c88608e9ab42093b225b6ef72f5e7a22706c07c3215372d810e6a9f60eeeb00d

Sharing

Copy URL Twitter E-mail

General

Target

c88608e9ab42093b225b6ef72f5e7a22706c07c3215372d810e6a9f60eeeb00d
Size

254KB
MD5

b7d2873ec0487646ccdf740af748852c
SHA1

c262b37bdf04dad771e6d459b2018c908b231aef
SHA256

c88608e9ab42093b225b6ef72f5e7a22706c07c3215372d810e6a9f60eeeb00d
SHA512

0937344bd802ffe8d76d7deee30ba043a0aca19460a69f2a173ebd8038f98a8c3c0494ebed4c231663d0d27f92b4e0470a0390049db9ae7e0be750c3f2351821
SSDEEP

6144:JZhjyhznqniB6Lv2N3pQcNgzrGmnXeHnKonleK0ywU9jg:JZhwsicagPzCwywU9jg

Score

N/A

Malware Config

Signatures

Files

c88608e9ab42093b225b6ef72f5e7a22706c07c3215372d810e6a9f60eeeb00d
.dll windows x86

b584a468c129a5c78e43c1d6b0467b2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
_CxxThrowException
wcsrchr
_ftol2
_wcsnicmp
wcsncat_s
swprintf_s
wcschr
_ltow
_wtol
memcpy
_itow_s
wcscat_s
_purecall
_wcsicmp
memset
wcscpy_s
wcsncpy_s

ntdll

RtlRunDecodeUnicodeString
RtlSecondsSince1970ToTime
RtlInitUnicodeString
RtlRunEncodeUnicodeString
RtlTimeToSecondsSince1970

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-service-management-l1-1-0

DeleteService
OpenServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
StartServiceW

api-ms-win-service-management-l2-1-0

ChangeServiceConfigW
QueryServiceConfigW

advapi32

GetUserNameW
EnumServicesStatusW
LookupAccountNameW
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid
RegConnectRegistryW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

activeds

ord7
ord16
ord21
ord22
ord23
ord17
ord18
ord15
ord14

ole32

CoTaskMemFree
StringFromCLSID
CreatePointerMoniker
CoCreateInstance
IIDFromString
CLSIDFromString
StringFromGUID2

winspool.drv

AddPrinterW
GetJobW
DeletePrinter
EnumPrintersW
GetPrinterW
SetJobW
EnumJobsW
OpenPrinterW
SetPrinterW
ClosePrinter

oleaut32

VariantTimeToDosDateTime
DosDateTimeToVariantTime
VariantTimeToSystemTime
SystemTimeToVariantTime
CreateErrorInfo
VariantInit
VariantClear
DispGetIDsOfNames
LoadRegTypeLi
DispInvoke
SetErrorInfo
VariantCopy
SysFreeString
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocString
SafeArrayAccessData
SafeArrayUnaccessData

netutils

NetpwNameCompare
NetApiBufferFree

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

browcli

NetServerEnum

logoncli

NetGetAnyDCName
NetGetDCName

samcli

NetGroupEnum
NetGroupGetUsers
NetLocalGroupGetMembers
NetLocalGroupEnum
NetLocalGroupDel
NetLocalGroupAdd
NetUserDel
NetLocalGroupGetInfo
NetGroupAdd
NetGroupDelUser
NetGroupAddUser
NetLocalGroupAddMembers
NetLocalGroupDelMembers
NetUserGetLocalGroups
NetUserGetGroups
NetGroupGetInfo
NetUserChangePassword
NetUserAdd
NetLocalGroupSetInfo
NetGroupSetInfo
NetUserGetInfo
NetUserSetInfo
NetQueryDisplayInformation
NetUserModalsGet
NetUserModalsSet
NetGroupDel

srvcli

NetServerGetInfo
NetServerSetInfo
NetSessionGetInfo
NetSessionDel
NetShareSetInfo
NetShareDel
NetShareGetInfo
NetFileEnum
NetFileGetInfo
NetShareEnum
NetShareAdd
NetSessionEnum

wkscli

NetWkstaUserGetInfo
NetUseGetInfo
NetWkstaGetInfo

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

UnhandledExceptionFilter
LocalFileTimeToFileTime
SetUnhandledExceptionFilter
GetProcAddress
GetSystemDirectoryW
LoadLibraryExA
LoadLibraryW
SystemTimeToTzSpecificLocalTime
FormatMessageW
FileTimeToDosDateTime
FileTimeToSystemTime
GetComputerNameW
DisableThreadLibraryCalls
GetModuleHandleW
InitializeCriticalSection
RaiseException
DeleteCriticalSection
FreeLibrary
GetTickCount
CompareStringW
GetSystemTime
SystemTimeToFileTime
SetLastError
GetLastError
InterlockedIncrement
InterlockedDecrement
LocalFree
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
lstrlenW
DelayLoadFailureHook
InterlockedCompareExchange
DosDateTimeToFileTime
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
Sleep
InterlockedExchange
FileTimeToLocalFileTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b584a468c129a5c78e43c1d6b0467b2c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-service-management-l2-1-0

advapi32

activeds

ole32

winspool.drv

oleaut32

netutils

dsrole

browcli

logoncli

samcli

srvcli

wkscli

mpr

kernel32

Exports

Exports

Sections

.text Size: 209KB - Virtual size: 209KB

.data Size: 31KB - Virtual size: 31KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 209KB - Virtual size: 209KB

.data
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB