c177b0486474475947f2282c8a9ad84ea60e599ac7e92456798bf970ff633a16

Sharing

Copy URL Twitter E-mail

General

Target

c177b0486474475947f2282c8a9ad84ea60e599ac7e92456798bf970ff633a16
Size

416KB
MD5

99ebe0ffcf184270a32302578260e750
SHA1

4c12dcd0b6ac5602d4094400bc105a87071b7158
SHA256

c177b0486474475947f2282c8a9ad84ea60e599ac7e92456798bf970ff633a16
SHA512

ba66335db96a55195dc87f1487c2cdfb19751a096e3265b80ffa30aaf5baca5e1a3e0ea7c2796a5801bee9042aef7b8fe3827fb92a2497b877c210224769fb1d
SSDEEP

3072:zpzyrI1qa5pd5rqYl2eeiHG0Vz3/8lKhkE/ndUuaDODaFsOLi/ilzQNaHvQoi49c:Nt1V0PDbEFD5+hkwldsyG6v+zSGrTv

Score

N/A

Malware Config

Signatures

Files

c177b0486474475947f2282c8a9ad84ea60e599ac7e92456798bf970ff633a16
.dll windows x86

78f39db2dbb85d4b13c2aad927ab8f4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

BuildSecurityDescriptorA
ElfRegisterEventSourceA
I_ScSetServiceBitsW
RegCloseKey
RegOpenKeyExA
RegOpenUserClassesRoot
RegQueryValueExA
SetEntriesInAuditListA
SystemFunction021
AddUsersToEncryptedFile
ControlService
EncryptionDisable
GetEffectiveRightsFromAclA
GetEventLogInformation
OpenBackupEventLogW
ReadEventLogW
RegOpenKeyA
RegOpenKeyExW
RegSetValueExW
StartServiceA
SystemFunction025
IsTextUnicode
RegQueryValueExW

kernel32

FormatMessageA
GetComputerNameA
GetModuleHandleA
GetProcAddress
GlobalGetAtomNameA
HeapWalk
LoadLibraryA
LocalAlloc
LocalFree
SetEnvironmentVariableA
Sleep
_lopen
lstrlenW
DisableThreadLibraryCalls
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryW
QueryPerformanceCounter
VirtualAlloc
CloseHandle
CreateEventA
CreateThread
EnumDateFormatsExW
EnumSystemCodePagesW
FreeLibraryAndExitThread
GetConsoleAliasExesW
GetLongPathNameW
GetOverlappedResult
GetSystemDirectoryA
GetVolumeNameForVolumeMountPointW
HeapDestroy
InterlockedDecrement
InterlockedIncrement
QueueUserWorkItem
SetHandleCount
SetWaitableTimer
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
AddAtomW
CompareStringW
CreateFileA
CreateMutexA
CreateMutexW
CreateProcessA
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
GetCurrentProcess
GetFileAttributesA
GetFileAttributesW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcessHeap
GetVersion
InterlockedCompareExchange
InterlockedExchange
IsDebuggerPresent
LoadLibraryExA
LoadLibraryExW
MultiByteToWideChar
PostQueuedCompletionStatus
SetFileApisToOEM
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
LCMapStringA
GetLastError
LCMapStringW
GetDriveTypeA
GetFullPathNameA
RtlUnwind
ExitProcess
GetFullPathNameW
GetCPInfo
GetLocalTime
SetLocalTime
GetConsoleCP
ReadConsoleInputA
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
DuplicateHandle
FindFirstFileW
FindNextFileW
DeleteFileW
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetFileType
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetCurrentDirectoryA
SetCurrentDirectoryA
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetTimeZoneInformation
WriteFile
GetStdHandle
SetConsoleCtrlHandler
InitializeCriticalSection
GetExitCodeProcess
RaiseException
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStartupInfoA
CreatePipe
SetStdHandle
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
CompareStringA
SetFilePointer
SetEndOfFile
ReadFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
HeapReAlloc
HeapSize
GetLocaleInfoW
CreateProcessW
FlushFileBuffers
SetEnvironmentVariableW

rpcrt4

NdrFixedArrayMemorySize
NdrStubInitializeMarshall
NdrVaryingArrayMarshall
UuidCreate
CStdStubBuffer_Invoke
NdrComplexArrayMarshall
NdrMesTypeAlignSize
RpcMgmtEpEltInqNextA
NDRSContextUnmarshall2
NdrProxyInitialize
RpcServerUseProtseqEpExA

shell32

RealShellExecuteA
SHLoadInProc
ShellExecuteExA

Exports

Exports

Nqyylpnf

Sections

.text
Size: 304KB - Virtual size: 301KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78f39db2dbb85d4b13c2aad927ab8f4e

Headers

File Characteristics

Imports

advapi32

kernel32

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 304KB - Virtual size: 301KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 48KB - Virtual size: 60KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 304KB - Virtual size: 301KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 48KB - Virtual size: 60KB

.reloc
Size: 16KB - Virtual size: 12KB