a80868d41174bd20f00901d48f43f6fc1e4029d512afe2db9aee074f2ae1c625

Sharing

Copy URL Twitter E-mail

General

Target

a80868d41174bd20f00901d48f43f6fc1e4029d512afe2db9aee074f2ae1c625
Size

618KB
MD5

780c988559c2503640fa7b75e2480ca4
SHA1

127ed2822a62bea1774d8070c8f107ad48203380
SHA256

a80868d41174bd20f00901d48f43f6fc1e4029d512afe2db9aee074f2ae1c625
SHA512

e961e9b519d1f2b0128b45e8e0fbff14483108abc4595e2964737f770814727cc2262a2f58fd81f14fcbb6874c71ea9f19660a6bf5353445b3a42fd7be11de17
SSDEEP

12288:+Z0B/UgxZNtAsJo2HCw23F6Q1TqO+S0vrrX0NaJtglSxbFTpV+J3:M0BhZNtAsbHCw2V6QYO+S0fX0NaJthJC

Score

N/A

Malware Config

Signatures

Files

a80868d41174bd20f00901d48f43f6fc1e4029d512afe2db9aee074f2ae1c625
.exe windows x86

a660587843adf8fe5ceddcb1985c9807

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msdart

?IsWin98orLater@CMdVersionInfo@@SAHXZ
?WriteUnlock@CSmallSpinLock@@QAEXXZ
?SetSpinCount@CSmallSpinLock@@QAE_NG@Z
??0CLockedSingleList@@QAE@XZ
?InitializeVersionInfo@CMdVersionInfo@@CAHXZ
UMSEnterCSWraper
?sm_pfnSetCriticalSectionSpinCount@CCriticalSection@@0P6GKPAU_RTL_CRITICAL_SECTION@@K@ZA
?TryWriteLock@CCritSec@@QAE_NXZ
?IsReadLocked@CSpinLock@@QBE_NXZ
?ReadUnlock@CReaderWriterLock3@@QAEXXZ
?GetDefaultSpinCount@CCritSec@@SGGXZ
?RemoveHead@CDoubleList@@QAEQAVCListEntry@@XZ
?SetSpinCount@CCritSec@@QAE_NG@Z
?InsertHead@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?ConvertSharedToExclusive@CLKRHashTable@@QBEXXZ
?IsWin2k@CMdVersionInfo@@SAHXZ
?InsertTail@CLockedDoubleList@@QAEXQAVCListEntry@@@Z
?_ReadOrWriteLock@CLKRLinearHashTable@@ABE_NXZ
?_RemoveThisFromGlobalList@CLKRHashTable@@AAEXXZ
?IsUnlocked@CLockedDoubleList@@QBE_NXZ
?GetSpinCount@CSpinLock@@QBEGXZ
?ReadLock@CSmallSpinLock@@QAEXXZ
?ConvertExclusiveToShared@CCritSec@@QAEXXZ
?_DeleteRecord@CLKRLinearHashTable@@AAE?AW4LK_RETCODE@@PBXK@Z
?sm_dblDfltSpinAdjFctr@CReaderWriterLock2@@1NA
?ValidSignature@CLKRHashTable@@QBE_NXZ
?sm_pfnTryEnterCriticalSection@CCriticalSection@@0P6GHPAU_RTL_CRITICAL_SECTION@@@ZA
?ReadLock@CReaderWriterLock2@@QAEXXZ
?IsReadLocked@CSmallSpinLock@@QBE_NXZ
??4CLKRHashTableStats@@QAEAAV0@ABV0@@Z
?IsWinNT@CMdVersionInfo@@SAHXZ
mpCalloc
?TryReadLock@CSpinLock@@QAE_NXZ
?IsWriteUnlocked@CReaderWriterLock2@@QBE_NXZ
?IsWin95@CMdVersionInfo@@SAHXZ
?GetDefaultSpinCount@CFakeLock@@SGGXZ
?MaxSize@CLKRLinearHashTable@@QBEKXZ
?Lock@CLockedSingleList@@QAEXXZ
??1CLKRLinearHashTable@@QAE@XZ
?_Lock@CSpinLock@@AAEXXZ
?IsUnlocked@CLockedSingleList@@QBE_NXZ

mprddm

RasAcctProviderStartAccounting
DDMAdminConnectionEnum
DDMAdminInterfaceDisconnect
DDMAdminConnectionGetInfo
RasAcctProviderInitialize
DDMConnectInterface
DDMServicePostListens
RasAuthProviderFreeAttributes
DDMSendUserMessage
DDMAdminConnectionClearStats
RasAuthConfigChangeNotification
RasAcctProviderInterimAccounting
DDMAdminPortGetInfo
IfObjectInitiatePersistentConnections
RasAcctConfigChangeNotification
RasAcctProviderStopAccounting
DDMAdminPortEnum
DDMAdminServerGetInfo
RasAcctProviderFreeAttributes
DDMAdminPortReset
RasAuthProviderTerminate
DDMGetIdentityAttributes
DDMServiceInitialize
IfObjectSetDialoutHoursRestriction
DDMAdminPortClearStats
RasAcctProviderTerminate
DDMDisconnectInterface
DDMTransportCreate
IfObjectNotifyOfReachabilityChange
IfObjectLoadPhonebookInfo
DDMRegisterConnectionNotification
RasAuthProviderInitialize
RasAuthProviderAuthenticateUser
DDMAdminInterfaceConnect
DDMAdminPortDisconnect

kernel32

WritePrivateProfileStructW
FreeResource
GetCurrentThread
FoldStringA
SetConsoleCursor
LCMapStringA
LZOpenFileA
GetPrivateProfileSectionNamesA
GetConsoleAliasesW
ProcessIdToSessionId
LoadLibraryA
DefineDosDeviceA
SetUserGeoID
OpenSemaphoreW
FatalAppExitA
ReadConsoleOutputCharacterW
GetACP
GetLocaleInfoW
WritePrivateProfileStringW
SearchPathA
EnumUILanguagesA
OpenJobObjectA
FreeUserPhysicalPages
EnumDateFormatsW
ExitVDM
FillConsoleOutputAttribute
SetLastError
DebugSetProcessKillOnExit
GetCurrentProcessId
WaitForSingleObject
GlobalGetAtomNameW
WriteConsoleOutputCharacterA
LoadResource
ContinueDebugEvent
DeleteFileA
SetTapeParameters
HeapDestroy
WaitForDebugEvent
UnregisterWait
GetSystemWindowsDirectoryW
GetLargestConsoleWindowSize
_lcreat
RtlZeroMemory
EnumerateLocalComputerNamesA
GlobalFindAtomW
GetDateFormatW
GetConsoleInputWaitHandle
SetCalendarInfoA
DeleteFiber
IsValidLocale
GetPrivateProfileIntA
GetFileInformationByHandle
WriteConsoleOutputA
GetTickCount
GetConsoleAliasExesA
IsValidCodePage
GetFileSizeEx
PulseEvent
CreateMailslotW
GetProfileStringW
SetDefaultCommConfigA
WritePrivateProfileSectionW
GetConsoleScreenBufferInfo
lstrcpyA
GetThreadContext
GetDriveTypeW
VerifyVersionInfoA
BaseDumpAppcompatCache
Thread32Next
VirtualAlloc
SetConsoleKeyShortcuts
GetModuleHandleA
GetProfileSectionA
CreateJobObjectW
LZCloseFile
WritePrivateProfileSectionA
RtlCaptureContext
CreateConsoleScreenBuffer
OpenWaitableTimerA
GetConsoleAliasExesLengthA
GetProcessTimes
GetProcessId
InitializeCriticalSectionAndSpinCount
SetHandleInformation
SetTimeZoneInformation
GetGeoInfoA
WriteProcessMemory

regapi

RegWinStationQuerySecurityA
RegPdDeleteW
RegWdEnumerateA
RegWdCreateW
RegWinStationQueryA
RegWinStationQueryNumValueW
RegWinStationQueryW
RegIsMachinePolicyAllowHelp
RegCdCreateA
RegConsoleShadowQueryA
RegUserConfigDelete
RegCdEnumerateW
RegPdCreateW
RegWinStationEnumerateA
RegQueryUtilityCommandList
RegUserConfigQuery
RegUserConfigSet
RegGetMachinePolicyEx
RegGetUserPolicy
RegBuildNumberQuery
RegWinStationAccessCheck
RegWdQueryW
RegDenyTSConnectionsPolicy
RegOpenServerW
RegMergeUserConfigWithUserParameters
RegWinStationCreateW
RegCdQueryA
RegWinStationQueryDefaultSecurity
RegDefaultUserConfigQueryW
RegCdDeleteA
RegPdEnumerateA
RegQueryOEMId
RegWinStationDeleteA
RegWinStationQueryEx
RegPdCreateA
RegWdDeleteW
RegCdDeleteW

scecli

SceSetupUnwindSecurityFile
SceSvcConvertTextToSD
SceRollbackTransaction
SceAddToObjectList
SceSetupUpdateSecurityKey
SceSvcGetInformationTemplate
SceSetupBackupSecurity
SceWriteSecurityProfileInfo
SceSvcQueryInfo
SceLookupPrivRightName
SceProcessSecurityPolicyGPOEx
SceDcPromoCreateGPOsInSysvolEx
SceUpdateObjectInfo
SceSvcSetInformationTemplate
SceCompareSecurityDescriptors
SceConfigureSystem
SceGenerateRollback
SceRegisterRegValues
SceSetupConfigureServices
SceAddToNameList
SceBrowseDatabaseTable
SceSetupGenerateTemplate
SceGetSecurityProfileInfo
SceFreeMemory
SceGetObjectChildren
SceCopyBaseProfile
SceDcPromoteSecurityEx
SceSetupMoveSecurityFile
SceSetDatabaseSetting
SceSetupSystemByInfName
SceSvcSetInfo
SceSetupUpdateSecurityFile
SceGetDatabaseSetting
SceNotifyPolicyDelta

Sections

.text
Size: 546KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 306KB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a660587843adf8fe5ceddcb1985c9807

Headers

DLL Characteristics

File Characteristics

Imports

msdart

mprddm

kernel32

regapi

scecli

Sections

.text Size: 546KB - Virtual size: 546KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 306KB - Virtual size: 1.7MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 546KB - Virtual size: 546KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 306KB - Virtual size: 1.7MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1024B