9edd73bfb7885b5028cda5bc8376e524e27a933dfce85d20e8db5f8c8bfe058b

Sharing

Copy URL Twitter E-mail

General

Target

9edd73bfb7885b5028cda5bc8376e524e27a933dfce85d20e8db5f8c8bfe058b
Size

831KB
MD5

bb87b5b7cdef2b5c9f5488f23e4319ec
SHA1

bebc3ebb8815752dd18ef8fc519b0ffc6abb9ba4
SHA256

9edd73bfb7885b5028cda5bc8376e524e27a933dfce85d20e8db5f8c8bfe058b
SHA512

6c39aa80361e1d3479f0d48533e85e9cae270f902df043cc6460ee8a3927ea12a7e3b4333255f65ba763e666f24baa7363141f2927bef94a76e73a6862941355
SSDEEP

12288:SjvXxV5tNh5CBeuA+F2bGblsUEsTJRtN7z6HVEdv456JBE0/N88IBEUyYEmzF:SjFLCBnAtGblPEOttPecBH/N8Fy

Score

N/A

Malware Config

Signatures

Files

9edd73bfb7885b5028cda5bc8376e524e27a933dfce85d20e8db5f8c8bfe058b
.exe windows x86

5611f766a92c7d9526972d33f9a13315

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CreateServiceW
IsValidSecurityDescriptor
RegSetValueExW
CloseEventLog
QueryRecoveryAgentsOnEncryptedFile
QueryServiceLockStatusW
RegCreateKeyExW
RegConnectRegistryA
CryptGetProvParam
GetOldestEventLogRecord
GetTokenInformation
CryptDuplicateHash
StartTraceW
SetTokenInformation
AdjustTokenPrivileges
SystemFunction016
DestroyPrivateObjectSecurity
AddAuditAccessAce
CheckTokenMembership
AreAnyAccessesGranted
RegSetValueW
CryptAcquireContextW

netapi32

NetGetJoinableOUs
NetUserGetGroups
NetGroupEnum
NetLocalGroupGetMembers
NetDfsSetClientInfo
NetFileClose
NetUserSetInfo
NetShareGetInfo
NetServerGetInfo
NetQueryDisplayInformation
DsRoleFreeMemory
NetUseAdd
I_NetServerReqChallenge
DsRoleGetPrimaryDomainInformation
NetShareSetInfo

mpr

WNetGetUniversalNameW
WNetGetUserW
WNetAddConnection3W
WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceA
WNetUseConnectionW
WNetGetLastErrorW
WNetAddConnection2W
WNetGetUniversalNameA
WNetEnumResourceW
WNetGetConnectionA
WNetGetProviderNameW
WNetOpenEnumA
WNetGetConnectionW
WNetGetResourceInformationW

rpcrt4

CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
RpcBindingInqAuthInfoExW
RpcBindingInqAuthClientExW
I_RpcAsyncAbortCall
MesEncodeFixedBufferHandleCreate
NdrStubForwardingFunction

kernel32

GetConsoleCP
FreeLibrary
PeekNamedPipe
GetStartupInfoW
lstrcpynW
GetFileAttributesW
VirtualAlloc
InterlockedIncrement
SetConsoleKeyShortcuts

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.HPs
Size: 686KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5611f766a92c7d9526972d33f9a13315

Headers

File Characteristics

Imports

advapi32

netapi32

mpr

rpcrt4

kernel32

Sections

.text Size: 22KB - Virtual size: 21KB

.HPs Size: 686KB - Virtual size: 1.0MB

.rsrc Size: 121KB - Virtual size: 121KB

.reloc Size: 512B - Virtual size: 196B

.text
Size: 22KB - Virtual size: 21KB

.HPs
Size: 686KB - Virtual size: 1.0MB

.rsrc
Size: 121KB - Virtual size: 121KB

.reloc
Size: 512B - Virtual size: 196B