f098b7bf79be93b80209c80be2686ade72cd54d0949b3285e6e051ac648b3ea8

Sharing

Copy URL Twitter E-mail

General

Target

f098b7bf79be93b80209c80be2686ade72cd54d0949b3285e6e051ac648b3ea8
Size

416KB
MD5

8b8806a7c3b0017aa377995bb30ecb7e
SHA1

41429d865862e87300267c1f010ef591063f0176
SHA256

f098b7bf79be93b80209c80be2686ade72cd54d0949b3285e6e051ac648b3ea8
SHA512

878b3ee3c939864c41fc252e6401d13cb7dd001b8ab61c33e8dc86be9dd5a03efab0ce6f478caef8ef04cf25677034164b93b179ea652a90d7029a653a838b12
SSDEEP

6144:NpU/1wh3SWIPChKLXDy0ITjuF9VE82ROaAkHieVwnb9q36MZT:e1wkWIPbDyXTjuzM+kHiJn7YT

Score

N/A

Malware Config

Signatures

Files

f098b7bf79be93b80209c80be2686ade72cd54d0949b3285e6e051ac648b3ea8
.exe windows x86

6a0867ffc690794b54140073db11642d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcBindingFree
NdrClientCall2
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
ExpandEnvironmentStringsForUserW

winsta

WinStationFreeMemory
WinStationEnumerateW
WinStationQueryInformationW

kernel32

CreateDirectoryW
GetSystemWindowsDirectoryW
LoadLibraryExW
GetSystemDirectoryW
CloseHandle
GetCurrentThreadId
GetCurrentProcessId
LocalFree
GetCurrentThread
HeapFree
GetProcessHeap
DuplicateHandle
GetCurrentProcess
ProcessIdToSessionId
GetVersionExW
OpenProcess
FreeLibrary
GetLastError
GetProcAddress
DisconnectNamedPipe
WriteFile
GetOverlappedResult
WaitForMultipleObjects
ReadFile
ResetEvent
CreateEventW
SetEvent
ConnectNamedPipe
WaitForSingleObject
CreateNamedPipeW
HeapAlloc
LeaveCriticalSection
EnterCriticalSection
CreateThread
DeleteCriticalSection
InitializeCriticalSection
CreateMutexW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
LocalAlloc
GetTempPathW
DisableThreadLibraryCalls

user32

GetUserObjectInformationW
OpenWindowStationW
CloseWindowStation

advapi32

FreeSid
AllocateAndInitializeSid
GetSecurityDescriptorDacl
AccessCheck
AddAccessDeniedAce
DuplicateToken
GetLengthSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CreateProcessAsUserW
GetSecurityInfo
ImpersonateNamedPipeClient
OpenThreadToken
RevertToSelf
SetNamedSecurityInfoW

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 2KB - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ik
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ocode
Size: 2KB - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mcode
Size: 2KB - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kpack
Size: 2KB - Virtual size: 46B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.kpack0
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.oaks0
Size: 2KB - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gbd
Size: 2KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 2KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 394B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a0867ffc690794b54140073db11642d

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

userenv

winsta

kernel32

user32

advapi32

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 100KB - Virtual size: 98KB

.data Size: 2KB - Virtual size: 1KB

.tls Size: 96KB - Virtual size: 94KB

.ndata Size: 2KB - Virtual size: 328B

.ik Size: 96KB - Virtual size: 94KB

.ocode Size: 2KB - Virtual size: 46B

.mcode Size: 2KB - Virtual size: 46B

.kpack Size: 2KB - Virtual size: 46B

.kpack0 Size: 96KB - Virtual size: 94KB

.oaks0 Size: 2KB - Virtual size: 162B

.gbd Size: 2KB - Virtual size: 48B

.CRT Size: 2KB - Virtual size: 12B

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 2KB - Virtual size: 394B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 100KB - Virtual size: 98KB

.data
Size: 2KB - Virtual size: 1KB

.tls
Size: 96KB - Virtual size: 94KB

.ndata
Size: 2KB - Virtual size: 328B

.ik
Size: 96KB - Virtual size: 94KB

.ocode
Size: 2KB - Virtual size: 46B

.mcode
Size: 2KB - Virtual size: 46B

.kpack
Size: 2KB - Virtual size: 46B

.kpack0
Size: 96KB - Virtual size: 94KB

.oaks0
Size: 2KB - Virtual size: 162B

.gbd
Size: 2KB - Virtual size: 48B

.CRT
Size: 2KB - Virtual size: 12B

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 2KB - Virtual size: 394B