8918f063ae2b5ae5fb74e91b71642cc7cd1793dd71fa4b779385728246dc67fb

Sharing

Copy URL

Twitter E-mail

General

Target

8918f063ae2b5ae5fb74e91b71642cc7cd1793dd71fa4b779385728246dc67fb
Size

136KB
MD5

c2f81d4984d9e4073b63e2d63d86f2fe
SHA1

1b5c55dd1e2e10dfaf02c2693ea80cc577c225c2
SHA256

8918f063ae2b5ae5fb74e91b71642cc7cd1793dd71fa4b779385728246dc67fb
SHA512

eb56aa67c554a22699ed8a3eec378ae278e924789b015fcfd15aacaf48c1151c0b1fba835215f9d90ef9ea1dca8cfc2650c5e8fe9dca68ef1852f22a439797b3
SSDEEP

3072:5nb8P3xzNIZ7tz3kEOcpee+OLMNnqIHQUIB+pp166r:d8PCz0EOkeuMRDwN+n166

Score

N/A

Malware Config

Signatures

Files

8918f063ae2b5ae5fb74e91b71642cc7cd1793dd71fa4b779385728246dc67fb
.exe windows x86

625418c1db46c107b31220397bc00c7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtReadVirtualMemory
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
ZwQueryPortInformationProcess
RtlCutoverTimeToSystemTime
ZwTerminateProcess
RtlCreateAcl
ZwSetHighWaitLowEventPair
NtResetWriteWatch
NtFlushInstructionCache
NtCreateDebugObject
ZwWaitForDebugEvent
_CIsqrt
ZwAllocateVirtualMemory
RtlGetUserInfoHeap
NtFilterToken
RtlNtStatusToDosErrorNoTeb
RtlEnlargedUnsignedMultiply
wcscspn
NtOpenTimer
NtUnlockFile
ZwCreateEvent
RtlRealPredecessor
LdrUnloadAlternateResourceModule
ZwReplyWaitReplyPort
ZwSecureConnectPort
wcstol
ZwLockRegistryKey
ZwTranslateFilePath
NtCreateSymbolicLinkObject
NtSetEvent
RtlSetIoCompletionCallback
ZwCreateMutant
RtlFreeOemString
NtWaitLowEventPair
ZwUnloadDriver
ZwTestAlert
RtlSetCurrentDirectory_U
NtSetBootEntryOrder

advapi32

CryptHashData
LsaICLookupNames
SaferIdentifyLevel
RegEnumValueW
SystemFunction019
MSChapSrvChangePassword
RegUnLoadKeyA
GetInformationCodeAuthzPolicyW
CredUnmarshalCredentialW
CloseCodeAuthzLevel
CryptGetProvParam
SetServiceBits
CryptContextAddRef
GetExplicitEntriesFromAclW
SetSecurityDescriptorGroup
RegConnectRegistryW
GetPrivateObjectSecurity
SetSecurityInfo
SetNamedSecurityInfoExA
TraceMessage
StartServiceCtrlDispatcherW
RegOpenKeyW
AdjustTokenGroups
ConvertSecurityDescriptorToAccessNamedA
GetSecurityDescriptorControl
GetManagedApplications
DeleteService
LsaCreateTrustedDomain
LsaEnumeratePrivilegesOfAccount
QueryUsersOnEncryptedFile
WmiDevInstToInstanceNameA
EncryptFileW
ProcessTrace
AddAuditAccessAce
GetSecurityDescriptorDacl
InitializeSid
GetSecurityInfo
GetTrusteeNameW
RegGetKeySecurity
GetManagedApplicationCategories
FreeEncryptionCertificateHashList
GetSecurityInfoExA

rasapi32

DwRasUninitialize
RasGetCredentialsW
RasGetEntryPropertiesW
RasDeleteSubEntryA
RasGetEapUserDataA
RasSetAutodialEnableA
RasGetSubEntryPropertiesA
RasInvokeEapUI
RasSetEapUserDataW
RasRenameEntryW
RasGetEapUserIdentityA
RasQuerySharedAutoDial
RasGetCustomAuthDataA
RasGetAutodialAddressA
RasGetCountryInfoA
RasGetEntryDialParamsW
RasSetEntryDialParamsA
RasEnumEntriesW
RasSetAutodialParamW
RasDialW
RasEnumDevicesA
RasGetEntryHrasconnW
RasGetConnectStatusA
RasScriptInit
RasGetEapUserDataW
RasGetErrorStringW
RasHangUpW
RasDeleteSubEntryW
RasGetSubEntryHandleW
RasGetLinkStatistics
RasGetCountryInfoW
RasRenameEntryA
RasEnumConnectionsW
RasScriptSend
DwEnumEntryDetails
RasAutoDialSharedConnection
RasSetEapUserDataA
RasEnumConnectionsA
RasConnectionNotificationW
RasValidateEntryNameW
RasSetEntryDialParamsW
RasGetAutodialEnableW
UnInitializeRAS

oleaut32

VarMul
VarI2FromR8
VarCyInt
VarDecFromI1
VarI8FromStr
LPSAFEARRAY_UserMarshal
VarDateFromR4
VarI8FromUI4
VarI2FromUI2
VarI1FromI8
VarDecFromUI1
VarUI4FromCy
VarUI1FromDec
VariantChangeType
VarPow
VarI4FromUI8
VarR4FromStr
VarI8FromUI1
VarCyFromUI8
VarUI2FromI4
VarOr
VarUI4FromR4
VarR4FromUI4
VARIANT_UserSize
VarI1FromUI8
VarBoolFromI8
VarI1FromUI1
VarR4FromUI1
VarUI1FromStr
VarCmp
VarFormatFromTokens
VarI4FromDisp
VarDecCmpR8
VarUI1FromDisp
VARIANT_UserUnmarshal
SafeArraySetIID

glu32

gluSphere
gluTessProperty
gluEndCurve
gluNurbsSurface
gluTessVertex
gluTessBeginContour
gluGetTessProperty
gluQuadricDrawStyle
gluDeleteTess
gluTessBeginPolygon
gluPickMatrix
gluBeginCurve
gluQuadricTexture
gluBeginTrim
gluGetString
gluDisk
gluTessEndPolygon
gluGetNurbsProperty
gluBuild2DMipmaps
gluErrorString
gluLoadSamplingMatrices
gluErrorUnicodeStringEXT
gluNewQuadric
gluCylinder
gluEndPolygon
gluScaleImage
gluBeginSurface
gluEndSurface
gluDeleteNurbsRenderer

kernel32

GetLocaleInfoW
LoadLibraryA
PrivMoveFileIdentityW
GetComputerNameW
CreateJobSet
CompareFileTime
InterlockedPopEntrySList
HeapCreate
GetStartupInfoW
GetConsoleCommandHistoryA
SetConsoleIcon
_lcreat
PrepareTape
GetCommTimeouts
DeleteVolumeMountPointA
GetVDMCurrentDirectories
ExpandEnvironmentStringsW
_hwrite
SetConsoleKeyShortcuts
FindResourceA
GetWindowsDirectoryA
GetModuleHandleExW
FindCloseChangeNotification
LocalAlloc
GetShortPathNameA
GetUserDefaultUILanguage
GetDefaultCommConfigA
IsBadReadPtr
TlsFree
BindIoCompletionCallback
HeapSummary
Beep
PeekConsoleInputW
SetConsoleActiveScreenBuffer
GetWriteWatch
DeleteFileA
LZInit
GetPriorityClass
GetTickCount
TransactNamedPipe
SetLocalPrimaryComputerNameA
CreateSemaphoreW
VirtualAlloc
FindActCtxSectionGuid
CreateFileMappingW
GetComputerNameExA
SetFileApisToOEM
CreateFileMappingA
GetVolumePathNameA
ConvertFiberToThread
SetUnhandledExceptionFilter

msi

MsiCollectUserInfoA
MsiViewGetErrorW
MsiRecordGetInteger
MsiDoActionW
MsiVerifyPackageA
MsiEnumComponentCostsW
MsiEvaluateConditionA
MsiGetFeatureCostA
MsiEnumPatchesA
MsiConfigureProductW
MsiOpenPackageExA
MsiGetComponentPathW
MsiInstallMissingComponentW
MsiViewClose
MsiDatabaseCommit
MsiGetProductPropertyA
MsiViewModify
Migrate10CachedPackagesA
MsiQueryProductStateW
MsiGetShortcutTargetA
MsiDatabaseOpenViewA
MsiSequenceA
MsiRecordGetStringW
MsiProcessAdvertiseScriptW
MsiConfigureProductExA
MsiDatabaseMergeW
MsiGetLastErrorRecord
MsiViewGetErrorA
MsiDeleteUserDataW
MsiInstallMissingFileA

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

625418c1db46c107b31220397bc00c7e

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

advapi32

rasapi32

oleaut32

glu32

kernel32

msi

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 21KB - Virtual size: 133KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 172B

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 21KB - Virtual size: 133KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B