c3a7540740f2f9bafb60599a9a4878eea37a5b38b429114b090e7540d7f4551e

Sharing

Copy URL

Twitter E-mail

General

Target

c3a7540740f2f9bafb60599a9a4878eea37a5b38b429114b090e7540d7f4551e
Size

545KB
MD5

2a62f937d85a24cde12819048246b4c0
SHA1

9bbeeffabe79f04146ca8cf273f2ead436c0711c
SHA256

c3a7540740f2f9bafb60599a9a4878eea37a5b38b429114b090e7540d7f4551e
SHA512

6fb67baaace47f828ee65a1242408877da92b1c8c7d3260be476f800f623c0e65dc2548002ea358cb057d66d47883adddb395965c2564f8587c081a24ae4518d
SSDEEP

12288:AqYE3BnVzU3I3Lmws89pwcW3kRRmOBtS8XhE4DGoZtH:AqYE3BnV43IKwd9UCIgU8XhE4Dbf

Score

N/A

Malware Config

Signatures

Files

c3a7540740f2f9bafb60599a9a4878eea37a5b38b429114b090e7540d7f4551e
.dll windows x86

436d587bbb71a351fc1a4f993c5591d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptDestroyKey
QueryServiceConfigA
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegSetValueExW
RegUnLoadKeyA
ElfBackupEventLogFileW
IsValidSid
MakeAbsoluteSD2
ReportEventW
SetSecurityDescriptorControl
AccessCheck
AddAccessDeniedAceEx
QueryServiceStatusEx
LookupSecurityDescriptorPartsA
CloseEncryptedFileRaw
CryptImportKey
DecryptFileW
OpenTraceA
DeregisterEventSource
ElfDeregisterEventSource
LookupAccountSidA
LsaGetQuotasForAccount
OpenSCManagerA
PrivilegedServiceAuditAlarmA
RegEnumValueW
RegQueryInfoKeyW
RegisterEventSourceW
SystemFunction017
SystemFunction022
LookupPrivilegeValueA
GetNamedSecurityInfoW
GetTokenInformation
LsaClose
LsaFreeMemory
SystemFunction007
SystemFunction011
ElfOpenEventLogW
IsTextUnicode
LsaEnumerateAccounts
LsaEnumerateTrustedDomains
ObjectOpenAuditAlarmA

kernel32

GlobalAlloc
GlobalLock
GlobalReAlloc
GlobalUnlock
DisableThreadLibraryCalls
EnumSystemLanguageGroupsA
FreeEnvironmentStringsW
FreeLibrary
GetConsoleAliasesW
GetCurrentThreadId
GetProcessHeap
HeapDestroy
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
ReadConsoleA
SizeofResource
VirtualAlloc
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW
BackupWrite
CloseHandle
CreateProcessW
EnumResourceNamesA
EnumUILanguagesW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetWindowsDirectoryW
IsValidLocale
LoadLibraryW
LocalAlloc
SetConsoleActiveScreenBuffer
SetUnhandledExceptionFilter
TerminateProcess
AllocateUserPhysicalPages
CreateFileW
DeleteFileW
GetTempPathW
ReadFile
SetErrorMode
SetFileTime
WriteFile
WritePrivateProfileStringA
lstrcmpW
CreateNamedPipeA
FindFirstVolumeMountPointA
FormatMessageW
InterlockedExchange
lstrcpyW
GetModuleFileNameW
InterlockedCompareExchange
LoadResource
LocalFree
RaiseException
Sleep
CreateDirectoryExW
CreateDirectoryW
CreateMutexA
DeviceIoControl
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
GetFullPathNameW
GetStringTypeExA
GetTickCount
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
LocalReAlloc
MoveFileA
MoveFileExW
SearchPathA
UnhandledExceptionFilter
UnmapViewOfFile
CreateDirectoryExA
FoldStringA
GetComputerNameA
GetComputerNameExA
GetCurrentProcessId
GetDiskFreeSpaceW
GetSystemTimeAsFileTime
QueryPerformanceCounter
WideCharToMultiByte
lstrcmpiA
CompareStringW
GetACP
GetCommandLineW
GetLocaleInfoW
GetUserDefaultLCID
GlobalFree
GlobalSize
InitializeCriticalSectionAndSpinCount
SuspendThread
CreateEventA
CreateThread
DeleteFileA
LocalFlags
WaitForMultipleObjects
WaitForSingleObject
GetLastError
FindFirstFileA
FindNextFileA
HeapFree
HeapAlloc
ExitProcess
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
GetFileType
GetTimeZoneInformation
RtlUnwind
HeapReAlloc
GetTimeFormatA
GetDateFormatA
ExitThread
SetFilePointer
ResumeThread
LocalFileTimeToFileTime
SystemTimeToFileTime
VirtualFree
SetConsoleCtrlHandler
GetFileAttributesA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapValidate
GetStdHandle
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
GetCPInfo
GetOEMCP
IsValidCodePage
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
IsDebuggerPresent
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapCreate
DeleteCriticalSection
FatalAppExitA
GetModuleFileNameA
LoadLibraryA
LCMapStringA
LCMapStringW
GetExitCodeProcess
GetModuleHandleA
SetHandleCount
GetStartupInfoA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
EnumSystemLocalesA
CreateFileA
CompareStringA
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
HeapSize
GetConsoleCP
SetEndOfFile
FlushFileBuffers
SetEnvironmentVariableA
CreateProcessA
SetEnvironmentVariableW

ole32

OleInitializeWOW
OleGetClipboard
CreateClassMoniker
CoRevokeMallocSpy
CoRegisterChannelHook
CoQueryReleaseObject
CreateDataCache
CoReleaseServerProcess
CoRegisterSurrogateEx
HENHMETAFILE_UserFree
OleTranslateAccelerator
HBITMAP_UserMarshal
CreateObjrefMoniker
HENHMETAFILE_UserUnmarshal
CoTaskMemRealloc
CoCreateInstance
IIDFromString
CoCreateObjectInContext
OleCreateLinkToFile
OleCreateFromFile
CoUninitialize
CoInitialize
CoGetCurrentProcess
CoGetClassObject
CoFreeUnusedLibraries
HDC_UserMarshal
DcomChannelSetHResult
CoTaskMemFree
CoTaskMemAlloc
CoResumeClassObjects
CoRegisterClassObject
CoInitializeEx

oleaut32

SafeArrayRedim
VarDateFromStr
VarCyFromR8
VarCyFromDisp
VarBstrFromDisp
VarDateFromI1
SysReAllocString
QueryPathOfRegTypeLi
CreateDispTypeInfo
VarI4FromR8
LPSAFEARRAY_Marshal
VarI1FromR8
VarPow
SafeArrayCreateEx
SafeArrayGetVartype
VarCySu
VarI2FromUI4
VarI4FromI2

rpcrt4

RpcAsyncGetCallStatus
NdrConformantVaryingStructUnmarshall
NdrXmitOrRepAsMemorySize
I_RpcTransConnectionAllocatePacket
RpcMgmtWaitServerListen
NdrNonEncapsulatedUnionUnmarshall
RpcSmDestroyClientContext
NdrMesTypeAlignSize
NdrByteCountPointerBufferSize
NdrClearOutParameters
RpcBindingFree
I_RpcDeleteMutex
NdrConformantArrayMarshall
NdrRpcSsDefaultAllocate
RpcServerInqDefaultPrincNameA
RpcServerUseProtseqA
RpcSsSetThreadHandle
NdrByteCountPointerFree
RpcNetworkInqProtseqsW

shell32

CheckEscapesW
SHGetFolderPathW
ShellExecuteEx
SHAddToRecentDocs
SHQueryRecycleBinW

Exports

Exports

Flcipqoavrx

Sections

.text
Size: 434KB - Virtual size: 434KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

436d587bbb71a351fc1a4f993c5591d5

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 434KB - Virtual size: 434KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 56KB - Virtual size: 68KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 434KB - Virtual size: 434KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 56KB - Virtual size: 68KB

.reloc
Size: 16KB - Virtual size: 15KB