572e96fc5b27c85384690862ee72300b245cb963531021b2e5f5e33b2b5e087f

Sharing

Copy URL Twitter E-mail

General

Target

572e96fc5b27c85384690862ee72300b245cb963531021b2e5f5e33b2b5e087f
Size

826KB
MD5

f769068299abd6176530aa0cb96a3fc6
SHA1

1eb5c2d7b2074c0c67a60de4c51a925b0e0fad01
SHA256

572e96fc5b27c85384690862ee72300b245cb963531021b2e5f5e33b2b5e087f
SHA512

0f1880fbb81bb8292c7d886a10075aeaf28d84bfe0a8a99aef685d781dd734f755ff7c863b14c72b71e4b16f1f120a13cfb261dab19ac0ff5771c52cc9252042
SSDEEP

12288:rT+F0kwOOvTkrnxJRVKKp33GPFqLFMl/V7SCKc9xSy1xs1iYbsZ2VY:cwOgkdJGKp33Y+WRVdKRYxs1TAZQY

Score

N/A

Malware Config

Signatures

Files

572e96fc5b27c85384690862ee72300b245cb963531021b2e5f5e33b2b5e087f
.exe windows x86

1ea07a91aa2c29e7cc3406abae053488

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SaferRecordEventLogEntry
RegisterServiceCtrlHandlerW
OpenBackupEventLogA
CredGetTargetInfoW
CredRenameA
AccessCheckByTypeAndAuditAlarmA
EncryptFileA
RegSetValueExA
MD4Init
SystemFunction017
SetUserFileEncryptionKey
GetLengthSid
UnlockServiceDatabase
WmiMofEnumerateResourcesW
LsaOpenAccount
BackupEventLogW
IsWellKnownSid
SystemFunction019
InitiateSystemShutdownA
RegCreateKeyExW
I_ScGetCurrentGroupStateW
LsaEnumerateAccountsWithUserRight
AllocateAndInitializeSid
QueryAllTracesW
GetPrivateObjectSecurity
MD4Final
CreateWellKnownSid

mprapi

MprAdminInterfaceTransportGetInfo
MprAdminServerSetCredentials
MprAdminDeviceEnum
MprInfoDuplicate
MprAdminMIBEntryDelete
MprConfigInterfaceTransportEnum
MprConfigGetGuidName
MprConfigServerConnect
MprConfigBufferFree
MprAdminInterfaceEnum
MprAdminMIBEntryGetNext
MprInfoCreate
MprConfigInterfaceTransportRemove
MprAdminDeregisterConnectionNotification
MprAdminInterfaceSetCredentials

scecli

SceGetDbTime
SceCreateDirectory
SceConfigureSystem
SceGetAnalysisAreaSummary
SceSvcSetInformationTemplate
SceSvcFree
SceSetupMoveSecurityFile
SceSvcQueryInfo
SceAnalyzeSystem
SceOpenProfile
SceGetScpProfileDescription
SceGetTimeStamp
SceGetAreas
SceSvcSetInfo
SceProcessSecurityPolicyGPOEx
SceSetupUnwindSecurityFile
SceCompareSecurityDescriptors
SceRegisterRegValues
SceProcessSecurityPolicyGPO
SceStartTransaction
SceUpdateSecurityProfile
SceFreeMemory
SceSetupUpdateSecurityService
SceGetSecurityProfileInfo
SceBrowseDatabaseTable
SceSetupSystemByInfName
SceSetupBackupSecurity
SceOpenPolicy
SceCloseProfile
SceDcPromoCreateGPOsInSysvolEx

kernel32

SetFileAttributesA
UTUnRegister
GetConsoleKeyboardLayoutNameA
BaseCleanupAppcompatCacheSupport
GlobalFree
SetComputerNameExA
ReadConsoleOutputCharacterA
FileTimeToDosDateTime
GetModuleHandleW
UnregisterConsoleIME
GetDiskFreeSpaceExW
GetCurrentThread
SwitchToFiber
LZCreateFileW
WritePrivateProfileStringA
UnlockFile
FindNextFileA
EnumLanguageGroupLocalesA
SetTapePosition
EnumLanguageGroupLocalesW
IsValidCodePage
GetProcessIoCounters
ReplaceFileA
GetCommState
Process32Next
EnumSystemGeoID
SystemTimeToFileTime
GetDiskFreeSpaceA
SetNamedPipeHandleState
GetThreadLocale
ExitVDM
SetLocalPrimaryComputerNameA
LoadLibraryW
_hread
GlobalLock
GetConsoleAliasExesLengthA
TlsGetValue
FillConsoleOutputAttribute
GetNativeSystemInfo
SystemTimeToTzSpecificLocalTime
GetLocaleInfoW
FindResourceExW
VirtualAllocEx
DebugBreakProcess

user32

MessageBoxW
EndDialog

hhsetup

?First@CPointerList@@QAEPAUListItem@@XZ
?AddLocation@CCollection@@QAEPAVCLocation@@PBD000PAK@Z
?FindLocation@CCollection@@QAEPAVCLocation@@PBGPAI@Z
?GetLanguage@CTitle@@QAEGXZ
?GetMasterCHM@CCollection@@QAEHPAPADPAG@Z
?DeleteLocalFiles@CCollection@@AAEXPAULocationHistory@@PAVCTitle@@@Z
?HandleCollection@CCollection@@AAEKPAVCParseXML@@PAD@Z
??4CFolder@@QAEAAV0@ABV0@@Z
?SetTitle@CFolder@@QAEXPBD@Z
?SetLanguage@CTitle@@QAEXG@Z
??1CLocation@@QAE@XZ
?GetMasterCHM@CCollection@@QAEHPAPAGPAG@Z
?GetLanguage@CFolder@@QAEGXZ
?IsDirty@CCollection@@QAEHXZ
??0CCollection@@QAE@XZ
?GetLocation@CTitle@@QAEPAULocationHistory@@K@Z
?GetRefTitleCount@CCollection@@QAEKXZ
??4CCollection@@QAEAAV0@ABV0@@Z

msvcrt

fopen
isupper
asin
_ismbbtrail
__set_app_type
_mktime64
_mbsnccnt
_lseek
__wargv
log
??0bad_cast@@QAE@PBD@Z
_wexecvpe
_adj_fdivr_m32
__getmainargs
__p__commode
_control87
_mbslen
_wfindfirst
_spawnlpe
_wsystem
exit

shell32

SHGetMalloc

Sections

.text
Size: 366KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ea07a91aa2c29e7cc3406abae053488

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

mprapi

scecli

kernel32

user32

hhsetup

msvcrt

shell32

Sections

.text Size: 366KB - Virtual size: 365KB

.rdata Size: 147KB - Virtual size: 146KB

.data Size: 157KB - Virtual size: 1.6MB

.rsrc Size: 153KB - Virtual size: 153KB

.reloc Size: 1024B - Virtual size: 956B

.text
Size: 366KB - Virtual size: 365KB

.rdata
Size: 147KB - Virtual size: 146KB

.data
Size: 157KB - Virtual size: 1.6MB

.rsrc
Size: 153KB - Virtual size: 153KB

.reloc
Size: 1024B - Virtual size: 956B