1346b57bc5034c59dcbda3f4ef2b619db45baafae7726d05c40b567a08920895

Sharing

Copy URL Twitter E-mail

General

Target

1346b57bc5034c59dcbda3f4ef2b619db45baafae7726d05c40b567a08920895
Size

276KB
MD5

8fd0793b7c72b49178448bea24259bed
SHA1

3d9b02b1022bb97181f86cd62d5769a9dbf18b87
SHA256

1346b57bc5034c59dcbda3f4ef2b619db45baafae7726d05c40b567a08920895
SHA512

ccc9a355a3c475b7486f23b3c0fdc99f564c36477c355f0a05b2e59993ab8e42668ca733af0af3fc04881dcb6aa3cc2a32d990e8574450694cf52b72c95c627d
SSDEEP

6144:5PG6LVflNNc5knYWODWU7yPCDevcCV5jvoE9Lje:5PG6LVflNi5knKl0Civxi

Score

N/A

Malware Config

Signatures

Files

1346b57bc5034c59dcbda3f4ef2b619db45baafae7726d05c40b567a08920895
.exe windows x86

64d239f50eba6f5c6fe679d82cd345ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceEvent
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
RegCloseKey
RegQueryValueExW
StartServiceW
OpenServiceW
RegOpenKeyExW
CreateServiceW
CloseServiceHandle
OpenSCManagerW
GetLengthSid
CopySid
FreeSid
AllocateAndInitializeSid
CreateWellKnownSid
SetThreadToken
RevertToSelf
IsWellKnownSid
OpenThreadToken
DeregisterEventSource
ReportEventW
RegisterEventSourceW
MapGenericMask
GetAce
GetSecurityDescriptorDacl
OpenProcessToken
RegDeleteKeyW
GetTokenInformation
RegEnumKeyExW
RegSetValueExW
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegDeleteValueW
RegEnumValueW
RegCreateKeyExW
LogonUserW
QueryServiceStatus
CredFree
CredWriteW
CredReadW
CredDeleteW
RegConnectRegistryW

kernel32

UnregisterWaitEx
GetLastError
SetLastError
LocalFree
LocalAlloc
GetVersionExW
HeapSetInformation
CreateEventW
RegisterWaitForSingleObject
InterlockedExchange
ExpandEnvironmentStringsW
GetFullPathNameW
CreateFileW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetComputerNameExW
GetSystemDirectoryW
LoadLibraryExW
CompareStringW
WideCharToMultiByte
GetCurrentThread
CloseHandle
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
FormatMessageW
EnumUILanguagesW
GetLocaleInfoW
LoadLibraryW
GetProcAddress
FreeLibrary
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
Sleep

msvcrt

??0exception@@QAE@XZ
wcstoul
_purecall
wcsncmp
_wtoi64
wcschr
_scwprintf
_wtoi
_CxxThrowException
iswalnum
_ultow
??1type_info@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_onexit
_lock
__dllonexit
_unlock
_controlfp
?terminate@@YAXXZ
memmove
memset
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
_vsnwprintf
iswspace
_wcsnicmp
_exit
_cexit
__wgetmainargs
_errno
__CxxFrameHandler
_iob
fwprintf
_wcsicmp
wcsstr
memcpy
_itow

ntdll

RtlUnwind

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

VarCmp
VariantClear
SysAllocString
SysFreeString
SysStringLen
VariantInit

wsmsvc

?Alloc@WSManMemory@@SGPAXIABVCallSite@TestSystem@@W4Mode@3@@Z
?Free@WSManMemory@@SGXPAXABVCallSite@TestSystem@@@Z
?AllocBstr@WSManMemory@@SGPAGPBGHABVCallSite@TestSystem@@@Z

crypt32

CryptAcquireCertificatePrivateKey
CryptDecodeObjectEx
CertFindExtension
CertFreeCertificateContext
CertFreeCertificateChain
CertGetEnhancedKeyUsage
CryptBinaryToStringW
CertCloseStore
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertGetCertificateContextProperty
CertFindCertificateInStore
CertOpenStore
CertGetNameStringW
CryptStringToBinaryW

netapi32

NetApiBufferFree
NetGetJoinInformation

rpcrt4

UuidCreate

userenv

RegisterGPNotification
UnregisterGPNotification
LeaveCriticalPolicySection
EnterCriticalPolicySection

ws2_32

WSACleanup
WSAStartup
getnameinfo
freeaddrinfo
getaddrinfo

httpapi

HttpTerminate
HttpSetServiceConfiguration
HttpDeleteServiceConfiguration
HttpQueryServiceConfiguration
HttpInitialize

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

64d239f50eba6f5c6fe679d82cd345ae

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ntdll

ole32

oleaut32

wsmsvc

crypt32

netapi32

rpcrt4

userenv

ws2_32

httpapi

iphlpapi

Sections

.text Size: 192KB - Virtual size: 192KB

.data Size: 62KB - Virtual size: 63KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 192KB - Virtual size: 192KB

.data
Size: 62KB - Virtual size: 63KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 18KB - Virtual size: 17KB