5a79eb004991b16166adea3856b59e405344d5ccdbc8fbbc6f5ab85e21f18160

Sharing

Copy URL Twitter E-mail

General

Target

5a79eb004991b16166adea3856b59e405344d5ccdbc8fbbc6f5ab85e21f18160
Size

85KB
MD5

8c7c975fbe467eb568fddd7ebf49ffe6
SHA1

0f45e87ee6266a75777e4423a1b26d63844a98bb
SHA256

5a79eb004991b16166adea3856b59e405344d5ccdbc8fbbc6f5ab85e21f18160
SHA512

148b8b336f577e4917260fd1996eec217183dfc79528bda889a79b262ffdffdcf7f7175b94c93c47bfa2d991b8b2f61f60fdbda1ef9826ab7d8ee7f55b37b1f8
SSDEEP

1536:iZdoi+cR7SpsZtnYID66jOdA56WnEIkBIj4zcBHUTBJI+ciXSpkHTIHWihvdqhMT:iZdoi+cRGSZthOdAXnELBuochUT8+cSo

Score

N/A

Malware Config

Signatures

Files

5a79eb004991b16166adea3856b59e405344d5ccdbc8fbbc6f5ab85e21f18160
.exe windows x86

1ccacaddf1e38dcf61f9a9e6ad4a9a4b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_itow
_ltow
isxdigit
atol
wcscpy
_wcsicmp
wcscat
qsort
_except_handler3
malloc
strtoul
isdigit
_initterm
wcslen
_adjust_fdiv
wcscmp
_ultoa
memcpy
__dllonexit
strncmp
wcschr
sprintf
_onexit
_snwprintf
strncpy
_snprintf
isupper
_wcsnicmp
free
memmove
bsearch
_ltoa

rpcrt4

RpcBindingFromStringBindingW
RpcBindingFree
RpcStringBindingComposeA
RpcImpersonateClient
RpcStringFreeW
RpcEpResolveBinding
NdrClientCall2
UuidCreate
UuidToStringA
RpcRevertToSelf
RpcBindingSetAuthInfoExW
RpcStringFreeA
RpcStringBindingComposeW
RpcBindingFromStringBindingA

msasn1

ASN1BEREncS32
ASN1BERDecCharString
ASN1_CreateDecoder
ASN1BEREncBool
ASN1CEREncNewBlkElement
ASN1BEREoid2DotVal
ASN1CEREncEndBlk
ASN1BERDecUTCTime
ASN1_FreeEncoded
ASN1charstring_free
ASN1utf8string_free
ASN1BEREncUTF8String
ASN1BEREncSX
ASN1CEREncFlushBlkElement
ASN1DecRealloc
ASN1BERDecBool
ASN1BEREncU32
ASN1BERDecOpenType
ASN1BERDecU32Val
ASN1BEREncMultibyteString
ASN1_Decode
ASN1BEREncEoid
ASN1open_free
ASN1intx_free
ASN1BERDecMultibyteString
ASN1Free
ASN1octetstring_free
ASN1_CloseModule
ASN1BEREncObjectIdentifier2
ASN1_CloseDecoder
ASN1BEREncBitString
ASN1objectidentifier2_cmp
ASN1BEREoid_free
ASN1_SetEncoderOption
ASN1BERDecObjectIdentifier2
ASN1BERDecEoid
ASN1BERDecUTF8String
ASN1BERDecS32Val
ASN1EncSetError
ASN1BERDecExplicitTag
ASN1DecSetError
ASN1BERDecGeneralizedTime
ASN1_FreeDecoded
ASN1_CloseEncoder
ASN1CEREncGeneralizedTime
ASN1BERDecNotEndOfContents
ASN1BERDecChar32String
ASN1BEREncChar16String
ASN1BEREncExplicitTag
ASN1BERDotVal2Eoid
ASN1BERDecOctetString
ASN1_CreateEncoder
ASN1BEREncEndOfContents
ASN1BERDecPeekTag
ASN1char16string_free
ASN1BERDecOpenType2
ASN1CEREncBeginBlk
ASN1_CreateModule
ASN1BERDecBitString2
ASN1BERDecSXVal
ASN1bitstring_free
ASN1BERDecOctetString2
ASN1BEREncChar32String
ASN1_Encode
ASN1CEREncUTCTime
ASN1BERDecChar16String
ASN1char32string_free
ASN1BERDecZeroCharString
ASN1BERDecEndOfContents
ASN1BEREncOctetString
ASN1ztcharstring_free
ASN1BEREncCharString
ASN1BEREncOpenType
ASN1BERDecBitString

kernel32

FindNextChangeNotification
WaitForSingleObjectEx
InterlockedExchange
GetProcAddress
GetTempPathA
MultiByteToWideChar
Sleep
lstrcatA
CloseHandle
OpenMutexA
TerminateProcess
CreateFileA
GetUserDefaultLCID
GetVersionExA
FormatMessageA
UnhandledExceptionFilter
GetTimeFormatA
CompareStringA
FormatMessageW
SystemTimeToFileTime
DeleteCriticalSection
LoadLibraryA
CompareFileTime
GetSystemDefaultLangID
LeaveCriticalSection
InterlockedDecrement
LocalFree
lstrlenA
GetModuleFileNameA
PulseEvent
LocalSize
GetACP
GetLastError
lstrlenW
TlsAlloc
InterlockedCompareExchange
SetEndOfFile
WaitForSingleObject
LocalReAlloc
SetEvent
TlsSetValue
GetDateFormatW
LoadLibraryExA
DelayLoadFailureHook
GetCurrentThread
OpenMutexW
TlsGetValue
GetCurrentProcessId
SetFileAttributesA
GetCurrentThreadId
MapViewOfFile
GetDateFormatA
UnmapViewOfFile
CreateMutexW
GetLocalTime
InterlockedIncrement
FindCloseChangeNotification
FindClose
FindFirstChangeNotificationW
CreateThread
ReleaseMutex
WriteFile
DuplicateHandle
FindFirstFileA
GetSystemTime
GetCurrentProcess
CreateFileW
SetFilePointer
SetFileAttributesW
TlsFree
EnterCriticalSection
GetTimeFormatW
OpenFileMappingW
ExpandEnvironmentStringsW
CreateDirectoryA
GetSystemTimeAsFileTime
GetTickCount
OpenEventA
FreeLibrary
GetFileAttributesW
OutputDebugStringA
SetLastError
ExitThread
InitializeCriticalSection
FreeLibraryAndExitThread
GetFileSize
GetModuleHandleA
WaitForMultipleObjectsEx
GetComputerNameW
LoadLibraryExW
CreateFileMappingA
GetFileAttributesA
FileTimeToLocalFileTime
CreateMutexA
SetUnhandledExceptionFilter
FileTimeToSystemTime
FindNextFileA
GetTempFileNameA
CompareStringW
GetEnvironmentVariableA
FindFirstChangeNotificationA
WideCharToMultiByte
FindFirstFileW
CreateDirectoryW
DeleteFileA
LocalAlloc
CreateEventA
GetComputerNameA
lstrcmpA
GetModuleFileNameW
VirtualAlloc
ReadFile
CreateFileMappingW
FindNextFileW
lstrcpyA
GetFileAttributesExW
DeleteFileW
ExpandEnvironmentStringsA

advapi32

CryptSetProvParam
InitializeSecurityDescriptor
RegCreateKeyExW
CryptSignHashA
GetSecurityDescriptorDacl
GetLengthSid
UnlockServiceDatabase
RegCloseKey
ChangeServiceConfigA
GetTokenInformation
IsValidSid
GetSidIdentifierAuthority
CryptHashData
LsaNtStatusToWinError
GetUserNameW
SystemFunction041
CryptDestroyKey
SetSecurityDescriptorGroup
RegQueryInfoKeyW
OpenProcessToken
A_SHAFinal
CopySid
RegEnumKeyA
CryptSetProviderA
CryptVerifySignatureA
RegEnumKeyExW
CryptDecrypt
RegEnumValueA
RegGetKeySecurity
RegNotifyChangeKeyValue
RegCreateKeyExA
CryptDeriveKey
GetSecurityDescriptorOwner
CryptAcquireContextA
QueryServiceConfigA
GetSidSubAuthorityCount
MD5Final
RegDeleteKeyW
CryptSetHashParam
RegSetKeySecurity
RegDeleteValueA
RegSetValueExA
RegQueryInfoKeyA
CryptGetDefaultProviderW
RegConnectRegistryW
CryptDestroyHash
MD5Update
RegOpenKeyExW
A_SHAInit
StartServiceW
RegDeleteKeyA
CryptEncrypt
LookupPrivilegeValueA
CryptGetProvParam
FreeSid
CryptGetHashParam
ControlService
CryptGenRandom
CryptReleaseContext
SetSecurityDescriptorOwner
CryptSetKeyParam
RegQueryValueExA
CryptCreateHash
CryptGetUserKey
GetUserNameA
EqualSid
MD5Init
OpenServiceW
AdjustTokenPrivileges
RegSetValueExW
GetAce
RegConnectRegistryA
LookupAccountSidW
LockServiceDatabase
RegDeleteValueW
RegEnumValueW
QueryServiceStatus
RegQueryValueExW
A_SHAUpdate
GetSidSubAuthority
CryptExportKey
CloseServiceHandle
AllocateAndInitializeSid
SetSecurityDescriptorDacl
SystemFunction040
CryptGetKeyParam
RegOpenKeyExA
CryptGenKey
StartServiceA
AddAccessAllowedAce
InitializeAcl
CryptImportKey
OpenThreadToken
OpenSCManagerW
RegEnumKeyExA

adsldpc

ADsFreeColumn

user32

GetProcessDefaultLayout
GetSystemMetrics
MessageBoxA
wsprintfW
LoadStringW
MessageBoxW
wsprintfA
LoadStringA

Sections

.textbss
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ccacaddf1e38dcf61f9a9e6ad4a9a4b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

msasn1

kernel32

advapi32

adsldpc

user32

Sections

.textbss Size: - Virtual size: 1.2MB

.text Size: 512B - Virtual size: 412B

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 1024B - Virtual size: 816B

.idata Size: 86KB - Virtual size: 85KB

.textbss
Size: - Virtual size: 1.2MB

.text
Size: 512B - Virtual size: 412B

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 1024B - Virtual size: 816B

.idata
Size: 86KB - Virtual size: 85KB