c2ecfb673e8f7717d750ef8aaca19074c9131c7333b42d72eae74f3e28e7714d

Sharing

Copy URL Twitter E-mail

General

Target

c2ecfb673e8f7717d750ef8aaca19074c9131c7333b42d72eae74f3e28e7714d
Size

830KB
MD5

de740822579f53b34c920e45acde3d9d
SHA1

eee7299fb93b73756c41a94eade609e9c1250990
SHA256

c2ecfb673e8f7717d750ef8aaca19074c9131c7333b42d72eae74f3e28e7714d
SHA512

35baa011aa7840601521939ec9632ec4badfc77f0909cdb51c1dd151a657c71b2f458f42a7c4836a843b1e9de59238dc1f3a985854edb26565530049f521b38b
SSDEEP

24576:6DIA+jdkZ3dVclnlXN7tGMcCEyXHeWzmTg:60A+c3dwP8qRX+WzH

Score

N/A

Malware Config

Signatures

Files

c2ecfb673e8f7717d750ef8aaca19074c9131c7333b42d72eae74f3e28e7714d
.exe windows x86

414eee1a018f6ff0b5b9435c5ccd9dbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsDhcpSrvRegisterHostName
DnsDowncaseDnsNameLabel
DnsApiSetDebugGlobals
DnsRecordSetCopyEx
DnsGetLastFailedUpdateInfo
DnsUpdateTest_W
DnsFree
DnsModifyRecordsInSet_UTF8
DnsRecordStringForType
DnsDhcpSrvRegisterInitialize
DnsQueryExA
DnsUtf8ToUnicode
Dns_SendAndRecvUdp
DnsAcquireContextHandle_A
DnsGetDnsServerList
DnsNameCompareEx_A
DnsQueryConfigDword
DnsValidateName_W
Dns_ReadPacketName
NetInfo_IsForUpdate
DnsRecordCompare

ntdll

ZwAccessCheck
NtNotifyChangeDirectoryFile
RtlNewSecurityObjectEx
RtlImageRvaToVa
NtMapUserPhysicalPages
ZwReleaseMutant
RtlStartRXact
RtlAnsiCharToUnicodeChar
RtlExpandEnvironmentStrings_U
isalpha
iswspace
RtlCopyString
bsearch
NtOpenObjectAuditAlarm
RtlReAllocateHeap
RtlAreAnyAccessesGranted
NtDeleteValueKey
islower
ZwOpenIoCompletion
_wtoi
ZwDuplicateObject
NtQueryTimer
ZwQueryBootEntryOrder
ZwMapUserPhysicalPagesScatter
RtlLookupAtomInAtomTable
NtResetEvent
ZwDisplayString
ZwReplyWaitReceivePort
ZwSetEvent

sqlunirl

_GetClassInfo@12
_OpenBackupEventLog_@8
_RegRestoreKey_@12
_EnumFontFamiliesEx_@20
_GetBinaryType_@8
_SetUserObjectInformation_@16
_EnumPropsEx_@12
_GetWindowsDirectory_@8
_IsDialogMessage@8
_IsCharLower_@4
_GetTextFace_@12
_GetTextMetrics@8
_PageSetupDlg_@4
_CopyFile_@12
_CreateProcess_@40
_GetTextExtentExPoint_@28
_GetSaveFileName@4
_EndUpdateResource_@8
_FindResourceEx_@16
_RegCreateKeyEx_@36
_LoadMenuIndirect_@4
_SetComputerName_@4
_WriteConsoleInput_@16
_GetDiskFreeSpaceEx@16
_GetServiceKeyName_@16
_GetCompressedFileSize_@8
_GlobalFindAtom_@4
_CreateMDIWindow_@40
_SendMessageTimeout_@28
_StartService_@12
_GetWindowLong@8
_CharToOemBuff_@12
_SystemParametersInfo_@16
_DlgDirListComboBox_@20
_GlobalAddAtom_@4
_FindWindowEx_@16
_CreateDC_@16

wintrust

CryptCATPutAttrInfo
DriverInitializePolicy
HTTPSFinalProv
WTHelperCertFindIssuerCertificate
mssip32DllRegisterServer
WTHelperCheckCertUsage
WintrustGetDefaultForUsage
CryptCATCDFEnumMembersByCDFTagEx
WintrustGetRegPolicyFlags
WintrustAddActionID
CryptCATGetMemberInfo
WTHelperGetProvSignerFromChain
SoftpubCleanup
TrustOpenStores
WTHelperGetProvCertFromChain
CryptCATOpen
CryptCATCDFEnumCatAttributes
SoftpubDllUnregisterServer
WintrustSetRegPolicyFlags
CryptSIPRemoveSignedDataMsg
CatalogCompactHashDatabase
SoftpubDumpStructure
SoftpubAuthenticode
WVTAsn1SpcLinkEncode
CryptCATAdminResolveCatalogPath
WintrustAddDefaultForUsage
WVTAsn1SpcIndirectDataContentDecode
SoftpubDllRegisterServer

rasdlg

RasPhonebookDlgA
RasPhonebookDlgW
RasDialDlgW
RasEntryDlgW
RasSrvAddPropPages
RasDialDlgA
RasSrvIsServiceRunning
RasSrvHangupConnection
RasEntryDlgA
RouterEntryDlgA
RasAutodialQueryDlgA
RasSrvAllowConnectionsConfig
RasSrvInitializeService
RouterEntryDlgW
RasSrvIsConnectionConnected
DwTerminalDlg

kernel32

ResumeThread
MapViewOfFile
ReplaceFileA
MoveFileExW
GetCurrentThread
SetProcessShutdownParameters
LoadLibraryW
QueryPerformanceCounter
SetFileAttributesW
FillConsoleOutputAttribute
FatalAppExitA
PeekConsoleInputA
GetDriveTypeW
LocalAlloc
SystemTimeToTzSpecificLocalTime
SetComputerNameW
GetLocaleInfoA
RegisterWaitForInputIdle
GetProcessTimes
GetModuleHandleW
lstrcmpiA
ReadConsoleOutputA
BeginUpdateResourceW
GetHandleInformation
GetShortPathNameW
CreateEventW
FatalExit
GetAtomNameW
TransactNamedPipe
UnregisterWait
GetCommTimeouts
UnlockFileEx
RemoveDirectoryA
DnsHostnameToComputerNameA

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 197KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

414eee1a018f6ff0b5b9435c5ccd9dbc

Headers

DLL Characteristics

File Characteristics

Imports

dnsapi

ntdll

sqlunirl

wintrust

rasdlg

kernel32

Sections

.text Size: 360KB - Virtual size: 359KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 197KB - Virtual size: 1.6MB

.rsrc Size: 132KB - Virtual size: 131KB

.reloc Size: 1024B - Virtual size: 848B

.text
Size: 360KB - Virtual size: 359KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 197KB - Virtual size: 1.6MB

.rsrc
Size: 132KB - Virtual size: 131KB

.reloc
Size: 1024B - Virtual size: 848B