70c3970c8d1b382fe4680f44a7a90dbb633754b354a5671c1bf6e84041ccd470

Sharing

Copy URL Twitter E-mail

General

Target

70c3970c8d1b382fe4680f44a7a90dbb633754b354a5671c1bf6e84041ccd470
Size

829KB
MD5

aefbfa6bd1e66886837ab6f8456ddbee
SHA1

80570bb3c4a829981f99c1e3a936993065a6d587
SHA256

70c3970c8d1b382fe4680f44a7a90dbb633754b354a5671c1bf6e84041ccd470
SHA512

301fb158be3e95e1602d979411e73002b60d5317894257d801f39558c91e560d84409c85fb0df25820d58bc98d29ef4b11883047220b7bd4d1620351c06c877e
SSDEEP

12288:fD0dSs8wBqsBg5Rtae6PHntqjC3L4Bx+FUyGsCe3NRGLJRHkhN/XGf+5P2hx2SHj:fD0gb+40BwDxnNsB4LJRKt5PKxz

Score

N/A

Malware Config

Signatures

Files

70c3970c8d1b382fe4680f44a7a90dbb633754b354a5671c1bf6e84041ccd470
.exe windows x86

f68e50b282482f582da717e179347aeb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

userenv

UnregisterGPNotification
GetGPOListW
RsopFileAccessCheck
GetAllUsersProfileDirectoryW
GetNextFgPolicyRefreshInfo
RsopAccessCheckByType
RsopLoggingEnabled
GetPreviousFgPolicyRefreshInfo
RefreshPolicyEx
WaitForMachinePolicyForegroundProcessing
UnloadUserProfile
GetProfileType
ForceSyncFgPolicy
GetDefaultUserProfileDirectoryA
WaitForUserPolicyForegroundProcessing
RefreshPolicy
DestroyEnvironmentBlock
ExpandEnvironmentStringsForUserW
RsopResetPolicySettingStatus
GetGPOListA
GetProfilesDirectoryA
RsopSetPolicySettingStatus
LoadUserProfileW
DeleteProfileW
RegisterGPNotification
GetDefaultUserProfileDirectoryW
GetAllUsersProfileDirectoryA
ProcessGroupPolicyCompletedEx
GetAppliedGPOListW
FreeGPOListA
FreeGPOListW
CreateEnvironmentBlock

kernel32

GetBinaryType
ExitProcess
LoadResource
HeapDestroy
WriteConsoleA
GetUserDefaultLangID
GetModuleHandleA
GetUserGeoID
GetNumaNodeProcessorMask
MapUserPhysicalPages
RemoveDirectoryW
VirtualFree
LoadModule
Process32NextW
GetACP
GetConsoleOutputCP
QueryDosDeviceA
WaitForMultipleObjectsEx
OutputDebugStringW
FileTimeToSystemTime
OpenMutexW
UpdateResourceW
Module32NextW
SetConsoleMaximumWindowSize
SetConsoleOutputCP
LoadLibraryA
GetStringTypeExA
QueueUserAPC
WriteConsoleInputA
WriteConsoleOutputCharacterW
CreateFileMappingA
VirtualAlloc
LZRead
FoldStringW
FatalAppExitW

ntdll

RtlInitializeGenericTable
ZwFlushKey
ZwLockVirtualMemory
RtlNewSecurityObjectEx
ZwDeviceIoControlFile
ZwOpenSymbolicLinkObject
RtlConsoleMultiByteToUnicodeN
RtlTraceDatabaseUnlock
RtlCaptureStackContext
RtlFindLongestRunClear
PfxInitialize
DbgPrintReturnControlC
ZwReplyWaitReceivePortEx
RtlpNtEnumerateSubKey
ZwSetThreadExecutionState
ZwOpenKeyedEvent
RtlLargeIntegerShiftLeft
ZwSetSystemEnvironmentValueEx
_strlwr
RtlValidAcl
RtlAddAuditAccessAce
RtlDowncaseUnicodeString
_fltused
ZwCreateKey
NtRaiseHardError
RtlRunDecodeUnicodeString

utildll

CalculateDiffTime
GetAssociatedPortName
CtxGetAnyDCName
StrSystemWaitReason
InstallModem
GetUserFromSid
ConfigureModem
StrSdClass
StrConnectState
WinEnumerateDevices
AsyncDeviceEnumerate
RegGetNetworkDeviceName
InitializeAnonymousUserCompareList
EnumerateMultiUserServers
SetupAsyncCdConfig
RegGetNetworkServiceName
ParseDecoratedAsyncDeviceName
CurrentDateTimeString
CompareElapsedTime
ElapsedTimeString
NetworkDeviceEnumerate
CalculateElapsedTime
QueryCurrentWinStation
StrAsyncConnectState
GetSystemMessageW
TestUserForAdmin

inetmib1

SnmpExtensionQuery
SnmpExtensionInit
SnmpExtensionTrap
SnmpExtensionInitEx

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 195KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f68e50b282482f582da717e179347aeb

Headers

DLL Characteristics

File Characteristics

Imports

userenv

kernel32

ntdll

utildll

inetmib1

Sections

.text Size: 369KB - Virtual size: 368KB

.rdata Size: 114KB - Virtual size: 113KB

.data Size: 195KB - Virtual size: 1.6MB

.rsrc Size: 148KB - Virtual size: 148KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 369KB - Virtual size: 368KB

.rdata
Size: 114KB - Virtual size: 113KB

.data
Size: 195KB - Virtual size: 1.6MB

.rsrc
Size: 148KB - Virtual size: 148KB

.reloc
Size: 1KB - Virtual size: 1KB