9440bfd6b5983a5f9905b734eda69cb667969577e87119e13380227bc41e30c5

Sharing

Copy URL

Twitter E-mail

General

Target

9440bfd6b5983a5f9905b734eda69cb667969577e87119e13380227bc41e30c5
Size

851KB
MD5

5115aa9b57b9777fff586c0839dcf368
SHA1

af64d9852b39783ea53eaa228da606f10235edb0
SHA256

9440bfd6b5983a5f9905b734eda69cb667969577e87119e13380227bc41e30c5
SHA512

69f8252f7af471f096cf018b10c5478726232b9d68e2060f48ee9f5c984edf29d343852029c8b2a07898fcbba2b3a9be2e8ad082a0201c2e1f1e5f22e3c32af0
SSDEEP

24576:/FXuiM2HKYcSpIc1E3MkHDooEWtPHoh3+5AEfI8sVn:/XRqzSDhAqW1oh3+OOI8A

Score

N/A

Malware Config

Signatures

Files

9440bfd6b5983a5f9905b734eda69cb667969577e87119e13380227bc41e30c5
.exe windows x86

dd0758e44f0b456926baf8c6bc225700

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetErrorStringA
RasFreeEapUserIdentityA
RasDeleteSubEntryA
RasClearConnectionStatistics
DwCloneEntry
RasGetEntryHrasconnW
DDMGetPhonebookInfo
RasSetEntryPropertiesA
RasGetHport
RasConnectionNotificationA
RasHangUpW
RasGetCustomAuthDataA
RasGetEntryDialParamsA
RasSetCustomAuthDataW
RasSetSharedAutoDial
RasValidateEntryNameA
RasEnumConnectionsW
RasRenameEntryW
RasConnectionNotificationW
RasGetConnectStatusA
RasGetCustomAuthDataW
RasScriptInit
RasScriptTerm
RasGetCountryInfoA

netapi32

I_NetLogonControl2
DsRoleGetDatabaseFacts
DsEnumerateDomainTrustsW
NetRemoveAlternateComputerName
RxNetUserPasswordSet
NetShareSetInfo
NetDfsGetDcAddress
NetApiBufferReallocate
NlBindingAddServerToCache
DsGetDcNameWithAccountA
NetpGetConfigValue
DsRoleGetDcOperationProgress
NetUnregisterDomainNameChangeNotification
NetServiceGetInfo
DsAddressToSiteNamesA
NlBindingRemoveServerFromCache
NetUseGetInfo
NetShareGetInfo
NetpMergeFtinfo
NetUseAdd
DsGetForestTrustInformationW
NetpNetBiosStatusToApiStatus

kernel32

GetNativeSystemInfo
SetTimerQueueTimer
GetSystemWindowsDirectoryA
PrivCopyFileExW
CreateMailslotW
GetTempPathA
SetConsoleMaximumWindowSize
LoadLibraryA
FindResourceA
InitializeCriticalSection
EnumUILanguagesW
SetConsoleCursorInfo
IsValidLocale
InitializeSListHead
SetConsoleOutputCP
SetConsoleCtrlHandler
DefineDosDeviceW
SizeofResource
VirtualAlloc
LZInit

ntdll

ZwOpenProcessToken
RtlDecompressBuffer
RtlCaptureContext
ZwEnumerateSystemEnvironmentValuesEx
NtLockProductActivationKeys
RtlLogStackBackTrace
RtlDeleteElementGenericTable
RtlSetBits
NtQueryIoCompletion
NtQuerySystemEnvironmentValue
LdrUnloadAlternateResourceModule
RtlRaiseStatus
RtlSetSecurityObjectEx
RtlGetActiveActivationContext
NtSetInformationThread
_strlwr

security

DeleteSecurityPackageA
ImpersonateSecurityContext
QueryContextAttributesW
InitializeSecurityContextA
ImportSecurityContextW
QuerySecurityPackageInfoA
AcquireCredentialsHandleW
QueryCredentialsAttributesA
InitSecurityInterfaceA
AddSecurityPackageW
InitSecurityInterfaceW
AddSecurityPackageA
UnsealMessage
DeleteSecurityPackageW
InitializeSecurityContextW
FreeCredentialsHandle

hhsetup

?DeleteLocation@CCollection@@AAEKPAVCLocation@@@Z
?GetLangId@CCollection@@QAEGPBD@Z
?SetId@CTitle@@QAEXPBG@Z
?AddTitle@CCollection@@QAEPAVCTitle@@PBG0000GIPAVCLocation@@PAKH0@Z
?AddRef@CCollection@@QAEXXZ
?HandleFolder@CCollection@@AAEKPAVCParseXML@@PAD@Z
?SetMasterCHM@CCollection@@QAEXPBDG@Z
?SetNextFolder@CFolder@@QAEXPAV1@@Z
?GetFirstTitle@CCollection@@QAEPAVCTitle@@XZ
?SetFirstChildFolder@CFolder@@QAEXPAV1@@Z
?SetTitle@CFolder@@QAEXPBG@Z
?AddLocationHistory@CTitle@@QAEKKPBD00PBVCLocation@@00H@Z
?DeleteTitle@CCollection@@AAEKPAVCTitle@@@Z
?Next@CPointerList@@QAEPAUListItem@@PAU2@@Z
??4CFIFOString@@QAEAAV0@ABV0@@Z

msvcrt

exit

Sections

.text
Size: 471KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 371KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd0758e44f0b456926baf8c6bc225700

Headers

DLL Characteristics

File Characteristics

Imports

rasapi32

netapi32

kernel32

ntdll

security

hhsetup

msvcrt

Sections

.text Size: 471KB - Virtual size: 471KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 371KB - Virtual size: 1.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 580B

.text
Size: 471KB - Virtual size: 471KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 371KB - Virtual size: 1.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 580B