84593ef07a2e4f72dd384a9f3d472d669240ab6aa7e3af038cac337d5863e7db

Sharing

Copy URL Twitter E-mail

General

Target

84593ef07a2e4f72dd384a9f3d472d669240ab6aa7e3af038cac337d5863e7db
Size

375KB
MD5

bc81150939bd52dbc7a08c245f1fb229
SHA1

d1348c7ca52f3f43e2eed784d6babd07b29ec514
SHA256

84593ef07a2e4f72dd384a9f3d472d669240ab6aa7e3af038cac337d5863e7db
SHA512

c68931f130397d563ba34cbf888761ddad9b1cbdb02e77baea1996ffc2d9fee4921a3edd0d6e05001e9f7b5f4f76c7870dde706887566556683722ff70e9ede8
SSDEEP

6144:/jiwxnVMRGLI1hLpmbxWVDhsRosRpFu651qr:LiwxnC1mboZyb5Q

Score

N/A

Malware Config

Signatures

Files

84593ef07a2e4f72dd384a9f3d472d669240ab6aa7e3af038cac337d5863e7db
.exe windows x64

f0c620d0043eece5e9b8cb26d8e988d3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

TraceMessage
GetTokenInformation
ConvertSidToStringSidW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
InitiateSystemShutdownExW
ImpersonateLoggedOnUser
CreateProcessAsUserW
RevertToSelf
OpenThreadToken
LsaOpenPolicy
LsaLookupSids
LsaFreeMemory
LsaClose
OpenProcessToken
AdjustTokenPrivileges
EqualSid
RegNotifyChangeKeyValue
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
RegSetKeySecurity
RegGetKeySecurity
GetSecurityDescriptorDacl
GetLengthSid
CopySid
InitializeAcl
AddAce
SetSecurityDescriptorDacl
RegLoadMUIStringW
LsaManageSidNameMapping
LookupPrivilegeValueW
LsaQueryInformationPolicy
LsaLookupNames
LsaStorePrivateData
AllocateLocallyUniqueId
AllocateAndInitializeSid
LogonUserExExW
FreeSid
GetKernelObjectSecurity
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetKernelObjectSecurity
AddAccessAllowedAce
SetTokenInformation
LsaEnumeratePrivileges
RegOpenKeyW
EventRegister
EventWrite
SystemFunction005
SystemFunction029
StartServiceCtrlDispatcherW
ControlTraceW
EnableTrace
GetTraceEnableFlags
GetTraceLoggerHandle
StartTraceW
GetTraceEnableLevel
RegisterTraceGuidsW
CheckTokenMembership

kernel32

HeapCreate
DuplicateHandle
GetCurrentProcess
CreateNamedPipeW
ConnectNamedPipe
TerminateProcess
GetOverlappedResult
CancelIo
ReadFile
WriteFile
TransactNamedPipe
GetTickCount
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemTimeAsFileTime
CreateEventW
ResetEvent
SetEvent
GetCurrentThread
CreateFileW
DeviceIoControl
GetCurrentProcessId
ResumeThread
GetProcessId
GetDriveTypeW
OpenEventW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
SetUnhandledExceptionFilter
SetErrorMode
HeapSetInformation
SetConsoleCtrlHandler
SetProcessShutdownParameters
ExitThread
CompareStringW
SetThreadPriority
GetProcessTimes
OpenProcess
IsWow64Process
LoadLibraryA
DelayLoadFailureHook
QueryPerformanceCounter
GetCurrentThreadId
UnhandledExceptionFilter
GetExitCodeThread
GetEnvironmentVariableW
FindFirstFileW
MoveFileExW
CreateDirectoryW
GetVersionExW
lstrlenW
FindClose
FindNextFileW
WaitForSingleObject
HeapFree
HeapAlloc
SetLastError
CreateProcessW
ExpandEnvironmentStringsW
CloseHandle
GetLastError
CreateThread
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LocalFree
LocalAlloc
WaitForMultipleObjects
GetSystemTime

user32

RegisterServicesProcess
BroadcastSystemMessageW
LoadStringW

msvcrt

_itow
_vsnwprintf
_wcslwr
wcsrchr
time
_ltow
wcscspn
wcschr
__getmainargs
__C_specific_handler
_wcsnicmp
_exit
_cexit
exit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
wcstoul
wcsstr
_wcsicmp
_wtol
wcsncmp
_ultow
memcpy
memset
_XcptFilter

rpcrt4

I_RpcBindingIsClientLocal
I_RpcSessionStrictContextHandle
I_RpcBindingInqLocalClientPID
RpcServerInqBindingHandle
RpcImpersonateClient
RpcRevertToSelf
I_RpcMapWin32Status
RpcServerUseProtseqEpW
RpcServerRegisterIfEx
RpcServerInqCallAttributesW
RpcServerUseProtseqW
RpcServerInqBindings
RpcBindingToStringBindingW
RpcStringBindingParseW
RpcStringFreeW
RpcEpRegisterW
RpcServerInqDefaultPrincNameW
RpcServerRegisterAuthInfoW
RpcBindingVectorFree
RpcServerSubscribeForNotification
RpcServerUnsubscribeForNotification
UuidEqual
NdrServerCall2
UuidCreate
RpcAsyncCompleteCall
RpcAsyncAbortCall
RpcServerRegisterIf
RpcServerUnregisterIfEx
RpcServerListen
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
RpcServerUnregisterIf
RpcStringBindingComposeW
RpcEpResolveBinding
RpcBindingFree
NdrClientCall3
RpcAsyncInitializeHandle
Ndr64AsyncClientCall
Ndr64AsyncServerCallAll
RpcServerInqCallAttributesA
UuidFromStringW
I_RpcExceptionFilter
NdrAsyncServerCall
RpcBindingFromStringBindingW
UuidCreateNil
NdrServerCallAll

ntdll

NtDuplicateToken
NtAdjustPrivilegesToken
NtSetInformationThread
NtQueryInformationToken
NtFilterToken
RtlCopyUnicodeString
NtDeleteFile
NtQueryDirectoryFile
NtWaitForSingleObject
RtlAppendUnicodeToString
RtlAppendUnicodeStringToString
NtSetInformationFile
NtQueryInformationFile
RtlSetProcessIsCritical
NtOpenProcessToken
NtSetInformationProcess
NtSetEvent
RtlFreeHeap
RtlUnhandledExceptionFilter
RtlQueueApcWow64Thread
NtQueueApcThread
NtOpenThread
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitializeCriticalSection
NtAccessCheckAndAuditAlarm
NtAccessCheck
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
RtlMapGenericMask
RtlSetSecurityObject
NtOpenThreadToken
RtlValidRelativeSecurityDescriptor
RtlQuerySecurityObject
NtCloseObjectAuditAlarm
RtlDeregisterWait
RtlReleaseResource
RtlAcquireResourceShared
RtlInitializeResource
RtlAcquireResourceExclusive
RtlQueueWorkItem
RtlDeleteSecurityObject
RtlCopyLuid
NtQueryKey
NtShutdownSystem
NtInitializeRegistry
NtSetSystemEnvironmentValue
RtlInitUnicodeString
NtClose
RtlNtStatusToDosError
WinSqmAddToStream
RtlSetControlSecurityDescriptor
NtDeleteKey
NtEnumerateKey
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtOpenKey
NtCreateKey
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
RtlSetEnvironmentVariable
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlConvertExclusiveToShared
RtlConvertSharedToExclusive
RtlCreateServiceSid
RtlRegisterWait
RtlEqualUnicodeString
RtlGetNtProductType
RtlCopySid
RtlLengthSid
NtUnloadDriver
RtlCompareUnicodeString
NtQueryDirectoryObject
NtOpenDirectoryObject
NtLoadDriver
RtlAdjustPrivilege
RtlExpandEnvironmentStrings_U
NtOpenFile
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlNtStatusToDosErrorNoTeb
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlAddAce
RtlNewSecurityObject
RtlSetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlAllocateHeap
RtlInitializeSid
RtlSubAuthorityCountSid
RtlSetOwnerSecurityDescriptor
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
RtlUnicodeStringToInteger
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
NtDeleteObjectAuditAlarm
NtFlushKey
RtlAreAllAccessesGranted

userenv

LoadUserProfileW
UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock

scesrv

ScesrvInitializeServer
ScesrvTerminateServer

ncobjapi

WmiEventSourceConnect
WmiSetAndCommitObject
WmiCreateObjectWithFormat

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0c620d0043eece5e9b8cb26d8e988d3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

rpcrt4

ntdll

userenv

scesrv

ncobjapi

Sections

.text Size: 235KB - Virtual size: 235KB

.rdata Size: 96KB - Virtual size: 95KB

.data Size: 9KB - Virtual size: 9KB

.pdata Size: 11KB - Virtual size: 11KB

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 235KB - Virtual size: 235KB

.rdata
Size: 96KB - Virtual size: 95KB

.data
Size: 9KB - Virtual size: 9KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 4KB - Virtual size: 3KB