c175f2119d1db5e982a28f7e9c9bda3c72dc2012ac19ca1029c47fac22759728

Sharing

Copy URL

Twitter E-mail

General

Target

c175f2119d1db5e982a28f7e9c9bda3c72dc2012ac19ca1029c47fac22759728
Size

82KB
MD5

d325e8d033b4ec782dbba534eb01c34f
SHA1

375b5e317b3e88b7d249026cfc9ad4358e56f8b1
SHA256

c175f2119d1db5e982a28f7e9c9bda3c72dc2012ac19ca1029c47fac22759728
SHA512

c3f75007e08cd763bf413f0e61e453c701d08f3aaecaccef55ef4b7d0fdb2067c24dcaea21a0d450d80c05fe6f8d91a78483e4d8072b858a4ccd103a1ab3c7ed
SSDEEP

1536:0n0Rqb9ejftv7nBS1dn30qlgoA1hoT9tXzcuF1DZNMP:0n+W9ejBn8/Zyo6hatXzBPMP

Score

N/A

Malware Config

Signatures

Files

c175f2119d1db5e982a28f7e9c9bda3c72dc2012ac19ca1029c47fac22759728
.exe windows x86

6d30d0a6b9e31d6a9294d6274ff46be1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlSubAuthoritySid
RtlSubAuthorityCountSid
RtlInitUnicodeString
NtQuerySystemTime
RtlIdentifierAuthoritySid
RtlNtStatusToDosError

dsprop

ADsPropSetHwndWithTitle
ADsPropSendErrorMessage
FindSheet
ADsPropShowErrorDialog
ADsPropCreateNotifyObj
ADsPropSetHwnd
ADsPropGetInitInfo

ntdsapi

DsBindW
DsIsMangledDnW
DsCrackSpn3W
DsFreeNameResultW
DsUnBindW
DsCrackNamesW

user32

MessageBoxW
MoveWindow
LoadIconW
IsWindow
GetDesktopWindow
SetForegroundWindow
BeginPaint
GetDlgCtrlID
DialogBoxParamW
EnableWindow
GetParent
ScrollWindow
GetSystemMetrics
FindWindowExW
UpdateWindow
OffsetRect
WinHelpW
GetWindowLongW
wsprintfW
DrawIcon
SetWindowContextHelpId
GetDlgItem
SetDlgItemTextW
GetScrollInfo
GetDlgItemTextW
DestroyWindow
MessageBoxA
GetWindow
SendMessageW
ReleaseDC
IsWindowEnabled
SendDlgItemMessageW
GetWindowTextLengthW
SetCursor
SetScrollInfo
GetDC
GetWindowTextW
EndDialog
CallWindowProcW
FrameRect
GetSysColorBrush
SetScrollPos
GetClientRect
SystemParametersInfoW
SetWindowTextW
MessageBeep
CreateWindowExW
MapWindowPoints
CheckDlgButton
MapDialogRect
RegisterClipboardFormatW
LoadStringW
SetScrollRange
SetWindowLongW
IsDlgButtonChecked
LoadCursorW
RegisterClassW
ScreenToClient
GetSysColor
RegisterWindowMessageW
DrawFocusRect
PostMessageW
DefWindowProcW
SetFocus
SetWindowPos
LoadBitmapW
GetWindowThreadProcessId
GetWindowRect
InflateRect
ShowWindow
CheckRadioButton
DestroyIcon
EndPaint

msvcrt

_wtoi
_wtol
srand
rand
mbstowcs
__dllonexit
wcsstr
wcscpy
vswprintf
_except_handler3
_wcsupr
time
wcsncpy
wcsncat
_wcsnicmp
wcstoul
swscanf
isalnum
wcstok
_onexit
__CxxFrameHandler
malloc
_initterm
wcslen
_vsnwprintf
wcscmp
wcscat
swprintf
free
printf
wcsrchr
iswdigit
wcschr
_purecall
memmove
isdigit
wcspbrk
_wcsicmp
strchr
iswxdigit
iswspace
_adjust_fdiv

cryptui

CryptUIDlgSelectCertificateW
CryptUIDlgViewCertificateW

shell32

SHGetFolderPathW

kernel32

lstrcmpiW
LoadLibraryW
InterlockedDecrement
CloseHandle
DisableThreadLibraryCalls
GetDateFormatW
FormatMessageW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
Sleep
GlobalUnlock
WideCharToMultiByte
InterlockedIncrement
OpenThread
QueryPerformanceCounter
GetTimeFormatW
TerminateProcess
FreeLibrary
GlobalLock
GetLastError
IsBadWritePtr
GetModuleHandleW
SystemTimeToFileTime
GetProcAddress
GetCurrentThreadId
WriteFile
lstrcpyW
CreateDirectoryW
GetWindowsDirectoryW
LoadLibraryExW
GetTickCount
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
DnsHostnameToComputerNameW
IsBadReadPtr
GetSystemTime
TzSpecificLocalTimeToSystemTime
VirtualAlloc
ReadFile
LocalAlloc
GetCurrentProcess
LocalFree
lstrlenW
lstrcmpW
MultiByteToWideChar
GetCurrentProcessId
FileTimeToLocalFileTime
SetLastError
FileTimeToSystemTime
GetFileSize
lstrlenA
GlobalAlloc
SetUnhandledExceptionFilter
GetSystemDirectoryW
CreateFileW

cabview

DllGetClassObject

cmdial32

AutoDialFunc

crypt32

CertFindCertificateInStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CryptDecodeObject
CertEnumSystemStore
CertCloseStore
CertSaveStore
CertDuplicateCertificateContext
CertGetNameStringW
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CertOpenStore
CertDuplicateStore
CryptFindOIDInfo
CertControlStore
CertGetEnhancedKeyUsage
CryptQueryObject
CertAddCertificateContextToStore

dnsapi

DnsNameCompareEx_W

credui

CredUIInitControls
CredUIParseUserNameW

adsnw

DllGetClassObject

shlwapi

PathAppendW
PathIsUNCServerShareW

advapi32

InitializeAcl
OpenServiceW
LsaQueryTrustedDomainInfoByName
GetExplicitEntriesFromAclW
BuildTrusteeWithSidW
GetLengthSid
GetSecurityDescriptorLength
OpenSCManagerW
LsaSetForestTrustInformation
EqualSid
LogonUserW
GetSidIdentifierAuthority
RegDeleteKeyW
LsaLookupSids
GetSidSubAuthorityCount
LsaClose
SystemFunction040
GetSidLengthRequired
LsaFreeMemory
LsaDelete
AllocateAndInitializeSid
LsaOpenTrustedDomainByName
RevertToSelf
LsaNtStatusToWinError
RegQueryValueExW
LsaQueryTrustedDomainInfo
SetNamedSecurityInfoW
BuildTrusteeWithObjectsAndSidW
CloseServiceHandle
GetSecurityDescriptorDacl
SetEntriesInAclW
GetSidSubAuthority
LsaOpenTrustedDomain
LsaQueryForestTrustInformation
EqualPrefixSid
CryptGenRandom
InitializeSecurityDescriptor
RegSetValueExW
LsaCreateTrustedDomainEx
LsaOpenPolicy
FreeSid
GetNamedSecurityInfoW
ImpersonateAnonymousToken
IsValidSid
CryptAcquireContextW
MakeSelfRelativeSD
LsaQueryInformationPolicy
ImpersonateLoggedOnUser
CryptReleaseContext
LsaRetrievePrivateData
LsaSetTrustedDomainInfoByName
GetSecurityDescriptorControl
RegOpenKeyExW
RegCloseKey
SystemFunction041
QueryServiceStatus
RegCreateKeyExW

gdi32

SetTextColor
SetBkColor
GetTextExtentPoint32W
DeleteObject
CreatePatternBrush
CreateFontIndirectW
GetDeviceCaps
CreateBitmap

netapi32

I_NetPathType
DsMergeForestTrustInformationW
NetUserModalsGet
NetpNtStatusToApiStatus
NetpParmsQueryUserProperty
NetpParmsSetUserProperty
NetpParmsUserPropertyFree
NetApiBufferFree
DsEnumerateDomainTrustsW
I_NetLogonControl2
DsGetDcNameW
DsGetForestTrustInformationW

ole32

CoMarshalInterThreadInterfaceInStream
StringFromCLSID
CoCreateInstance
StringFromIID
CoGetInterfaceAndReleaseStream
ReleaseStgMedium
CoTaskMemAlloc
CoTaskMemFree

Sections

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d30d0a6b9e31d6a9294d6274ff46be1

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

dsprop

ntdsapi

user32

msvcrt

cryptui

shell32

kernel32

cabview

cmdial32

crypt32

dnsapi

credui

adsnw

shlwapi

advapi32

gdi32

netapi32

ole32

Sections

.text Size: 512B - Virtual size: 420B

.rsrc Size: 50KB - Virtual size: 50KB

.reloc Size: 512B - Virtual size: 28B

.idata Size: 10KB - Virtual size: 10KB

.data Size: - Virtual size: 656KB

.rdata Size: 19KB - Virtual size: 19KB

.text
Size: 512B - Virtual size: 420B

.rsrc
Size: 50KB - Virtual size: 50KB

.reloc
Size: 512B - Virtual size: 28B

.idata
Size: 10KB - Virtual size: 10KB

.data
Size: - Virtual size: 656KB

.rdata
Size: 19KB - Virtual size: 19KB