b1bb1679bc0f0d5954f96302f2a86c7a5cf69e535e28fb2b630975cd582768ce

Sharing

Copy URL Twitter E-mail

General

Target

b1bb1679bc0f0d5954f96302f2a86c7a5cf69e535e28fb2b630975cd582768ce
Size

226KB
MD5

a207bcad4182f49f4979096fb4e11a26
SHA1

d7633ea864f077249155bbe235dc097f09cc9a3f
SHA256

b1bb1679bc0f0d5954f96302f2a86c7a5cf69e535e28fb2b630975cd582768ce
SHA512

ff700487305823def1eded25013b77c0ed21aeabff6840b72a462d927c6bca3a8fd8298e3cf476767eef8d4d0e8b22c7dd397e3de4686ad176bcac0ba127b3ed
SSDEEP

6144:Zcsx8CfHjdVEzk27SY0Zz6zBQZPzlneWx:ZLx8IsSGNSPzBV

Score

N/A

Malware Config

Signatures

Files

b1bb1679bc0f0d5954f96302f2a86c7a5cf69e535e28fb2b630975cd582768ce
.dll windows x86

9904eb65711716550454bfb2bae4805a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcsncmp
memset
_adjust_fdiv
_amsg_exit
_initterm
free
malloc
_XcptFilter

kernel32

GetLastError
EnterCriticalSection
DeleteCriticalSection
CloseHandle
UnregisterWait
CreateEventW
InitializeCriticalSection
ExpandEnvironmentStringsW
SearchPathW
GetSystemDirectoryW
InterlockedIncrement
InterlockedDecrement
DeviceIoControl
CreateFileW
SetEvent
LeaveCriticalSection
CreateProcessW
ResumeThread
GetExitCodeProcess
QueueUserWorkItem
InterlockedExchange
Sleep
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WaitForSingleObject
lstrlenW
WaitForMultipleObjects
LocalFree

advapi32

SetServiceStatus
GetTraceEnableFlags
TraceMessage
RegisterServiceCtrlHandlerExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
ConvertSidToStringSidW
EqualSid
GetTokenInformation
OpenProcessToken
RegSetKeySecurity
IsValidSecurityDescriptor
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorLength
IsValidAcl
AddAccessAllowedAceEx
InitializeAcl
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
LogonUserW
CreateProcessAsUserW
RegEnumKeyExW
RegGetKeySecurity
GetSecurityDescriptorControl
GetSecurityDescriptorDacl
GetLengthSid
GetAce
GetTraceEnableLevel

ntdll

DbgPrint
NtClose
_vsnwprintf

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate
UuidFromStringW

setupapi

SetupDiEnumDeviceInfo
CM_Query_And_Remove_SubTreeW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
CM_Get_DevNode_Status_Ex
SetupDiOpenDeviceInfoW
CM_Setup_DevNode
SetupDiOpenDevRegKey
SetupDiGetDeviceInfoListDetailW
SetupDiCreateDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW

wudfplatform

InitializePlatformLibrary
GetAndInitializePlatformObject
WdfGetLpcInterface

Exports

Exports

ServiceMain
SvchostPushServiceGlobals

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 173KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9904eb65711716550454bfb2bae4805a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

ntdll

rpcrt4

setupapi

wudfplatform

Exports

Exports

Sections

.text Size: 47KB - Virtual size: 47KB

.data Size: 173KB - Virtual size: 174KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 47KB - Virtual size: 47KB

.data
Size: 173KB - Virtual size: 174KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB