9ac9466cd4b5d435fb1f180ca2d83a5267542e20d79eecf86972c6e20b2fccca

Sharing

Copy URL

Twitter E-mail

General

Target

9ac9466cd4b5d435fb1f180ca2d83a5267542e20d79eecf86972c6e20b2fccca
Size

329KB
MD5

9ce62c0ecb99905bd66504efd2d4e424
SHA1

143acc9c3baccd1477167a2edeff08d02a048a7b
SHA256

9ac9466cd4b5d435fb1f180ca2d83a5267542e20d79eecf86972c6e20b2fccca
SHA512

a4bfb8b6fe44e81aaabc2e6087128ff7e836e042f3d0e20a15a4944cb40f8ac3ad5a4dbd73226ddccd71930c95b9c3523bbe20aa5e73b6c6f1153de823460ded
SSDEEP

6144:aezQOno4LofgY++nxx0ZLGx1KuoVuUGxZFmFkuCJN8uFljMt:aoQBGSTAxG/KuoVu3SFkfJNJHq

Score

N/A

Malware Config

Signatures

Files

9ac9466cd4b5d435fb1f180ca2d83a5267542e20d79eecf86972c6e20b2fccca
.exe windows x86

3945dd47326e29736684b06424afaa79

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_strnicmp
_initterm
_except_handler3
_stricmp
strrchr
_strcmpi
_vsnprintf
wcscmp
swprintf
_adjust_fdiv
_ultoa
wcscpy
strchr
qsort
free
malloc
sprintf
wcstoul
wcslen
sscanf
_wcsicmp
_wcsnicmp
wcscat
wcsspn
wcsrchr

msasn1

ASN1BERDecEndOfContents
ASN1_FreeEncoded
ASN1BERDecPeekTag
ASN1DecAlloc
ASN1intxisuint32
ASN1BERDecSkip
ASN1_CreateModule
ASN1BERDecCharString
ASN1BERDecU32Val
ASN1BERDecZeroCharString
ASN1_Encode
ASN1BEREncCharString
ASN1BERDecObjectIdentifier
ASN1BERDecExplicitTag
ASN1BEREncS32
ASN1intx_setuint32
ASN1BEREncSX
ASN1Free
ASN1BERDecBool
ASN1objectidentifier_free
ASN1BERDecOpenType2
ASN1BERDecBitString
ASN1charstring_free
ASN1_Decode
ASN1_CloseDecoder
ASN1CEREncGeneralizedTime
ASN1_CreateEncoder
ASN1octetstring_free
ASN1BEREncBool
ASN1BEREncU32
ASN1intx2uint32
ASN1BEREncBitString
ASN1_FreeDecoded
ASN1EncSetError
ASN1BERDecOctetString
ASN1BEREncExplicitTag
ASN1BEREncOpenType
ASN1DecSetError
ASN1ztcharstring_free
ASN1BEREncOctetString
ASN1BEREncEndOfContents
ASN1BEREncObjectIdentifier
ASN1BERDecGeneralizedTime
ASN1BERDecNotEndOfContents
ASN1_CreateDecoder
ASN1_CloseEncoder
ASN1BERDecSXVal
ASN1BERDecS32Val
ASN1bitstring_free
ASN1intx2int32
ASN1intx_free

user32

CharLowerBuffW
wsprintfW

cryptdll

MD5Final
CDGenerateRandomBits
CDLocateCSystem
CDBuildIntegrityVect
MD5Init
CDLocateCheckSum
CDFindCommonCSystemWithKey
MD5Update

ntdll

RtlNtStatusToDosError
RtlInitUnicodeString
NtAllocateLocallyUniqueId
RtlDeleteResource
RtlGetElementGenericTable
RtlEqualSid
RtlValidSid
VerSetConditionMask
NtWaitForSingleObject
NtOpenProcessToken
RtlPrefixUnicodeString
RtlVerifyVersionInfo
RtlFreeUnicodeString
RtlCopyUnicodeString
NtAllocateVirtualMemory
RtlDeregisterWait
RtlInitializeGenericTable
RtlRegisterWait
DbgPrint
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlTimeFieldsToTime
NtQuerySystemInformation
RtlCompareMemory
RtlInitializeGenericTableAvl
RtlConvertSidToUnicodeString
RtlUpcaseUnicodeString
RtlLookupElementGenericTableAvl
RtlCreateSecurityDescriptor
NtCreateEvent
RtlTimeToTimeFields
RtlCopySid
RtlAppendUnicodeStringToString
RtlConvertSharedToExclusive
NtClose
RtlEqualDomainName
RtlUniform
RtlAllocateAndInitializeSid
RtlReleaseResource
RtlInsertElementGenericTableAvl
RtlInitializeResource
RtlCopyLuid
RtlLengthRequiredSid
RtlEnterCriticalSection
NtQuerySystemTime
RtlEraseUnicodeString
RtlIntegerToUnicodeString
RtlCompareUnicodeString
NtOpenEvent
RtlAddAccessAllowedAce
RtlCreateTimer
RtlCreateAcl
RtlFreeSid
RtlLeaveCriticalSection
RtlAcquireResourceExclusive
RtlOemStringToUnicodeString
RtlFreeAnsiString
RtlSubAuthorityCountSid
RtlRunDecodeUnicodeString
RtlDeleteCriticalSection
RtlAnsiStringToUnicodeString
RtlDeleteTimerQueue
RtlUnicodeStringToAnsiString
RtlLengthSid
RtlDowncaseUnicodeString
RtlInitializeSid
NtOpenThreadToken
NtSetSecurityObject
NtQueryInformationToken
RtlSystemTimeToLocalTime
RtlEqualUnicodeString
RtlAcquireResourceShared
RtlLookupElementGenericTable
RtlSubAuthoritySid
RtlCreateTimerQueue
RtlInitAnsiString
RtlSetDaclSecurityDescriptor
NtDuplicateObject

kernel32

InterlockedExchange
CloseHandle
LoadLibraryA
GetCurrentThread
GetProcAddress
GetSystemTimeAsFileTime
GetModuleHandleW
CreateFileMappingW
GetLocalTime
DisableThreadLibraryCalls
SetUnhandledExceptionFilter
DeleteCriticalSection
InitializeCriticalSection
InterlockedCompareExchange
InterlockedExchangeAdd
CreateFileA
ExpandEnvironmentStringsW
SetEvent
lstrlenA
UnhandledExceptionFilter
GetCurrentProcess
UnregisterWait
GetCurrentProcessId
InterlockedDecrement
WriteFile
GetComputerNameExW
FormatMessageW
lstrlenW
FreeLibrary
LocalAlloc
MapViewOfFileEx
GetLastError
QueryPerformanceCounter
LocalFree
DebugBreak
GetComputerNameW
RegisterWaitForSingleObjectEx
RaiseException
OpenEventW
lstrcpyW
LeaveCriticalSection
UnmapViewOfFile
GetProfileStringA
GetCurrentThreadId
lstrcmpiA
FileTimeToSystemTime
GetEnvironmentVariableW
OutputDebugStringA
GetSystemInfo
OpenFileMappingW
MultiByteToWideChar
Sleep
TerminateProcess
GetModuleFileNameW
GetACP
VirtualAlloc
CreateEventW
InterlockedIncrement
EnterCriticalSection
CreateFileW
GetModuleFileNameA
WideCharToMultiByte
lstrcmpW
LoadLibraryW
GetTickCount

secur32

LsaGetLogonSessionData
CredUnmarshalTargetInfo
FreeContextBuffer
CredMarshalTargetInfo
LsaFreeReturnBuffer

advapi32

CryptCreateHash
TraceEvent
SystemFunction007
OpenSCManagerW
OpenProcessToken
RevertToSelf
GetTraceLoggerHandle
CryptGetProvParam
LookupAccountSidW
AllocateAndInitializeSid
RegDeleteValueW
RegCreateKeyExW
CredUnmarshalCredentialW
RegisterTraceGuidsW
CryptHashData
QueryServiceStatus
OpenThreadToken
CryptAcquireContextW
RegEnumKeyExW
CloseServiceHandle
CryptDestroyHash
RegOpenKeyW
RegSetValueExW
FreeSid
DeregisterEventSource
CredFree
CryptGetHashParam
RegQueryValueExW
GetTokenInformation
SetThreadToken
RegisterEventSourceW
ReportEventW
CryptReleaseContext
CryptSetProvParam
QueryServiceConfigW
RegCloseKey
RegConnectRegistryW
SystemFunction006
OpenServiceW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegQueryInfoKeyW

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3945dd47326e29736684b06424afaa79

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

msasn1

user32

cryptdll

ntdll

kernel32

secur32

advapi32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 1.4MB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 36KB - Virtual size: 36KB

.rdata Size: 264KB - Virtual size: 263KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 1.4MB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 36KB - Virtual size: 36KB

.rdata
Size: 264KB - Virtual size: 263KB