8003dd9999be3224353ca0074481144d62533369cd2543c66d22df9ab226e1b4

Sharing

Copy URL Twitter E-mail

General

Target

8003dd9999be3224353ca0074481144d62533369cd2543c66d22df9ab226e1b4
Size

381KB
MD5

7b32576c90c7f1916d14f74b4abae616
SHA1

b934e19f95988244a0f62cb6756e0a073d801637
SHA256

8003dd9999be3224353ca0074481144d62533369cd2543c66d22df9ab226e1b4
SHA512

f1c7b3cf1756ecf323466dea3c8c01db0852b18dbaf4b3bac6cf4baeeda761b6ec8a7382e073323d3dc0c3879cd89c0e17c5596e0d668cfc3664a4460f0474d0
SSDEEP

6144:/RuZhpoWwRSjoHe+AgiRzE3BXcpCjHqiRlkwJU2ZXMobW0fIrQZywq15aODeg6:kqt++AgiRzEegHq4FByGvYrLDeg6

Score

N/A

Malware Config

Signatures

Files

8003dd9999be3224353ca0074481144d62533369cd2543c66d22df9ab226e1b4
.exe windows x86

7369b188dbf3a38964d14e6a073f1560

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_ctime64
_wpopen
_ismbckata
_ismbbkana
_wutime64
__p__commode
_open
_ui64tow
strcpy
__argc
_CxxThrowException
clearerr
_adj_fdivr_m64
_dup2
_resetstkoflw
strlen
_stat64
??_Gbad_typeid@@UAEPAXI@Z
strtod
??_Ebad_typeid@@UAEPAXI@Z
_iob
?set_terminate@@YAP6AXXZP6AXXZ@Z
_wsplitpath
_wtmpnam
_strerror
wcscmp
_wspawnv
_fpreset
__set_app_type
exit
__getmainargs
_lseeki64
_CIacos
_mbsnbcnt
_fstati64
_gmtime64
_pclose

regapi

RegWinStationDeleteA
RegWinStationQueryNumValueW
RegUserConfigRename
RegUserConfigQuery
RegGetMachinePolicy
RegWinStationQueryA
RegDenyTSConnectionsPolicy
RegGetTServerVersion
RegBuildNumberQuery
RegSAMUserConfig
RegOpenServerA
RegWinStationEnumerateW
RegPdDeleteA
RegWinStationEnumerateA
RegCdCreateW
RegWinStationDeleteW
RegWinStationQuerySecurityA
RegCdEnumerateW
RegWinStationQueryEx
RegWdEnumerateW
RegIsTServer
RegWdCreateW
RegWinStationQuerySecurityW
RegCdEnumerateA
RegConsoleShadowQueryW
RegIsMachinePolicyAllowHelp
RegWdCreateA
RegWinStationSetNumValueW
RegWinStationSetSecurityW
RegGetUserConfigFromUserParameters
RegWinStationCreateW
RegPdQueryW
RegWinStationAccessCheck
RegPdQueryA

kernel32

FlushConsoleInputBuffer
SetThreadLocale
ReadConsoleInputW
SetupComm
MoveFileExW
SetThreadUILanguage
CreatePipe
SetConsoleMenuClose
CreateFiberEx
QueryMemoryResourceNotification
WriteConsoleOutputW
MoveFileWithProgressW
WriteConsoleOutputAttribute
GetConsoleProcessList
BackupRead
RemoveVectoredExceptionHandler
QueryDosDeviceW
SetTimeZoneInformation
GetModuleHandleW
LoadLibraryA
lstrcatA
VirtualAlloc
RegisterConsoleOS2
SystemTimeToTzSpecificLocalTime
GetEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
HeapQueryInformation
GetPrivateProfileSectionW
GetGeoInfoA
ReleaseSemaphore
SetLastConsoleEventActive
SetFilePointerEx
CmdBatNotification
SetClientTimeZoneInformation
CreateTimerQueueTimer
LeaveCriticalSection
HeapCreate
LZCloseFile
GetCompressedFileSizeA
GetFileSize
GetStartupInfoW

rpcns4

RpcNsMgmtBindingUnexportW
RpcNsGroupMbrRemoveA
RpcNsBindingImportBeginA
RpcNsEntryExpandNameA
RpcNsBindingImportDone
RpcNsBindingUnexportA
RpcNsGroupMbrAddA
RpcNsMgmtBindingUnexportA
I_RpcNsNegotiateTransferSyntax
RpcNsEntryObjectInqNext
RpcNsEntryObjectInqDone
RpcNsBindingUnexportPnPA
RpcNsGroupMbrRemoveW
RpcNsBindingExportA
RpcNsProfileEltInqNextW
RpcNsGroupMbrAddW
RpcNsMgmtSetExpAge
RpcNsMgmtEntryInqIfIdsA
RpcNsProfileEltAddW
RpcNsBindingExportPnPA
RpcNsMgmtEntryCreateA
RpcNsBindingUnexportPnPW
RpcNsGroupMbrInqNextA
I_RpcNsRaiseException
I_RpcReBindBuffer
RpcNsProfileEltRemoveA
RpcNsBindingExportPnPW
RpcNsProfileEltRemoveW
RpcNsBindingImportBeginW
RpcNsGroupMbrInqBeginA
RpcNsGroupDeleteA
RpcNsMgmtInqExpAge
RpcNsProfileEltAddA
RpcNsBindingExportW

advapi32

SetTokenInformation
LsaCreateTrustedDomain
CredWriteA
SaferIdentifyLevel
RegQueryValueExW
OpenTraceA
CryptSetProvParam
ElfBackupEventLogFileW
LsaSetQuotasForAccount
AllocateAndInitializeSid
CryptDecrypt
SystemFunction027
LsaAddPrivilegesToAccount
DecryptFileA
WmiFileHandleToInstanceNameA
SystemFunction041
LsaLookupSids
AddAuditAccessAceEx
RegisterTraceGuidsW
SystemFunction001
ConvertStringSDToSDDomainA
I_ScSetServiceBitsW
CryptSignHashW
GetFileSecurityW
BuildTrusteeWithSidA
RegConnectRegistryW
GetTrusteeNameW

user32

PostQuitMessage
RegisterClassW
DefWindowProcW

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7369b188dbf3a38964d14e6a073f1560

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

regapi

kernel32

rpcns4

advapi32

user32

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 142KB - Virtual size: 142KB

.data Size: 61KB - Virtual size: 568KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 142KB - Virtual size: 142KB

.data
Size: 61KB - Virtual size: 568KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 1KB - Virtual size: 1KB