a451b70fcbee636f94a27aab6d36ffff5fa2a9ea96aa217c874d2aac951a0e3a

Sharing

Copy URL

Twitter E-mail

General

Target

a451b70fcbee636f94a27aab6d36ffff5fa2a9ea96aa217c874d2aac951a0e3a
Size

125KB
MD5

8beefceb2c3131764b9703cd20cd0bc4
SHA1

be7bb8c12efce285f0b8a493e0bd063615b88320
SHA256

a451b70fcbee636f94a27aab6d36ffff5fa2a9ea96aa217c874d2aac951a0e3a
SHA512

6e34ff54ca85eb7925ca35a11b881611300ebc1ac02297e84420feb76b00a9a13e2f42688dc4754cbf2973e30b7bf8244b0150e0d2262e372f45a9935e3896d0
SSDEEP

3072:Y5pcsAWIJkNX+0dCay4l6AoawDwut4ThKi2nJ:YpHAFoXj0f4wDweYhK/

Score

N/A

Malware Config

Signatures

Files

a451b70fcbee636f94a27aab6d36ffff5fa2a9ea96aa217c874d2aac951a0e3a
.exe windows x86

01036ae87336bde25187b3970b6b96f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

clusapi

ClusterRegEnumValue
GetClusterNetworkKey
GetClusterResourceTypeKey
OnlineClusterGroup
ClusterGroupControl
GetClusterResourceKey
ClusterRegDeleteValue
ClusterGroupGetEnumCount
OfflineClusterResource
FailClusterResource
ClusterResourceEnum
ClusterOpenEnum
ClusterResourceControl
ClusterRegCloseKey
ClusterNetworkCloseEnum
ClusterGroupOpenEnum

advapi32

OpenEventLogW
AddAccessAllowedAce
A_SHAFinal
RegConnectRegistryA
InitializeSid
CredRenameW
SaferiRecordEventLogEntry
I_ScIsSecurityProcess
LsaOpenPolicy
RegOpenKeyW
RegLoadKeyW
CryptDuplicateHash
WmiQueryAllDataMultipleA
LsaCreateTrustedDomainEx
RegQueryMultipleValuesW
UpdateTraceW
LsaQueryForestTrustInformation
GetSecurityInfoExW
GetSecurityDescriptorLength
MD4Final
ElfChangeNotify
ChangeServiceConfigW
SetNamedSecurityInfoExA
GetTrusteeNameW
CredGetSessionTypes

msvcrt

__p__commode
_ismbcdigit
_strtoi64
_getdiskfree
??0bad_cast@@QAE@PBD@Z
_wpgmptr
__set_app_type
_wcsnicmp
_setmode
iswpunct
__RTtypeid
??0exception@@QAE@XZ
__doserrno
_dstbias
?what@exception@@UBEPBDXZ
exit
_execve
_mbsnextc
wprintf
_get_osfhandle

ntdll

RtlUpdateTimer
RtlDeleteTimerQueueEx
ZwOpenObjectAuditAlarm
NtQueueApcThread
ZwRaiseHardError
RtlInterlockedPushListSList
_ltow
RtlAcquireResourceShared
NtWriteVirtualMemory
RtlUpcaseUnicodeStringToAnsiString
ZwFreeUserPhysicalPages
ZwDisplayString
NtCallbackReturn
ZwSetInformationFile
RtlFindClearBits
RtlLeaveCriticalSection
NtSetEvent
RtlUpcaseUnicodeToOemN
RtlCopySidAndAttributesArray

kernel32

MoveFileExW
CreateFileW
VirtualAlloc
GetNumberOfConsoleFonts
InitializeCriticalSection
ConvertThreadToFiber
SetConsoleInputExeNameA
GetWindowsDirectoryA
LoadLibraryA
SetLastError
LZInit
BackupRead
IsDebuggerPresent
OutputDebugStringA
GetPrivateProfileIntW
GetVolumePathNameA
GetEnvironmentStringsW
IsDBCSLeadByte
SetConsoleOS2OemFormat
GetPrivateProfileSectionNamesW
IsValidLocale
Process32FirstW
InitAtomTable
GetProcessAffinityMask

ir50_32

AboutDialogProc
ConfigureDialogProc
DllMain
DriverProc

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

01036ae87336bde25187b3970b6b96f7

Headers

DLL Characteristics

File Characteristics

Imports

clusapi

advapi32

msvcrt

ntdll

kernel32

ir50_32

Sections

.text Size: 34KB - Virtual size: 33KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 34KB - Virtual size: 33KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 1KB