a681a9f79ee70556c96be7ed35e09e1dc2a9fa372f53079ea3afb44f0f504be7

Sharing

Copy URL Twitter E-mail

General

Target

a681a9f79ee70556c96be7ed35e09e1dc2a9fa372f53079ea3afb44f0f504be7
Size

48KB
MD5

4492b6307eb9a0273b8089c695a598a3
SHA1

5491910a6c43df99ca96d1fabf0413b781666c56
SHA256

a681a9f79ee70556c96be7ed35e09e1dc2a9fa372f53079ea3afb44f0f504be7
SHA512

a8f50b838f12f212837538d4b2359a84fd41d108aa2ef9bc7100b5f9ed2b92031dad597720adb08bfb80a802f827d54abb3eec1ffe482e168f2a97e55fe2392e
SSDEEP

768:bmvtaq1YDdpT/l3l/6fB9Ky6PyuCAEHSjbAmiT6hPbbFjcaLZ2gCcm5pw/G:bmvXYDdlJJ6prnC35hDbFYaTCccpQG

Score

N/A

Malware Config

Signatures

Files

a681a9f79ee70556c96be7ed35e09e1dc2a9fa372f53079ea3afb44f0f504be7
.exe windows x86

5a2627ae6161eae66f92cf418877580d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

isalpha
RtlGetVersion
ZwAccessCheckByType
NtWaitHighEventPair
wcsncmp
wcsncat
_memccpy
RtlAddAccessDeniedObjectAce
RtlTryEnterCriticalSection
RtlInitializeBitMap
RtlDeregisterWaitEx
RtlAllocateHandle
ZwQueryInformationPort
RtlGUIDFromString
NtCreateDirectoryObject
NtLoadKey2
_stricmp
towlower
RtlQueryInformationActivationContext
NtQueryInformationToken
wcscat
NtAssignProcessToJobObject
atan
NtSetThreadExecutionState
NtSetHighEventPair
ZwModifyBootEntry
RtlInitializeResource
NtSetHighWaitLowEventPair
ZwLockVirtualMemory
RtlPopFrame
NtOpenFile
RtlEqualPrefixSid
ZwResetWriteWatch
RtlIpv4StringToAddressA
NtWriteVirtualMemory
NtSetInformationThread
RtlSetAllBits
ZwQueryAttributesFile
ZwQuerySection
NtNotifyChangeDirectoryFile
fabs
RtlAssert
NtQueryPortInformationProcess
NtMakePermanentObject
RtlQueueWorkItem
NtImpersonateClientOfPort
RtlDeleteElementGenericTable
RtlFindLeastSignificantBit
ZwClose
ZwFindAtom
RtlFillMemory
ZwCreateProcessEx
NtOpenProcess
_strlwr
NlsMbOemCodePageTag
NtSaveKeyEx
NtSetContextThread
NtCreatePort

mpr

WNetClearConnections
WNetDisconnectDialog1W
WNetAddConnection3W
WNetGetProviderNameA
WNetGetProviderTypeA
MultinetGetErrorTextW
WNetDisconnectDialog2
WNetAddConnection2W
WNetSetLastErrorW
WNetAddConnectionW
WNetConnectionDialog1A
WNetGetResourceParentA
WNetPropertyDialogA
WNetOpenEnumW
WNetGetProviderNameW
WNetGetConnection3W
MultinetGetConnectionPerformanceW
WNetGetProviderTypeW
WNetGetPropertyTextA
WNetGetSearchDialog
WNetGetResourceParentW
WNetGetUniversalNameW
WNetGetConnection2W
WNetGetConnection3A
WNetGetDirectoryTypeW
WNetGetResourceInformationA
WNetGetResourceInformationW
WNetUseConnectionA
WNetSetConnectionA

resutils

ResUtilFindExpandedSzProperty
ResUtilEnumPrivateProperties
ResUtilVerifyResourceService
ResUtilEnumResourcesEx
ResUtilGetSzValue
ResUtilSetMultiSzValue
ResUtilIsPathValid
ResUtilGetDwordProperty
ResUtilStopService
ResUtilSetPrivatePropertyList
ResUtilFreeEnvironment
ResUtilVerifyService
ResUtilGetCoreClusterResources
ResUtilFindMultiSzProperty
ResUtilGetResourceName
ResUtilGetResourceDependency
ResUtilGetResourceDependencyByName
ClusWorkerTerminate
ResUtilSetResourceServiceEnvironment
ResUtilIsResourceClassEqual
ResUtilVerifyPrivatePropertyList
ResUtilFindLongProperty
ResUtilSetExpandSzValue
ClusWorkerCreate
ResUtilStartResourceService
ResUtilSetBinaryValue
ResUtilGetDwordValue
ResUtilSetResourceServiceStartParameters
ResUtilExpandEnvironmentStrings
ResUtilAddUnknownProperties
ResUtilResourceTypesEqual
ResUtilSetPropertyTable
ResUtilSetSzValue

pdh

PdhRemoveCounter
PdhRelogW
PdhUpdateLogW
PdhGetDefaultPerfObjectW
PdhEnumMachinesW
PdhGetCounterInfoW
PdhExpandCounterPathA
PdhConnectMachineA
PdhTranslate009CounterW
PdhEnumObjectsW
PdhSetCounterScaleFactor
PdhGetLogSetGUID
PdhLookupPerfNameByIndexW
PdhParseCounterPathW
PdhBrowseCountersW
PdhMakeCounterPathA
PdhExpandWildCardPathA
PdhLookupPerfIndexByNameA
PdhVbGetLogFileSize
PdhGetFormattedCounterArrayW
PdhGetLogFileTypeA
PdhUpdateLogFileCatalog
PdhEnumMachinesHW
PdhOpenQuery
PdhGetCounterInfoA
PdhEnumLogSetNamesW
PdhAdd009CounterW
PdhValidatePathA
PdhGetLogFileTypeW
PdhValidatePathW
PdhVbGetCounterPathFromList
PdhParseCounterPathA
PdhExpandWildCardPathW
PdhGetDefaultPerfCounterHW

kernel32

LocalShrink
SetFileAttributesA
QueryMemoryResourceNotification
BeginUpdateResourceA
SetThreadExecutionState
IsSystemResumeAutomatic
IsProcessorFeaturePresent
EnumResourceLanguagesW
GetCommandLineA
UnlockFileEx
GetThreadPriorityBoost
LoadLibraryA
SetConsoleActiveScreenBuffer
GetProcAddress
SetTermsrvAppInstallMode
LZRead
IsValidLanguageGroup
WaitNamedPipeA
GetModuleHandleW
SetLocaleInfoA
CreateMailslotW
CreateDirectoryExW
GetLogicalDrives
CreateRemoteThread
DosPathToSessionPathW
GetPrivateProfileSectionNamesW
VirtualAlloc
GetCurrentProcessId
SetClientTimeZoneInformation
SetConsoleTitleA
GlobalAlloc
GetStartupInfoA

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a2627ae6161eae66f92cf418877580d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

mpr

resutils

pdh

kernel32

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 1KB