e5d0fa6b40bb7e26122e7b4caa9df018ac1597ecec58c8532516aeb07820ed24

Sharing

Copy URL

Twitter E-mail

General

Target

e5d0fa6b40bb7e26122e7b4caa9df018ac1597ecec58c8532516aeb07820ed24
Size

194KB
MD5

8a43b4a9cc8eb37c3806fbfa85c6c131
SHA1

2bd504e3614f9828390670bc3db6e3fb458e0be3
SHA256

e5d0fa6b40bb7e26122e7b4caa9df018ac1597ecec58c8532516aeb07820ed24
SHA512

d7144aa615d0baa1408887ff9b5dabe16a9cd035ea2423953786eb67d60dee99ce62fba636a56e2b6c0c7f4d084a39333a20929c288abeec6c89a9e13347d5ca
SSDEEP

3072:IZXEVpqo9ETevhVNz96cdo8brdl60j+t4HbUXGxM:cETECVl9HdoOh80KtOO

Score

N/A

Malware Config

Signatures

Files

e5d0fa6b40bb7e26122e7b4caa9df018ac1597ecec58c8532516aeb07820ed24
.dll windows x86

5147fe46999d8702d0dccc4841b7f986

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

fprintf
_wfopen
free
_wcsdup
wcscpy
wcscat
wcsncmp
wcschr
wcslen
wcsncpy
wcsstr
_except_handler3
wcsncat
wcstol
wcscmp
fclose
_wcsnicmp
wcsspn
wcstok
swprintf
wcstoul
iswctype
sprintf

ntdll

RtlNtStatusToDosError
NtCreateFile
RtlInitUnicodeString
NtWaitForSingleObject
RtlGUIDFromString
NtDeviceIoControlFile

netcfgx

NetCfgDiagRepairRegistryBindings

netshell

HrRenameConnection

advapi32

RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExA

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo
GetIgmpList
FlushIpNetTableFromStack
NhpAllocateAndGetInterfaceInfoFromStack

kernel32

DisableThreadLibraryCalls
CloseHandle
GetConsoleOutputCP
MultiByteToWideChar
GetProcessHeap
HeapAlloc
lstrcpynW
lstrcmpiW
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedDecrement
InterlockedIncrement
HeapFree
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryW
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
GetCurrentProcess
TerminateProcess
WideCharToMultiByte
QueryPerformanceCounter
UnhandledExceptionFilter
LoadLibraryExW

mprapi

MprAdminServerConnect
MprAdminIsServiceRunning
MprConfigServerConnect
MprAdminMIBServerDisconnect
MprAdminServerDisconnect
MprConfigServerDisconnect
MprAdminInterfaceCreate
MprConfigInterfaceCreate
MprConfigInterfaceDelete
MprAdminInterfaceDelete
MprAdminInterfaceGetHandle
MprConfigBufferFree
MprConfigInterfaceGetInfo
MprConfigInterfaceGetHandle
MprAdminBufferFree
MprConfigInterfaceEnum
MprAdminInterfaceEnum
MprAdminInterfaceGetInfo
MprConfigInterfaceSetInfo
MprAdminInterfaceSetInfo
MprAdminInterfaceGetCredentials
MprAdminInterfaceSetCredentials
MprAdminInterfaceDisconnect
MprAdminInterfaceConnect
MprAdminMIBBufferFree
MprAdminMIBServerConnect
MprAdminMIBEntryGet

netsh.exe

MatchEnumTag
PrintMessageFromModule
RegisterHelper
MatchTagsInCmdLine
PreprocessCommand
PrintMessage
RegisterContext
FreeQuotedString
FreeString
MakeString
MakeQuotedString
PrintError
RefreshConsole
DisplayMessageToConsole
InitializeConsole
MatchToken
NsGetFriendlyNameFromIfName
NsGetIfNameFromFriendlyName

ole32

StringFromCLSID
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx
CLSIDFromString

user32

wsprintfW
LoadStringW

ws2_32

closesocket
WSAStartup
WSAIoctl
WSAGetLastError
socket
ntohs
inet_ntoa
inet_addr
htonl
WSCEnumProtocols
WSAEnumNameSpaceProvidersW
WSCGetProviderPath
WSCInstallProvider
htons

mswsock

MigrateWinsockConfiguration

Exports

Exports

GetResourceString
InitHelperDll

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5147fe46999d8702d0dccc4841b7f986

Headers

File Characteristics

Imports

msvcrt

ntdll

netcfgx

netshell

advapi32

iphlpapi

kernel32

mprapi

netsh.exe

ole32

user32

ws2_32

mswsock

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 56KB

.data Size: 61KB - Virtual size: 61KB

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 57KB - Virtual size: 56KB

.data
Size: 61KB - Virtual size: 61KB

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 3KB - Virtual size: 3KB