a55cb5f939c8d50b4b460c7ae5f6aedae6c5489b8b77eb0b4ac9bb6eb2b638ba

Sharing

Copy URL Twitter E-mail

General

Target

a55cb5f939c8d50b4b460c7ae5f6aedae6c5489b8b77eb0b4ac9bb6eb2b638ba
Size

296KB
MD5

e785bf49c729f4ff721d4e55a4a01390
SHA1

166ca5dc806c94b8ca4e1a2052ac70c959374de6
SHA256

a55cb5f939c8d50b4b460c7ae5f6aedae6c5489b8b77eb0b4ac9bb6eb2b638ba
SHA512

a5fee122b885b117cc4b9865682f0ecf15a835cbef6099f3208e58ef62219ce113cb3998054529543adf9b0fc29d9880c4dc4fa395b049b10b75c9086a4540aa
SSDEEP

3072:ihuxCARGKUzscwOOPUFbbqiVrxKStiamAsJoskJVdWuQwykKorEAsasdoYaQ2uAB:XcKgsF85vKStiRp0dWmxxAuEoYa8F7V

Score

N/A

Malware Config

Signatures

Files

a55cb5f939c8d50b4b460c7ae5f6aedae6c5489b8b77eb0b4ac9bb6eb2b638ba
.dll windows x86

f9407f490eb8b00c0af8dcd5a844f126

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetNumberOfEventLogRecords
InstallApplication
IsValidSecurityDescriptor
LsaSetInformationPolicy
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
AccessCheckByTypeResultListAndAuditAlarmByHandleW
AddAccessDeniedAceEx
BackupEventLogA
BuildTrusteeWithObjectsAndNameA
CancelOverlappedAccess
ChangeServiceConfig2W
CryptDecrypt
GetAuditedPermissionsFromAclW
I_ScSetServiceBitsA
LsaDelete
LsaSetInformationTrustedDomain
RegCreateKeyExA
RegOpenKeyA
RegOpenKeyExW
RegQueryValueExW
RegSaveKeyW
RegUnLoadKeyA
SystemFunction031
AddUsersToEncryptedFile
CreateProcessAsUserA
CryptEnumProvidersA
ObjectOpenAuditAlarmW
RegQueryValueA
RegSetValueA
RegisterServiceCtrlHandlerW
CryptSetHashParam
EncryptFileA
FreeSid
GetCurrentHwProfileA
GetSecurityInfoExW
LsaRemovePrivilegesFromAccount
QueryServiceStatus
RegCreateKeyW
RegisterServiceCtrlHandlerA
SystemFunction022

kernel32

CreateSemaphoreW
FindResourceW
FreeEnvironmentStringsW
FreeLibrary
GetConsoleAliasW
GetModuleHandleW
GetProcAddress
Heap32Next
HeapLock
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
LocalAlloc
LocalFree
ReplaceFileA
SizeofResource
Toolhelp32ReadProcessMemory
UnlockFile
_lclose
_lwrite
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW
CloseHandle
CreateThread
GetLogicalDriveStringsA
GetModuleFileNameW
GetNumberOfConsoleMouseButtons
GetPrivateProfileSectionA
GetSystemDefaultLCID
IsBadReadPtr
IsValidLocale
LoadLibraryA
MulDiv
SetErrorMode
SetTimerQueueTimer
WritePrivateProfileStructA
lstrcmpW
CreateFileMappingA
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleA
GetSystemTimeAsFileTime
GetTickCount
Heap32First
IsBadHugeWritePtr
MapViewOfFile
QueryPerformanceCounter
RegisterWaitForSingleObjectEx
ResumeThread
SetUnhandledExceptionFilter
TerminateProcess
UnmapViewOfFile
BuildCommDCBA
CreateEventW
GetCPInfoExA
GetCommTimeouts
GetProfileStringW
GetVolumeNameForVolumeMountPointA
GetVolumePathNameW
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapCompact
LocalHandle
ResetEvent
SetEvent
Sleep
WaitForSingleObject
VirtualAlloc
GetProcessHeap
InterlockedCompareExchange
InterlockedExchange
ExitProcess
HeapFree
GetTimeFormatA
GetDateFormatA
GetStringTypeA
WideCharToMultiByte
GetLastError
GetStringTypeW
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
ExitThread
HeapValidate
LockFile
GetFullPathNameW
HeapAlloc
MultiByteToWideChar
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFileType
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
UnhandledExceptionFilter
GetCPInfo
SetHandleCount
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
SetEnvironmentVariableA
FindFirstFileA
FindNextFileA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
FindFirstFileW
FindNextFileW
GetDriveTypeA
GetFullPathNameA
GetCommandLineA
GetVersionExA
HeapReAlloc
HeapSize
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetACP
GetOEMCP
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
WriteFile
SetFilePointer
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
VirtualQuery
GetLocaleInfoA
RaiseException
GetExitCodeProcess
CreateProcessA
SetStdHandle
CompareStringA
CompareStringW
GetCurrentDirectoryW
GetFileAttributesW
CreateFileW
CreateFileA
WriteConsoleA
RtlUnwind
IsBadCodePtr
InitializeCriticalSection
FindClose
FlushFileBuffers
LCMapStringA
LCMapStringW
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
CreateProcessW
SetEndOfFile
ReadFile
GetLocaleInfoW
SetConsoleCtrlHandler

rpcrt4

DceErrorInqTextA
RpcAsyncAbortCall
RpcProtseqVectorFreeA
RpcSmEnableAllocate
IUnknown_AddRef_Proxy
NDRCContextBinding
NdrComplexStructBufferSize
NdrConformantVaryingStructFree
NdrGetBuffer
RpcBindingSetOption
RpcCertGeneratePrincipalNameW
RpcEpResolveBinding
RpcMgmtInqStats
RpcMgmtSetComTimeout
RpcStringFreeA
NdrConformantVaryingArrayUnmarshall
RpcServerTestCancel
MesEncodeFixedBufferHandleCreate
MesInqProcEncodingId
NdrRpcSmClientAllocate
NdrRpcSsDefaultFree
NdrServerInitializeMarshall
NdrUserMarshalFree
RpcAsyncCompleteCall
RpcBindingReset
RpcObjectSetType

shell32

ord180
ExtractAssociatedIconExA
ExtractIconExW
SHUpdateRecycleBinIcon
SheSetCurDrive
ShellAboutW
RealShellExecuteA

Exports

Exports

VXNQSMWQTNU

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9407f490eb8b00c0af8dcd5a844f126

Headers

File Characteristics

Imports

advapi32

kernel32

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 194KB

.rdata Size: 44KB - Virtual size: 42KB

.data Size: 36KB - Virtual size: 46KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 196KB - Virtual size: 194KB

.rdata
Size: 44KB - Virtual size: 42KB

.data
Size: 36KB - Virtual size: 46KB

.reloc
Size: 16KB - Virtual size: 13KB