3664b1a4f11624d811a69d7b0165c06473c8dc3d6197ebb8be3b9fcd251dfcdc

Sharing

Copy URL Twitter E-mail

General

Target

3664b1a4f11624d811a69d7b0165c06473c8dc3d6197ebb8be3b9fcd251dfcdc
Size

334KB
MD5

389bf52b8b2aa8cfae3ca55808202f00
SHA1

cd9dbeffb2096da578ea493013cc4f020f150e02
SHA256

3664b1a4f11624d811a69d7b0165c06473c8dc3d6197ebb8be3b9fcd251dfcdc
SHA512

70d7770506ecf717d95018dd5cffac85ed2a571b989d6ad748e277267ce65a6ec437f9db465fcc7bb55e94f3ae04d9e39fcd090058814370e64d592635d3bbca
SSDEEP

6144:d9P3DSrxOsPLzl3XJHQG01lg7qBUU2tW8vmwylShXD+YdkpLo2S0k7ab60Pb:Duxjjzl3X9GoquUGruAznkpMSbB

Score

N/A

Malware Config

Signatures

Files

3664b1a4f11624d811a69d7b0165c06473c8dc3d6197ebb8be3b9fcd251dfcdc
.exe windows x86

679dd96ed8f8c81e56eefc5828f9cfb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlSetSaclSecurityDescriptor
NtCreateSemaphore
NtOpenThreadToken
NtDeviceIoControlFile
strstr
mbstowcs
DbgPrint
strncpy
memmove
NtEnumerateValueKey
RtlUnwind
wcstoul
_alloca_probe
RtlNewSecurityObjectEx
NtQuerySystemTime
wcsncmp
RtlNewSecurityObjectWithMultipleInheritance
NtSaveKeyEx
NtPowerInformation
tolower
RtlSetSecurityDescriptorRMControl
NtCreateFile
RtlAddAce
RtlGetOwnerSecurityDescriptor
NtNotifyChangeKey
RtlAddAccessAllowedObjectAce
NtQueryValueKey
NtSetInformationFile
wcstombs
NtOpenProcess
NtPrivilegeCheck
RtlCreateQueryDebugBuffer
RtlCompareUnicodeString
RtlFreeHeap
RtlOpenCurrentUser
NtNotifyChangeMultipleKeys
NtQuerySecurityObject
RtlDestroyQueryDebugBuffer
NtSaveMergedKeys
RtlCopySid
NtCloseObjectAuditAlarm
RtlInitAnsiString
_ultow
RtlConvertToAutoInheritSecurityObject
_wcslwr
RtlxAnsiStringToUnicodeSize
RtlAddAccessDeniedObjectAce
_ftol
wcsncpy
RtlFreeSid
NtReleaseSemaphore
RtlAllocateHandle
RtlFirstFreeAce
RtlSetControlSecurityDescriptor
atol
NtSetInformationObject
RtlEqualUnicodeString
NtCompareTokens
RtlAddAccessAllowedAceEx
NtTerminateProcess
NtDeleteKey
RtlGetNtProductType
NtReplaceKey
RtlMakeSelfRelativeSD
wcstol
NtSetSecurityObject
RtlAdjustPrivilege
NtRestoreKey
RtlSelfRelativeToAbsoluteSD2
NtCreateDirectoryObject
RtlEqualPrefixSid
NtCreateEvent
RtlSubAuthorityCountSid
RtlQueryRegistryValues
RtlSetDaclSecurityDescriptor
RtlLengthRequiredSid
RtlInitializeGenericTable
RtlCopyUnicodeString
RtlOemStringToUnicodeString
RtlDeleteAce
RtlIsTextUnicode
NtOpenObjectAuditAlarm
NtAccessCheckByTypeResultListAndAuditAlarm
RtlSetSecurityObject
RtlStringFromGUID
RtlUpcaseUnicodeChar
RtlFreeUnicodeString
RtlAppendUnicodeStringToString
NtAllocateLocallyUniqueId
RtlAreAllAccessesGranted
NtReadFile
RtlUpcaseUnicodeStringToOemString
RtlIsGenericTableEmpty
NtAccessCheck
NtQueryInformationProcess
RtlIntegerToUnicodeString
RtlUnicodeToMultiByteN
RtlGetGroupSecurityDescriptor
strchr
NtOpenFile
RtlGUIDFromString
NtDuplicateToken
NtQueryVolumeInformationFile
RtlAddAccessDeniedAceEx
RtlValidRelativeSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
RtlMultiByteToUnicodeN
RtlDosPathNameToNtPathName_U
RtlDeleteElementGenericTable
NtQuerySystemInformation
_stricmp
RtlAreAnyAccessesGranted
wcscmp
RtlInitUnicodeString
RtlSubAuthoritySid
RtlGetVersion
RtlInitString
RtlAddAuditAccessAceEx
NtOpenSymbolicLinkObject
NtClearEvent
RtlEnumerateGenericTableWithoutSplaying
NtPrivilegeObjectAuditAlarm
NtAccessCheckByType
RtlQueryProcessDebugInformation
RtlSetInformationAcl
RtlNtStatusToDosError
NtAdjustPrivilegesToken
RtlAddAccessAllowedAce
RtlSelfRelativeToAbsoluteSD
NtAccessCheckByTypeResultList
RtlCreateAcl
NtCreateKey
NtAccessCheckAndAuditAlarm
RtlGetFullPathName_U
NtPrivilegedServiceAuditAlarm
RtlGetSecurityDescriptorRMControl
RtlCreateSecurityDescriptor
NtDeleteValueKey
RtlDestroyHeap
RtlSetSecurityObjectEx
RtlSetGroupSecurityDescriptor
NtTraceEvent
RtlInitUnicodeStringEx
NtWaitForSingleObject
RtlImageNtHeader
RtlCreateUnicodeString
RtlEqualSid
RtlUnicodeStringToAnsiString
NlsMbCodePageTag
RtlValidSid
RtlCopyLuid
NtDuplicateObject
NtSetInformationToken
RtlLengthSecurityDescriptor
NtFilterToken
RtlGetAce
NtDeleteObjectAuditAlarm
RtlFreeAnsiString
RtlValidSecurityDescriptor
RtlQueryInformationAcl
NtQueryInformationToken
NtAllocateVirtualMemory
RtlInitializeSid
_wcsnicmp
RtlTimeToSecondsSince1970
RtlInitializeCriticalSection
RtlLookupElementGenericTable
_itow
NtLoadKey
RtlUnicodeToMultiByteSize
RtlAddAccessDeniedAce
wcsrchr
RtlQuerySecurityObject
NtFlushBuffersFile
NtSetValueKey
NtQueryVirtualMemory
RtlLengthSid
RtlSetOwnerSecurityDescriptor
RtlDuplicateUnicodeString
_snwprintf
RtlAppendUnicodeToString
NtFreeVirtualMemory
wcscpy
wcslen
RtlAnsiStringToUnicodeString
NtOpenKey
wcscat
RtlDestroyHandleTable
NtSetEvent
NtAccessCheckByTypeAndAuditAlarm
RtlDetermineDosPathNameType_U
NtWaitForMultipleObjects
RtlCreateUnicodeStringFromAsciiz
NtAccessCheckByTypeResultListAndAuditAlarmByHandle
NtOpenProcessToken
iswctype
RtlAddAuditAccessObjectAce
RtlConvertSidToUnicodeString
_chkstk
RtlExpandEnvironmentStrings_U
NtClose
RtlLeaveCriticalSection
wcschr
sprintf
RtlGetControlSecurityDescriptor
RtlDeleteSecurityObject
NtSaveKey
NtQueryInformationThread
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlRandom
RtlCompareMemory
NtUnloadKey
RtlFlushSecureMemoryCache
NtFsControlFile
NtFlushKey
RtlInitializeHandleTable
RtlAllocateHeap
_wcsicmp
RtlCreateHeap
NtQueryKey
NtSetInformationProcess
RtlReAllocateHeap
RtlxUnicodeStringToAnsiSize
NtAdjustGroupsToken
RtlDeleteCriticalSection
_strnicmp
RtlIdentifierAuthoritySid
RtlMapGenericMask
NtQueryMultipleValueKey
NtImpersonateAnonymousToken
RtlFormatCurrentUserKeyPath
swprintf
RtlUnicodeStringToInteger
RtlIsValidIndexHandle
RtlEnterCriticalSection
RtlImpersonateSelf
wcsstr
RtlAddAuditAccessAce
RtlNumberGenericTableElements
NtQueryPerformanceCounter
NtQuerySymbolicLinkObject
RtlNewSecurityObject
RtlFreeHandle
RtlAllocateAndInitializeSid
NtEnumerateKey
RtlInsertElementGenericTable
NtSetInformationThread
RtlValidAcl
NtQueryInformationFile
RtlPrefixUnicodeString
NtWriteFile
_vsnwprintf

rpcrt4

RpcBindingToStringBindingW
UuidCreate
RpcBindingFromStringBindingW
I_RpcMapWin32Status
RpcImpersonateClient
RpcBindingSetAuthInfoW
RpcBindingSetAuthInfoA
I_RpcBindingIsClientLocal
RpcStringFreeW
UuidToStringW
RpcBindingSetAuthInfoExW
RpcRaiseException
NDRCContextBinding
RpcBindingFree
RpcRevertToSelf
RpcBindingSetAuthInfoExA
RpcStringBindingParseW
RpcSsDestroyClientContext
UuidFromStringW
I_RpcExceptionFilter
NdrClientCall2
RpcStringBindingComposeW
RpcEpResolveBinding

kernel32

GlobalMemoryStatus
OpenMutexW
GetLogicalDriveStringsW
GetPrivateProfileStringW
LocalReAlloc
GetCurrentProcessId
GetPrivateProfileIntW
CompareFileTime
SearchPathW
TerminateProcess
GetPriorityClass
GetWindowsDirectoryW
CreateThread
EnumUILanguagesW
DeleteFileW
SetUnhandledExceptionFilter
FindResourceExW
WriteFile
CancelIo
GetProcAddress
GetSystemTimeAsFileTime
GetProfileStringA
HeapAlloc
GetCurrentThreadId
OpenEventW
WaitForSingleObject
lstrlenW
LoadLibraryExW
MoveFileW
GetCommandLineW
SetErrorMode
FindNextFileW
DelayLoadFailureHook
CreateFileMappingW
SizeofResource
InterlockedExchange
GetUserDefaultUILanguage
UnhandledExceptionFilter
InterlockedIncrement
GetDriveTypeW
GetVersionExA
InterlockedDecrement
FindFirstFileExW
OpenFile
LoadLibraryW
GetComputerNameExW
lstrcpyW
GetCurrentProcess
SetFilePointer
GetSystemInfo
lstrcpynW
FindFirstFileW
GetSystemWindowsDirectoryW
lstrcpyA
CloseHandle
GetComputerNameA
GetComputerNameW
GetTickCount
CreateProcessInternalA
GetProcessHeap
GetFullPathNameA
GetLocalTime
DeleteCriticalSection
UnmapViewOfFile
FreeLibrary
CreateFileW
GetFileAttributesW
MultiByteToWideChar
ResetEvent
CopyFileW
lstrlenA
AreFileApisANSI
GetFullPathNameW
GetModuleHandleW
ResumeThread
InitializeCriticalSection
SetEvent
WaitNamedPipeW
DuplicateHandle
MapViewOfFile
GetDiskFreeSpaceExW
ExitThread
IsBadWritePtr
GetSystemTime
GetFileAttributesExW
LoadResource
LoadLibraryA
SleepEx
GetFileSizeEx
FormatMessageW
OpenProcess
InterlockedCompareExchange
GetModuleHandleA
ReleaseMutex
GetSystemDirectoryW
lstrcmpW
SetLastError
VirtualAlloc
GetFileTime
EnterCriticalSection
GetVolumeInformationW
CreateMutexW
GetFileSize
LocalFree
lstrcmpiW
CreateEventW
GetLongPathNameW
WideCharToMultiByte
CreateFileMappingA
FindClose
WaitForMultipleObjectsEx
GetCurrentThread
SetNamedPipeHandleState
lstrcatW
GetProfileIntA
CreateEventA
HeapFree
VirtualFree
FindResourceA
GetOverlappedResult
_lclose
ExpandEnvironmentStringsW
GetLastError
LeaveCriticalSection
QueryPerformanceCounter
GetTimeZoneInformation
LocalAlloc
WritePrivateProfileStringW
CreateFileA
GetModuleFileNameW
GetDiskFreeSpaceW
ReadFile
ReadProcessMemory
RaiseException
Sleep
CreateProcessInternalW
GetModuleHandleExW
ExpandEnvironmentStringsA
OutputDebugStringW
SetThreadPriority
InterlockedExchangeAdd
DeviceIoControl

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

679dd96ed8f8c81e56eefc5828f9cfb5

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

rpcrt4

kernel32

Sections

.text Size: 261KB - Virtual size: 261KB

.rsrc Size: 15KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 7.1MB

.rdata Size: 52KB - Virtual size: 52KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 261KB - Virtual size: 261KB

.rsrc
Size: 15KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 7.1MB

.rdata
Size: 52KB - Virtual size: 52KB

.tls
Size: 512B - Virtual size: 4KB