df2635d27a0d361a13aafd5436828347ec741cfee9aed5682d9ca4d79fc461a4

Sharing

Copy URL

Twitter E-mail

General

Target

df2635d27a0d361a13aafd5436828347ec741cfee9aed5682d9ca4d79fc461a4
Size

856KB
MD5

4b4e79ce19be952c7d9d47e218264b80
SHA1

162aebbc442b16ba8f72bf81a26c9e575f8ab735
SHA256

df2635d27a0d361a13aafd5436828347ec741cfee9aed5682d9ca4d79fc461a4
SHA512

ffd4dd0926ea22e826474b10558abc4eaef3a7cd2fa0c6ab4340a80d62cf808cbe82215587b949fe61206ca8c69986ff6be1338f29bc039a41cd2ab48d936f5d
SSDEEP

24576:wc8MdVW+nCwzgP5oDe6g/eBuXNTtppaTW:wchkczgPmDjU79Ttpt

Score

N/A

Malware Config

Signatures

Files

df2635d27a0d361a13aafd5436828347ec741cfee9aed5682d9ca4d79fc461a4
.exe windows x86

715d104a222a687a47c1d1ade4908be3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

netapi32

NetGroupGetInfo
DsRoleFreeMemory
NetSessionDel
NetRemoteTOD
NetShareEnum
NetShareSetInfo
NetUserDel
NetUserAdd
NetapipBufferAllocate
NetServerDiskEnum
NetShareCheck
DsRoleGetPrimaryDomainInformation
NetLocalGroupGetMembers
NetGroupGetUsers
NetUserSetInfo
NetLocalGroupAddMembers
NetConnectionEnum
NetSessionEnum
NetFileEnum

mscms

GetColorProfileHeader
CloseColorProfile
EnumColorProfilesA
UninstallColorProfileW
InternalGetPS2ColorSpaceArray
EnumColorProfilesW
OpenColorProfileA
DeleteColorTransform
InstallColorProfileW
GetColorDirectoryW
GetColorProfileElement
TranslateColors

crypt32

CertFreeCertificateContext

gdi32

CreateScalableFontResourceA
CopyMetaFileA
SetMagicColors
OffsetRgn
UpdateColors
EngUnlockSurface
SetPaletteEntries
GdiAlphaBlend
GetBkMode
CreateEnhMetaFileW
OffsetWindowOrgEx
StartPage
ResetDCW
GetRandomRgn
CreateRectRgnIndirect
EngPaint
GetEnhMetaFilePaletteEntries
GetBkColor
SetDCPenColor
GetEnhMetaFileDescriptionA
SetWinMetaFileBits
GetCharWidth32W

advapi32

RegisterServiceCtrlHandlerExW
WmiCloseBlock
RegSetValueW
InstallApplication
SystemFunction004
InitializeSecurityDescriptor
CryptGetKeyParam
UpdateTraceW
CryptGetHashParam
EncryptFileW
AdjustTokenPrivileges
LsaRemoveAccountRights
LsaSetSecret
SetNamedSecurityInfoA
ReportEventA
DeleteAce
LookupAccountNameW
CommandLineFromMsiDescriptor
GetKernelObjectSecurity
InitializeSid
RegCreateKeyW
SystemFunction008
CryptEnumProvidersA
RegisterEventSourceW
StartServiceW
AreAnyAccessesGranted
SetSecurityInfo
GetSidSubAuthority
RegOpenUserClassesRoot

kernel32

CreateFileW
SetEnvironmentVariableW
SetCurrentDirectoryA
GlobalLock
CreateThread
CreateNamedPipeA
CommConfigDialogW
SetConsoleOS2OemFormat
SetEndOfFile
SearchPathW
GetACP
GetTimeFormatA
GlobalMemoryStatus
Toolhelp32ReadProcessMemory
MapViewOfFile
UnlockFile
Thread32First
FormatMessageW
GetTempPathW
VirtualAlloc
RemoveDirectoryW
SetCommConfig
DeleteFileW
GetCommConfig
GetWriteWatch
GetSystemDirectoryW
FindResourceExW
VirtualAllocEx
CreateFileA
LoadLibraryA

msvcrt

_wgetcwd
fputs
_mbscspn
_wsystem
__set_app_type
_Gettnames
_wcsicmp
wprintf
longjmp
_expand
memmove
_wsetlocale
_mbslen
__initenv
_ismbcalnum
atol
abs
_ui64tow
__isascii
__lconv_init
clearerr
srand
setbuf
_CIcos
getenv
_snwprintf
??1exception@@UAE@XZ
_XcptFilter

ole32

HBITMAP_UserMarshal
CoLockObjectExternal
ReadFmtUserTypeStg
HPALETTE_UserMarshal
CoInitializeSecurity
CoFileTimeToDosDateTime
OleCreateFromData
HMENU_UserSize
CreateOleAdviseHolder
CreateILockBytesOnHGlobal
OleLockRunning
HWND_UserMarshal
CoGetTreatAsClass
OleRegGetMiscStatus
HBITMAP_UserSize
ReadClassStm
OleRegGetUserType

Sections

.data
Size: 1024B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 138KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 143KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 82KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 245KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 82KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

715d104a222a687a47c1d1ade4908be3

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

mscms

crypt32

gdi32

advapi32

kernel32

msvcrt

ole32

Sections

.data Size: 1024B - Virtual size: 480B

.rdata Size: 1024B - Virtual size: 582B

.text Size: 138KB - Virtual size: 553KB

.bss Size: 143KB - Virtual size: 256KB

.rdata Size: 82KB - Virtual size: 89KB

.rdata Size: 245KB - Virtual size: 472KB

INIT Size: 82KB - Virtual size: 146KB

.rsrc Size: 160KB - Virtual size: 159KB

.reloc Size: 3KB - Virtual size: 2KB

.data
Size: 1024B - Virtual size: 480B

.rdata
Size: 1024B - Virtual size: 582B

.text
Size: 138KB - Virtual size: 553KB

.bss
Size: 143KB - Virtual size: 256KB

.rdata
Size: 82KB - Virtual size: 89KB

.rdata
Size: 245KB - Virtual size: 472KB

INIT
Size: 82KB - Virtual size: 146KB

.rsrc
Size: 160KB - Virtual size: 159KB

.reloc
Size: 3KB - Virtual size: 2KB