27be2ae673d31937fec92362e568c0658dce1ca9134192e5bd6330660414377f

Sharing

Copy URL Twitter E-mail

General

Target

27be2ae673d31937fec92362e568c0658dce1ca9134192e5bd6330660414377f
Size

932KB
MD5

912d30a2f2091845d14af8c21d8aa725
SHA1

60a453d1137b0c9f83a012476a661e870942e10d
SHA256

27be2ae673d31937fec92362e568c0658dce1ca9134192e5bd6330660414377f
SHA512

dd0e704f672dabcd17e17d45aeb0bd98ec89b79700eed8b5f66c5f6870df26f6a5df3b971c389624ca3ff6ad1542f4ac4e6e12fdb45f5dbcb4b9c13d1106c9f7
SSDEEP

12288:gmDfRirSN3JejWUZeE1HOQ0yoZVITXvYIddu7buKrDD9KNoeTD7fjcPb6:focJejWwO7yoZVKgBvuKz9clTXjcPb6

Score

N/A

Malware Config

Signatures

Files

27be2ae673d31937fec92362e568c0658dce1ca9134192e5bd6330660414377f
.exe windows x86

d380319f78042558eefeac166597ff11

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

GetCurrentHwProfileA
AddAccessAllowedObjectAce
RegQueryMultipleValuesA
CryptDestroyKey
SetFileSecurityW
EnableTrace
LsaFreeMemory
WriteEncryptedFileRaw

kernel32

lstrcatA
GetDriveTypeA
GetConsoleAliasA
IsBadCodePtr
WaitForSingleObject
WideCharToMultiByte
EnumTimeFormatsW
SetUnhandledExceptionFilter
ReleaseSemaphore
LockFile
DosPathToSessionPathW
EnumResourceTypesW
ReadConsoleInputA
SetLocalTime
MoveFileW
LocalSize
WriteFileGather
VerLanguageNameA
LocalCompact
VirtualAlloc
IsDBCSLeadByte
SetProcessAffinityMask
IsDBCSLeadByteEx
SetVolumeLabelA

ulib

?DeleteChAt@WSTRING@@QAEXKK@Z
??1HMEM@@UAE@XZ
?Initialize@CONT_MEM@@QAEEPAXK@Z
??1PATH@@UAE@XZ
?GetWSTR@WSTRING@@QBEPBGXZ
?Initialize@MACHINE@@QAEEXZ
??1PATH_ARGUMENT@@UAE@XZ
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@XZ
??0HMEM@@QAE@XZ

netapi32

NetServerTransportEnum
DsGetSiteNameW
NetUseDel
DsEnumerateDomainTrustsW
NetMessageBufferSend
NetAuditRead
NetGroupGetInfo
NetpIsRemote
NetpwNameValidate

Sections

.text
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.cftB
Size: 191KB - Virtual size: 433KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.AXwnz
Size: 254KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.YoAu
Size: 124KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d380319f78042558eefeac166597ff11

Headers

File Characteristics

Imports

advapi32

kernel32

ulib

netapi32

Sections

.text Size: 198KB - Virtual size: 198KB

.cftB Size: 191KB - Virtual size: 433KB

.AXwnz Size: 254KB - Virtual size: 400KB

.YoAu Size: 124KB - Virtual size: 238KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 198KB - Virtual size: 198KB

.cftB
Size: 191KB - Virtual size: 433KB

.AXwnz
Size: 254KB - Virtual size: 400KB

.YoAu
Size: 124KB - Virtual size: 238KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 2KB - Virtual size: 2KB