b1d751a575ffb8207ad45e9ae4c8c52c2f9246ca4378002822158a86b84aae69

Sharing

Copy URL Twitter E-mail

General

Target

b1d751a575ffb8207ad45e9ae4c8c52c2f9246ca4378002822158a86b84aae69
Size

253KB
MD5

635f57ac5c49ca5669a40528b4f28413
SHA1

0cc5e3e37eaae1e1b0164c7ff4a302a62a6be6f4
SHA256

b1d751a575ffb8207ad45e9ae4c8c52c2f9246ca4378002822158a86b84aae69
SHA512

e97283664eb296eed5766dd579b89fae40bc41fd9a888e86d0fff0c1130437982d36a61abb2ac5e06062dc7bd6447fc1900a333cc6527f549fdbc51441431def
SSDEEP

6144:vuKoi+OTwIgddDMOMqFCRgeYCCjtA3DfHl/OPYXGlMCvLI56o3uba3Bgr9la:vBTiMkFCRgvA7x4YXCDI58axgr9l

Score

N/A

Malware Config

Signatures

Files

b1d751a575ffb8207ad45e9ae4c8c52c2f9246ca4378002822158a86b84aae69
.exe windows x86

a6ce70f74115f147063ca41bf39b9738

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharLowerBuffA
UnregisterClassA

kernel32

GetThreadLocale
GetSystemTimeAsFileTime
DeleteCriticalSection
IsDebuggerPresent
HeapSize
HeapFree
GetProcessHeap
FindResourceExA
GetCurrentThreadId
LockResource
RaiseException
SizeofResource
lstrlenW
HeapDestroy
HeapAlloc
LoadResource
CreateDirectoryA
GetACP
EnterCriticalSection
SetUnhandledExceptionFilter
lstrlenA
HeapReAlloc
FindResourceA
LeaveCriticalSection
UnhandledExceptionFilter
WideCharToMultiByte
LocalAlloc
VirtualAlloc
GlobalAlloc

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetSidSubAuthority
MakeAbsoluteSD2
IdentifyCodeAuthzLevelW
AllocateLocallyUniqueId
GetTraceLoggerHandle
LsaEnumeratePrivileges
LsaGetQuotasForAccount
CreateProcessAsUserW
SystemFunction024
ConvertStringSDToSDDomainA
AreAllAccessesGranted
BuildImpersonateTrusteeW
WmiQuerySingleInstanceA
RegRestoreKeyA
WmiMofEnumerateResourcesW
CredGetSessionTypes
ElfChangeNotify
QueryTraceA
OpenEventLogA
BuildTrusteeWithNameA
WmiExecuteMethodA
BuildTrusteeWithObjectsAndNameW
MakeAbsoluteSD
ElfBackupEventLogFileW
AccessCheckByType
GetFileSecurityW
CryptDestroyKey
RegEnumKeyExW
LsaCreateTrustedDomain
SetEntriesInAccessListA
SaferGetPolicyInformation
InitializeAcl
RegUnLoadKeyW
CryptEnumProviderTypesW
GetCurrentHwProfileA
GetKernelObjectSecurity
ObjectOpenAuditAlarmW
LsaICLookupNamesWithCreds
CredFree
GetSidIdentifierAuthority
LookupSecurityDescriptorPartsA
CryptGetProvParam
ConvertSidToStringSidW
WmiQueryAllDataW
BuildTrusteeWithNameW
CredRenameA
InitializeSecurityDescriptor
SetSecurityInfoExW
LsaGetUserName
WmiExecuteMethodW
RegCreateKeyA
ElfReadEventLogA
DeleteAce
SaferiCompareTokenLevels
LsaEnumeratePrivilegesOfAccount
DecryptFileA
RegSetValueExA
IsWellKnownSid
AccessCheckByTypeResultList
LsaCreateSecret
WmiSetSingleItemW
LsaICLookupSidsWithCreds
CredProfileLoaded
CredpEncodeCredential
GetMultipleTrusteeW
AbortSystemShutdownW
SaferRecordEventLogEntry

gcdef

DllGetClassObject

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YnVeN
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DJVPC
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qXjai
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NklP
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.DCtMWgj
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tuYbr
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HOISTp
Size: 1024B - Virtual size: 791B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.VlEYyz
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.obCGlE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6ce70f74115f147063ca41bf39b9738

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

gcdef

Sections

.text Size: 18KB - Virtual size: 18KB

.rdata Size: 208KB - Virtual size: 208KB

.YnVeN Size: 2KB - Virtual size: 1KB

.DJVPC Size: 3KB - Virtual size: 2KB

.qXjai Size: 1KB - Virtual size: 1KB

.NklP Size: 3KB - Virtual size: 2KB

.DCtMWgj Size: 2KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 299KB

.tuYbr Size: 512B - Virtual size: 172B

.HOISTp Size: 1024B - Virtual size: 791B

.rsrc Size: 2KB - Virtual size: 1KB

.VlEYyz Size: 1KB - Virtual size: 1KB

.obCGlE Size: 1KB - Virtual size: 1KB

.text
Size: 18KB - Virtual size: 18KB

.rdata
Size: 208KB - Virtual size: 208KB

.YnVeN
Size: 2KB - Virtual size: 1KB

.DJVPC
Size: 3KB - Virtual size: 2KB

.qXjai
Size: 1KB - Virtual size: 1KB

.NklP
Size: 3KB - Virtual size: 2KB

.DCtMWgj
Size: 2KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 299KB

.tuYbr
Size: 512B - Virtual size: 172B

.HOISTp
Size: 1024B - Virtual size: 791B

.rsrc
Size: 2KB - Virtual size: 1KB

.VlEYyz
Size: 1KB - Virtual size: 1KB

.obCGlE
Size: 1KB - Virtual size: 1KB