bdeb3eed4e73524ca132afca901ebb8a5b397deccfdc64a7afa3075

Sharing

Copy URL Twitter E-mail

General

Target

97d4dde60bdeb3eed4e73524ca132afca901ebb8a5b397deccfdc64a7afa3075
Size

785KB
MD5

a0d57b34815e44d84ff0e000487fbd4d
SHA1

5d4c7b23fe402074918f723fb08d4e0e33f67b7e
SHA256

97d4dde60bdeb3eed4e73524ca132afca901ebb8a5b397deccfdc64a7afa3075
SHA512

bb1e31140a45ba4f73205bfab93e2e32ee142d14780b9826093b4752cf51d40b9f3040ee544e44e43389b066bb4378e34ed2594f2d533485a6e68fa71e6299bb
SSDEEP

12288:3F2C52rxuex3fFmt59/UVPqVZ6hnqwvBhCOUL9WPwaNCSeT94H53d//vH:J52rCt59/6AZ6hJs9WPfNB3N//

Score

N/A

Malware Config

Signatures

Files

97d4dde60bdeb3eed4e73524ca132afca901ebb8a5b397deccfdc64a7afa3075
.exe windows x86

630928a82f20f0d7b01e848fe5db3089

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualAlloc
SetCalendarInfoA
GetDevicePowerState
DeleteTimerQueueEx
SetEndOfFile
SetVolumeLabelA
GetVolumePathNameA
FoldStringA
GetSystemPowerStatus
GetDateFormatW
lstrcatW
SetVolumeMountPointW
SetThreadExecutionState
WaitForMultipleObjects
GlobalCompact
GetVersionExW
IsDebuggerPresent
OpenFileMappingA
GetTickCount
SetDefaultCommConfigW
WriteConsoleOutputW
GetPriorityClass
GetModuleFileNameW

setupapi

SetupInstallServicesFromInfSectionW
SetupDiDestroyDriverInfoList
SetupCloseInfFile
SetupDiCreateDeviceInfoList
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiOpenDevRegKey
SetupSetDirectoryIdW

advapi32

RegDeleteKeyA
LsaOpenAccount
IsTextUnicode
RegSetValueA
RegCreateKeyA
ElfRegisterEventSourceW
RegQueryInfoKeyA
LookupPrivilegeNameW
ConvertStringSidToSidW
ImpersonateAnonymousToken
CryptImportKey
GetSidSubAuthority
QueryServiceConfigA
CreateServiceW

netapi32

DsGetSiteNameW
NetGroupAddUser
DsRoleGetPrimaryDomainInformation
I_NetServerAuthenticate
NetLocalGroupGetMembers
I_NetServerSetServiceBitsEx
NetUserSetInfo
DsEnumerateDomainTrustsW
NetpwPathType
NetShareDel
NetShareAdd
NetWkstaTransportEnum
NetWkstaUserGetInfo
NetLocalGroupDelMembers

winsta

WinStationReset
LogonIdFromWinStationNameW
WinStationNameFromLogonIdW
WinStationFreeGAPMemory
WinStationGetAllProcesses
ServerLicensingOpenW
ServerLicensingClose
ServerLicensingGetAvailablePolicyIds
WinStationEnumerateW
ServerLicensingSetPolicy
WinStationOpenServerW
ServerLicensingGetPolicy
WinStationFreeMemory
WinStationConnectW
WinStationEnumerateProcesses

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 603KB - Virtual size: 946KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

630928a82f20f0d7b01e848fe5db3089

Headers

File Characteristics

Imports

kernel32

setupapi

advapi32

netapi32

winsta

Sections

.text Size: 8KB - Virtual size: 8KB

DATA Size: 603KB - Virtual size: 946KB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 512B - Virtual size: 48B

.text
Size: 8KB - Virtual size: 8KB

DATA
Size: 603KB - Virtual size: 946KB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 512B - Virtual size: 48B