018fee278521a46ee752a5adb5e73d0d4ed249a10e041e0e7408d806c296bdca

Sharing

Copy URL Twitter E-mail

General

Target

018fee278521a46ee752a5adb5e73d0d4ed249a10e041e0e7408d806c296bdca
Size

190KB
MD5

363786fa4e09b54b2a1639e0142db5f0
SHA1

2c1a1b4c77fb4e0f1c44401b6d8e9c6b9dc4bd81
SHA256

018fee278521a46ee752a5adb5e73d0d4ed249a10e041e0e7408d806c296bdca
SHA512

f6f4ee4805f2d3dd3e823943ede06ed5b5bd2e4508c2dae05a9d9b60fed53d7111c19a4fc84273554a9e2f41e6ef60edc8d9d5600f1fe0a4b98b3a7b064acbe3
SSDEEP

3072:Ds9fSEzsG4Hflz3Ljfsa4ZEPOz10ZBaXxZ7u9aByrtGUeiXfYHLUID7cN7X:DCPzF4dbLslZEW10ZshhVyrgniPkLb

Score

N/A

Malware Config

Signatures

Files

018fee278521a46ee752a5adb5e73d0d4ed249a10e041e0e7408d806c296bdca
.dll windows x86

de6b6af47b2ff2f7da382b012130465c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

IsValidSid
RegEnumValueW
RegEnumValueA
RegCreateKeyExA
CryptAcquireContextA
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
CryptSetProviderExW
CryptGetDefaultProviderW
CryptGetProvParam
CryptEnumProviderTypesW
CryptEnumProvidersW
LsaOpenPolicy
LsaRetrievePrivateData
LogonUserW
LsaFreeMemory
LsaClose
ImpersonateLoggedOnUser
RegOpenKeyExW
RegCloseKey
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
GetLengthSid
CopySid
CryptReleaseContext
SystemFunction036
RevertToSelf
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
OpenThreadToken
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegisterServiceCtrlHandlerW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource

certcli

CACertTypeAccessCheck
CAGetCertTypeProperty
CACountCertTypes
CAFreeCertTypeProperty
CAEnumNextCertType
CAEnumCertTypes
CACloseCA
CAEnumNextCA
CAFreeCAProperty
CAAccessCheck
CAGetCAProperty
CACountCAs
CAEnumFirstCA
CACloseCertType

crypt32

CertFreeCTLContext
CertFreeCertificateContext
CertAddCertificateContextToStore
CertFindCertificateInStore
CertOpenStore
CertEnumCertificatesInStore
PFXExportCertStore
CertCreateContext
CertCloseStore
CryptDecodeObject
PFXImportCertStore

esent

JetGetColumnInfo
JetOpenTable
JetEndSession
JetDetachDatabase
JetCloseDatabase
JetMove
JetCloseTable
JetSetCurrentIndex
JetOpenDatabase
JetAttachDatabase
JetBeginSession
JetTerm
JetUpdate
JetSetColumn
JetPrepareUpdate
JetDelete
JetSeek
JetMakeKey
JetSetSystemParameter
JetRollback
JetCommitTransaction
JetCreateIndex
JetInit
JetCreateDatabase
JetBeginTransaction
JetCreateTable
JetAddColumn
JetRetrieveColumn

kernel32

DeleteFileW
VirtualAlloc
GetACP
WideCharToMultiByte
GetSystemDirectoryW
GetSystemDirectoryA
MultiByteToWideChar
lstrlenW
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
LeaveCriticalSection
SetLastError
GetCurrentThread
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
VirtualProtect
FreeLibrary
CreateEventA
RegisterWaitForSingleObject
UnregisterWaitEx
CloseHandle
LocalReAlloc
LocalSize
FindFirstFileW
LocalAlloc
SetEvent
GetLastError
DisableThreadLibraryCalls
GetFileAttributesW
CreateFileW
MoveFileW
GetTempFileNameW
FindClose
UnregisterWait
DelayLoadFailureHook
CreateFileA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
ReadFile
SystemTimeToFileTime
GetLocalTime
GetTimeFormatA
GetDateFormatA
OutputDebugStringA
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
CreateFileMappingA
MapViewOfFile
GetVersionExA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
LoadLibraryA
CopyFileW
SetFileAttributesW
UnmapViewOfFile
CreateEventW
DeleteFileA
InterlockedCompareExchange
GetTickCount
OpenProcess
GetCurrentProcess
DuplicateHandle
LocalFree
InterlockedExchange

msvcrt

_adjust_fdiv
malloc
_initterm
free
wcsrchr
_wcsicmp
wcscpy
wcscat
wcslen
_except_handler3

rpcrt4

RpcImpersonateClient
I_RpcBindingIsClientLocal
RpcServerUnregisterIf
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcStringFreeW
RpcServerRegisterIfEx
RpcServerUseProtseqEpW
RpcRevertToSelfEx
RpcRevertToSelf
NdrServerCall2

user32

wsprintfW
GetSystemMetrics
wsprintfA

wintrust

CryptCATAdminCalcHashFromFileHandle

Exports

Exports

ServiceMain

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de6b6af47b2ff2f7da382b012130465c

Headers

File Characteristics

Imports

advapi32

certcli

crypt32

esent

kernel32

msvcrt

rpcrt4

user32

wintrust

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 54KB

.data Size: 1024B - Virtual size: 764B

.rsrc Size: 130KB - Virtual size: 129KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 55KB - Virtual size: 54KB

.data
Size: 1024B - Virtual size: 764B

.rsrc
Size: 130KB - Virtual size: 129KB

.reloc
Size: 3KB - Virtual size: 2KB