6820bbc6f3fff9add768046024bfc000c48bc5788707336433e6e6615bbe17d4

Sharing

Copy URL Twitter E-mail

General

Target

6820bbc6f3fff9add768046024bfc000c48bc5788707336433e6e6615bbe17d4
Size

833KB
MD5

73f3c55e6ed9e31d26eaf5a6578e6d86
SHA1

fa02e21fe1d80a5311a2670d11d6ef6f244941a1
SHA256

6820bbc6f3fff9add768046024bfc000c48bc5788707336433e6e6615bbe17d4
SHA512

12e7c5f0db7bbad8b06a0deff4b4425ce7ba1554bc2e9f405425bc316b990a78cd86ee1495dee05e7830bb76a7e5f7220ed961f627d2f909b7fb021c0be568b6
SSDEEP

12288:gYnxdfM5kSEkWyG7yxc42I692VLoTkpPesJqA1qrCiJ6o4METcYAz8KBwMqSWLw/:gUs1EDyAI42npP/crhJF1SAVyj9

Score

N/A

Malware Config

Signatures

Files

6820bbc6f3fff9add768046024bfc000c48bc5788707336433e6e6615bbe17d4
.exe windows x86

7bd4de9079b920d693a5f95019507402

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

IsPwrShutdownAllowed
GetPwrCapabilities
ReadGlobalPwrPolicy
MergeLegacyPwrScheme
LoadCurrentPwrScheme
CallNtPowerInformation
WriteProcessorPwrScheme
ReadProcessorPwrScheme
DeletePwrScheme
ValidatePowerPolicies
CanUserWritePwrScheme
SetActivePwrScheme
GetCurrentPowerPolicies
EnumPwrSchemes
IsAdminOverrideActive
SetSuspendState
WritePwrScheme
ReadPwrScheme
GetActivePwrScheme
GetPwrDiskSpindownRange

ntdll

RtlMapSecurityErrorToNtStatus
RtlGetGroupSecurityDescriptor
RtlUnicodeStringToOemSize
CsrAllocateCaptureBuffer
log
ZwCreateJobSet
NtWaitForDebugEvent
RtlAddAccessDeniedObjectAce
ZwCancelTimer
RtlCompareMemory
RtlEnumerateGenericTableLikeADirectory
_allshl
NtSetEventBoostPriority
ZwAlertResumeThread
strcmp
ZwReleaseSemaphore
ZwDeleteAtom
NtSetLowEventPair
RtlSubtreeSuccessor
isxdigit
NtSetValueKey
RtlLargeIntegerAdd
RtlDosSearchPath_U
NtSetTimerResolution
NtWriteFile
RtlAddVectoredExceptionHandler
NtLockVirtualMemory
RtlFillMemoryUlong

kernel32

OutputDebugStringA
EnumResourceTypesA
CreateSocketHandle
GetLocaleInfoW
GetCommModemStatus
FoldStringA
GetAtomNameW
GetSystemTimeAdjustment
BaseCheckAppcompatCache
GetExitCodeThread
CreateMemoryResourceNotification
GetLastError
SetConsolePalette
GetTickCount
GetProcessShutdownParameters
SetLastError
LoadLibraryW
GetTimeZoneInformation

winipsec

GetQMPolicyByID
MatchTunnelFilter
GetMMPolicy
DeleteQMPolicy
SPDApiBufferFree
OpenMMFilterHandle
MatchMMFilter
CloseTransportFilterHandle
CloseMMFilterHandle
DeleteTransportFilter
DeleteTunnelFilter
GetMMPolicyByID
EnumQMPolicies
SetMMPolicy
SetTunnelFilter
CloseTunnelFilterHandle
EnumMMPolicies
AddQMPolicy
EnumMMFilters
EnumMMAuthMethods
AddMMFilter
GetMMAuthMethods
EnumQMSAs
SetMMAuthMethods
QueryIPSecStatistics
DeleteMMPolicy
GetTunnelFilter
SetTransportFilter

shlwapi

PathUnquoteSpacesW
SHRegSetUSValueA
UrlCombineW
SHReleaseThreadRef
PathIsUNCServerShareA
StrChrA
SHGetValueW
AssocQueryStringByKeyW
SHRegWriteUSValueW
PathGetCharTypeA
StrStrIA
StrCatW
SHGetValueA
PathIsURLA
SHDeleteValueW
StrFormatByteSize64A
PathCompactPathExW

crtdll

memset
_sopen
floor
_mbslwr
_execlp
_findnext
_CIlog10
free
_wtoi
_ismbbprint
_CIpow
strrchr
_ismbcalpha
_getch
wcsncat
_mbctolower
_itow
_isatty
_chmod
_ismbcl2
_fcloseall
time

advapi32

LsaCreateSecret
I_ScSetServiceBitsA
GetUserNameW
WmiSetSingleItemA
WmiQueryAllDataMultipleA
ElfOldestRecord
SystemFunction014
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetInheritanceSourceW
SystemFunction013
TraceMessage
WmiFreeBuffer
CredWriteDomainCredentialsA
CryptGetDefaultProviderA
ConvertStringSDToSDRootDomainW
ElfNumberOfRecords
CryptDeriveKey
CreateProcessWithLogonW
LsaEnumeratePrivileges
SystemFunction001
WmiDevInstToInstanceNameW
ElfOpenBackupEventLogA

msvcrt

_wpopen
_read
setbuf
__argc
_ecvt
_close
__getmainargs
_rmtmp
__p___mb_cur_max
??_G__non_rtti_object@@UAEPAXI@Z
_wfindfirsti64
_strtime
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
__set_app_type
_aligned_offset_malloc
exit
_chdir
_adj_fdivr_m32
mktime
_futime64
_wcsncoll
_stati64
_exit
__p__commode
_mbcjistojms
_wchdir
_spawnv

user32

EndDialog

Sections

.text
Size: 384KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7bd4de9079b920d693a5f95019507402

Headers

DLL Characteristics

File Characteristics

Imports

powrprof

ntdll

kernel32

winipsec

shlwapi

crtdll

advapi32

msvcrt

user32

Sections

.text Size: 384KB - Virtual size: 383KB

.rdata Size: 160KB - Virtual size: 160KB

.data Size: 173KB - Virtual size: 1.5MB

.rsrc Size: 113KB - Virtual size: 112KB

.reloc Size: 1024B - Virtual size: 968B

.text
Size: 384KB - Virtual size: 383KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 173KB - Virtual size: 1.5MB

.rsrc
Size: 113KB - Virtual size: 112KB

.reloc
Size: 1024B - Virtual size: 968B