6b6986155e31bd5c191a933908e7a9d11ecd800d034d089020079b0ef806d646

Sharing

Copy URL Twitter E-mail

General

Target

6b6986155e31bd5c191a933908e7a9d11ecd800d034d089020079b0ef806d646
Size

51KB
MD5

281fa62ce4dea2af408e39d47e181de8
SHA1

01dd02a4691514cdc3bca1d531cb8826a7dea6b4
SHA256

6b6986155e31bd5c191a933908e7a9d11ecd800d034d089020079b0ef806d646
SHA512

d7d54913545f8d5c413a8f2de103b8443b0f9f0fdc5766164ce54d2291a1a2441c91717556567366e53e0093ca855df3ce49f01ff6c976506cf20116a68f32db
SSDEEP

1536:Z8yEAplHV0vTHF4amK3FdxUy+YuMv8Z2Tr3OiJJH8:Z6AFWl3hUy+YJ42Tr3Oa9

Score

N/A

Malware Config

Signatures

Files

6b6986155e31bd5c191a933908e7a9d11ecd800d034d089020079b0ef806d646
.exe windows x86

ef137abd3a8d79029038f265d30d10c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

OpenServiceA
SystemFunction008
DecryptFileW
RegSaveKeyW
InitiateSystemShutdownW
RegQueryValueExW
WmiOpenBlock
LsaOpenSecret
BackupEventLogA
NotifyChangeEventLog
LogonUserExA
ObjectOpenAuditAlarmW
TrusteeAccessToObjectW
FreeEncryptionCertificateHashList
WmiFileHandleToInstanceNameW
CredGetTargetInfoA
CreateServiceW
WmiSetSingleItemW
GetEffectiveRightsFromAclW
CryptDestroyHash
CreateWellKnownSid
LsaSetSystemAccessAccount
LockServiceDatabase
QueryRecoveryAgentsOnEncryptedFile
LsaEnumerateAccountRights
GetServiceKeyNameA
CredpDecodeCredential
GetManagedApplicationCategories
ElfReportEventW
BuildExplicitAccessWithNameA
RegOpenKeyExA
TreeResetNamedSecurityInfoW
RegDisablePredefinedCache
LsaClose
GetTrusteeNameW
AdjustTokenPrivileges
GetSecurityInfo
InstallApplication
RegCreateKeyA
RegConnectRegistryW
ElfReadEventLogA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSidIdentifierAuthority
BuildTrusteeWithObjectsAndNameA
GetNamedSecurityInfoW
EncryptedFileKeyInfo
TraceEvent
TraceEventInstance
LsaQueryTrustedDomainInfo
DeleteService
CryptSetProviderExA
WmiQuerySingleInstanceW
SystemFunction020
IsWellKnownSid
LsaCreateSecret
ConvertSecurityDescriptorToStringSecurityDescriptorA
GetTraceLoggerHandle
GetMultipleTrusteeOperationA

kernel32

SetLocaleInfoW
GlobalFindAtomA
VirtualAlloc
GetModuleHandleW
HeapFree
TlsSetValue
GetProcessShutdownParameters
CreateActCtxA
ReadConsoleOutputA
OpenFileMappingW
TryEnterCriticalSection
GetExitCodeProcess
GetProcessIoCounters
GetConsoleCursorMode
ExitProcess
AddVectoredExceptionHandler
_hwrite
EnumUILanguagesW
SetCriticalSectionSpinCount
TransmitCommChar
EscapeCommFunction
OutputDebugStringA
FileTimeToSystemTime
LoadLibraryA
FillConsoleOutputCharacterA
FreeEnvironmentStringsW
IsDBCSLeadByte
WriteProfileSectionA
BuildCommDCBAndTimeoutsW
AllocateUserPhysicalPages
SetFirmwareEnvironmentVariableA
RemoveDirectoryA

activeds

AllocADsMem
ADsBuildEnumerator
ConvertSecurityDescriptorToSecDes
SecurityDescriptorToBinarySD
ConvertSecDescriptorToVariant
AdsTypeToPropVariant
ReallocADsMem
BinarySDToSecurityDescriptor
ADsGetObject
ADsBuildVarArrayInt
ADsOpenObject
FreeADsMem
ADsEnumerateNext
FreeADsStr
AllocADsStr
ReallocADsStr
PropVariantToAdsType2
ADsSetLastError
ADsBuildVarArrayStr
ADsGetLastError
ADsFreeEnumerator
ADsDecodeBinaryData
AdsFreeAdsValues
AdsTypeToPropVariant2
PropVariantToAdsType

sqlunirl

_SetFileSecurity_@12
_FindNextFile_@8
_ShellAbout_@16
_IsBadStringPtr_@8
_MapVirtualKey_@8
_TranslateAccelerator@12
_NDdeGetShareSecurity_@24
_SetFileAttributes_@8
_SetClassLong_@12
_OpenEventLog_@8
_GlobalAddAtom_@4
_LoadCursorFromFile_@4
_OpenSemaphore_@12
_CreateProcessAsUser_@44
_GetCompressedFileSize_@8
_RegisterWindowMessage_@4
_RegUnLoadKey_@8
_lstrcpy_@8
_SHGetFileInfo_@20
_ModifyMenu_@20
_SetUserObjectInformation_@16
_GetObject@12
_CharUpper@4
_GetLogColorSpace_@12
_LookupAccountSid_@28
_CreateMailslot_@16
_CreateEvent_@16
_CreateMetaFile_@4
_GetEnvironmentVariable_@12
_DlgDirSelectEx_@16

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef137abd3a8d79029038f265d30d10c4

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

activeds

sqlunirl

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 7KB