e47893097013eebb2607cefbc29e13ce851a45fb44cf0f2eeefd2f7fc512a995

Sharing

Copy URL Twitter E-mail

General

Target

e47893097013eebb2607cefbc29e13ce851a45fb44cf0f2eeefd2f7fc512a995
Size

831KB
MD5

7de9aba2aa5a46bd8dc44401856f0210
SHA1

6bf9f64295fef76d04080b030b42037b245d1210
SHA256

e47893097013eebb2607cefbc29e13ce851a45fb44cf0f2eeefd2f7fc512a995
SHA512

3dfc41d0f31fdb0936c2ae290b340b2aba17ed3c1903a41fcaad3dde710744c285a985f4653e93dffdc8d30f0f36dfb52f0afc592c1c5a640c90e9ec332172fc
SSDEEP

12288:OjvXxV5tNh5CBeuA+F2bGblsUEsTJRtN7z6HVEdv456JBE0/N88IBEUyYEmV:OjFLCBnAtGblPEOttPecBH/N8Fy

Score

N/A

Malware Config

Signatures

Files

e47893097013eebb2607cefbc29e13ce851a45fb44cf0f2eeefd2f7fc512a995
.exe windows x86

5611f766a92c7d9526972d33f9a13315

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CreateServiceW
IsValidSecurityDescriptor
RegSetValueExW
CloseEventLog
QueryRecoveryAgentsOnEncryptedFile
QueryServiceLockStatusW
RegCreateKeyExW
RegConnectRegistryA
CryptGetProvParam
GetOldestEventLogRecord
GetTokenInformation
CryptDuplicateHash
StartTraceW
SetTokenInformation
AdjustTokenPrivileges
SystemFunction016
DestroyPrivateObjectSecurity
AddAuditAccessAce
CheckTokenMembership
AreAnyAccessesGranted
RegSetValueW
CryptAcquireContextW

netapi32

NetGetJoinableOUs
NetUserGetGroups
NetGroupEnum
NetLocalGroupGetMembers
NetDfsSetClientInfo
NetFileClose
NetUserSetInfo
NetShareGetInfo
NetServerGetInfo
NetQueryDisplayInformation
DsRoleFreeMemory
NetUseAdd
I_NetServerReqChallenge
DsRoleGetPrimaryDomainInformation
NetShareSetInfo

mpr

WNetGetUniversalNameW
WNetGetUserW
WNetAddConnection3W
WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceA
WNetUseConnectionW
WNetGetLastErrorW
WNetAddConnection2W
WNetGetUniversalNameA
WNetEnumResourceW
WNetGetConnectionA
WNetGetProviderNameW
WNetOpenEnumA
WNetGetConnectionW
WNetGetResourceInformationW

rpcrt4

CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
RpcBindingInqAuthInfoExW
RpcBindingInqAuthClientExW
I_RpcAsyncAbortCall
MesEncodeFixedBufferHandleCreate
NdrStubForwardingFunction

kernel32

GetConsoleCP
FreeLibrary
PeekNamedPipe
GetStartupInfoW
lstrcpynW
GetFileAttributesW
VirtualAlloc
InterlockedIncrement
SetConsoleKeyShortcuts

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.HPs
Size: 686KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5611f766a92c7d9526972d33f9a13315

Headers

File Characteristics

Imports

advapi32

netapi32

mpr

rpcrt4

kernel32

Sections

.text Size: 22KB - Virtual size: 21KB

.HPs Size: 686KB - Virtual size: 1.0MB

.rsrc Size: 121KB - Virtual size: 121KB

.reloc Size: 512B - Virtual size: 196B

.text
Size: 22KB - Virtual size: 21KB

.HPs
Size: 686KB - Virtual size: 1.0MB

.rsrc
Size: 121KB - Virtual size: 121KB

.reloc
Size: 512B - Virtual size: 196B