800090a2a2aa47042b3825e376472baa16c6be44b70e42507c3d81e31ad81138

Sharing

Copy URL Twitter E-mail

General

Target

800090a2a2aa47042b3825e376472baa16c6be44b70e42507c3d81e31ad81138
Size

827KB
MD5

f8b25080a3f59c61677c73388410caf9
SHA1

2199cb76ee9501ae034a584f04f9c1e04843d5e4
SHA256

800090a2a2aa47042b3825e376472baa16c6be44b70e42507c3d81e31ad81138
SHA512

4a911804b59d3678e4b46d637473b5c1da204aed0d7007ebd4fa9cb91678485239e412b207858a3162c0fcae3a53ee1390d6da919f585cfd219fa25c1d28aac1
SSDEEP

12288:nG+ilI5lnXmNNOKScu+h6OnR9BNDWHA4cuyicld7vrF5XkD6hOl2JPgaPzO:YAlWmc2CBWZyimzF5XM6hOl2JoaPz

Score

N/A

Malware Config

Signatures

Files

800090a2a2aa47042b3825e376472baa16c6be44b70e42507c3d81e31ad81138
.exe windows x86

f82b52d1e5f4ce6f294d33ab1efb3ac2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

DsGetForestTrustInformationW
NetLogonGetTimeServiceParentDomain
NetGroupSetUsers
I_NetLogonGetDomainInfo
NetServerTransportDel
I_NetlogonComputeServerDigest
NetServerSetInfo
I_NetGetForestTrustInformation
NetpAssertFailed
NetScheduleJobAdd
NetpwPathType
NetUserEnum
NetUnregisterDomainNameChangeNotification
I_NetServerPasswordSet2
NetServerEnum
NetGroupAddUser
DsGetDcSiteCoverageW
NetShareSetInfo
I_NetServerSetServiceBits
NetAddAlternateComputerName
NetMessageBufferSend
I_NetServerGetTrustInfo
I_NetDatabaseRedo
I_NetDfsIsThisADomainName
RxNetServerEnum

advapi32

WmiSetSingleItemW
EncryptedFileKeyInfo
ObjectOpenAuditAlarmW
ObjectPrivilegeAuditAlarmW
CryptEnumProvidersW
ElfRegisterEventSourceW
AddAccessDeniedObjectAce
CreateProcessAsUserA
LookupPrivilegeDisplayNameA
CryptAcquireContextW
LsaEnumeratePrivilegesOfAccount
RegEnumKeyExW
GetAce
RegOpenKeyExA
TraceEventInstance
TrusteeAccessToObjectA
ElfChangeNotify
ElfNumberOfRecords
SaferiPopulateDefaultsInRegistry
CommandLineFromMsiDescriptor
AdjustTokenPrivileges
SetTokenInformation
SystemFunction029
QueryServiceConfigW
SaferRecordEventLogEntry
RegOpenKeyA
AddAccessAllowedAce
SetSecurityDescriptorOwner
ElfBackupEventLogFileW
I_ScSetServiceBitsA
RegisterTraceGuidsW
LsaEnumerateAccounts
StartServiceW
AccessCheck
CreateServiceW
GetSecurityDescriptorControl
BuildSecurityDescriptorW
SystemFunction031
RegSetKeySecurity
AccessCheckByTypeResultList
FreeEncryptedFileKeyInfo
CryptAcquireContextA
RegEnumValueW
CryptReleaseContext
LsaLookupPrivilegeName
SystemFunction022
SystemFunction025
RemoveTraceCallback
StartServiceCtrlDispatcherA
RegQueryValueW
CreateCodeAuthzLevel
DeregisterEventSource
GetEffectiveRightsFromAclW
LsaEnumerateTrustedDomains
RegUnLoadKeyA
RegLoadKeyW
CredUnmarshalCredentialW
SetSecurityDescriptorSacl
AbortSystemShutdownA
AddAuditAccessAce

odbccr32

SQLSetDescRec
ReleaseCLStmtResources
SQLParamOptions
SQLPrepare
SQLSetStmtAttr
SQLExecute
SQLMoreResults
SQLBindCol
SQLSetPos
SQLTransact
SQLGetStmtOption
SQLSetConnectAttr
SQLExecDirect
SQLParamData
SQLSetScrollOptions
SQLBulkOperations
SQLCancel
SQLBindParameter
SQLNativeSql
SQLExtendedFetch
SQLSetStmtOption
SQLEndTran
SQLGetInfo
SQLFetchScroll
SQLGetStmtAttr
SQLPutData
SQLCloseCursor
SQLFreeHandle
SQLSetConnectOption
SQLGetDescRec

kernel32

WriteFileGather
ExpungeConsoleCommandHistoryW
TlsAlloc
HeapFree
SetPriorityClass
ExitProcess
GetStdHandle
WaitForDebugEvent
GetNumberOfConsoleFonts
GetVersionExW
GetACP
OutputDebugStringW
LoadLibraryA
GetComputerNameExA
OpenJobObjectW
OpenProfileUserMapping
FindNextChangeNotification
CreateJobObjectA
GlobalHandle
CreateHardLinkA
SetConsoleMode
Process32NextW
ContinueDebugEvent
GetConsoleAliasExesW
GlobalFlags
DeleteAtom
SetConsolePalette
EnumCalendarInfoW
FormatMessageA
GetModuleHandleA
EnumDateFormatsA
GetStringTypeW
RemoveDirectoryW
GetCalendarInfoA
VirtualAlloc

hhsetup

?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?SetMasterCHM@CCollection@@QAEXPBDG@Z
?SetNextFolder@CFolder@@QAEXPAV1@@Z
?GetVolume@CLocation@@QAEPADXZ
?GetLocation@CTitle@@QAEPAULocationHistory@@K@Z
?NewTitle@CCollection@@AAEPAVCTitle@@XZ
?Add@CPointerList@@QAEPAUListItem@@PAX@Z
?GetNextFolder@CFolder@@QAEPAV1@XZ
?SetFirstChildFolder@CFolder@@QAEXPAV1@@Z
?GetFirstChildFolder@CFolder@@QAEPAV1@XZ
?GetTitleW@CLocation@@QAEPBGXZ
?GetVersion@CCollection@@QAEKXZ
?IsDirty@CCollection@@QAEHXZ
?SetSampleLocation@CCollection@@QAEXPBD@Z
??1CFolder@@QAE@XZ
?SetId@CLocation@@QAEXPBG@Z
?SetLanguage@CFolder@@QAEXG@Z
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?SetTitle@CFolder@@QAEXPBD@Z
??4CPointerList@@QAEAAV0@ABV0@@Z
?MergeKeywords@CCollection@@QAEHPAG@Z
?GetOrder@CFolder@@QAEKXZ
??1CLocation@@QAE@XZ
?GetTitle@CFolder@@QAEPADXZ
?GetRootFolder@CCollection@@QAEPAVCFolder@@XZ
?SetLanguage@CTitle@@QAEXG@Z
??1CCollection@@QAE@XZ
?DeleteFolder@CCollection@@QAEKPAVCFolder@@@Z
?FindLocation@CCollection@@QAEPAVCLocation@@PBGPAI@Z
?GetId@CLocation@@QBEPADXZ
?RemoveAll@CFIFOString@@QAEXXZ
?GetCollectionFileName@CCollection@@QAEPBDXZ

Sections

.text
Size: 373KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f82b52d1e5f4ce6f294d33ab1efb3ac2

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

advapi32

odbccr32

kernel32

hhsetup

Sections

.text Size: 373KB - Virtual size: 372KB

.rdata Size: 92KB - Virtual size: 92KB

.data Size: 188KB - Virtual size: 1.6MB

.rsrc Size: 171KB - Virtual size: 171KB

.reloc Size: 1024B - Virtual size: 988B

.text
Size: 373KB - Virtual size: 372KB

.rdata
Size: 92KB - Virtual size: 92KB

.data
Size: 188KB - Virtual size: 1.6MB

.rsrc
Size: 171KB - Virtual size: 171KB

.reloc
Size: 1024B - Virtual size: 988B