aac5c57f74c8a9111077a7e79068a3e79bc549c69c4c7f75d5cbfbd6926735da

Sharing

Copy URL Twitter E-mail

General

Target

aac5c57f74c8a9111077a7e79068a3e79bc549c69c4c7f75d5cbfbd6926735da
Size

865KB
MD5

801484838e19e9088108482264789aab
SHA1

1dcc65443cdc1dea0a58dda8e327a8ae9602bc1a
SHA256

aac5c57f74c8a9111077a7e79068a3e79bc549c69c4c7f75d5cbfbd6926735da
SHA512

747551979163bc850709d1f05bd2fee3aee0f232abf73b5eaa0ab22b0a8557478f5cdcf8cbf4fd28ae61bc8a2af1daa52d3a0412b044c7b7dc360c0916ff7cb2
SSDEEP

24576:43eYvLMQvHUW28T3eBV+t8rGx5wbV8JRvD6olT:431LLvjT3TergVRvxlT

Score

N/A

Malware Config

Signatures

Files

aac5c57f74c8a9111077a7e79068a3e79bc549c69c4c7f75d5cbfbd6926735da
.exe windows x86

78ee403124763f6a4db60bade126deda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

duser

SetActionTimeslice
DUserSendEvent
DUserGetRotatePRID
InvalidateGadget
UtilDrawBlendRect
DllMain
GetGadgetProperty
SetGadgetStyle
DrawGadgetTree
PeekMessageExW
DUserInstanceOf
DeleteHandle
UnregisterGadgetMessageString
DUserGetGutsData
GetStdColorName
UtilGetColor
SetGadgetRootInfo
DUserDeleteGadget
DUserRegisterSuper
EnumGadgets
SetGadgetRect
SetGadgetCenterPoint
GetGadgetRootInfo
LookupGadgetTicket
DUserFindClass
DUserPostEvent
DUserCastDirect
InitGadgets
GetGadgetTicket
GetGadgetScale
PeekMessageExA
GetGadgetSize
GetStdColorPenF
SetGadgetRotation
SetGadgetProperty
DUserSendMethod
InitGadgetComponent
DUserCastHandle
DUserGetRectPRID
SetGadgetFocus
GetGadget
GetMessageExW
BuildAnimation

kernel32

WriteConsoleInputW
GetFileAttributesExA
LCMapStringA
SetConsoleOS2OemFormat
GetCalendarInfoA
SetHandleContext
GetConsoleTitleA
VirtualAlloc
OutputDebugStringA
ReplaceFile
lstrcmp
SetCommState
GetSystemTime
ClearCommError
GlobalWire
SetVolumeMountPointA
FlushViewOfFile
VDMOperationStarted
AddLocalAlternateComputerNameA
LockResource
MapUserPhysicalPages
CreateMutexA
RegisterConsoleOS2
GetFileTime
GetConsoleCP
CreateProcessInternalW
LoadLibraryA
GetACP
GetEnvironmentStringsW
GetProcAddress
SetProcessPriorityBoost
GetVolumePathNameW
EnumTimeFormatsA
UTUnRegister
AttachConsole
WritePrivateProfileStringW
RemoveVectoredExceptionHandler
EnumDateFormatsW
ReadConsoleOutputCharacterW
SetCalendarInfoA
GetAtomNameW
GetStringTypeW
SetConsoleInputExeNameA
GetOEMCP
RtlCaptureStackBackTrace

advapi32

SystemFunction029
ElfNumberOfRecords
TraceMessage
QueryServiceObjectSecurity
RegQueryValueA
GetEffectiveRightsFromAclA
ConvertStringSidToSidW
ObjectCloseAuditAlarmW
WmiMofEnumerateResourcesW
IsTokenUntrusted
AdjustTokenGroups
ElfOpenEventLogW
SystemFunction031
RegisterEventSourceW
SystemFunction005
RegSetValueW
LsaICLookupNames
CredUnmarshalCredentialA
CryptDestroyKey
GetInformationCodeAuthzPolicyW
I_ScPnPGetServiceName
LsaLookupSids
AllocateAndInitializeSid
AccessCheckByTypeResultListAndAuditAlarmA
SystemFunction026

crtdll

_mbsspnp
__argc_dll
isalpha
_errno
_fileno
wprintf
fgets
_mbsncpy
printf
_lsearch
labs
_strrev
iswlower
wcsspn
_scalb
_ismbcupper
_cwait
perror
vwprintf
_daylight_dll
time
tanh
_wcsupr
_y0
memcmp
_fcloseall
ftell
_cgets
_kbhit
strlen
_fileinfo_dll
abort
_local_unwind2
isalnum
_purecall
_mbsncat
_fpclass
setlocale
_mbsset
_cprintf
_controlfp
pow
_strupr
_c_exit
wcsstr
fputc
strncat
_mbccpy
_locking
_filelength
_mbctombb
vprintf
swprintf
_getdcwd
_itow
_tell
putc
cosh
_wcsicmp
wcstol
tmpnam
_creat
_CItan
_cabs
swscanf
_snwprintf
_ismbbkana

wldap32

ldap_add_extA
ldap_value_freeA
ldap_add_sW
ldap_get_values_len
ldap_simple_bind_s
ldap_count_references
ldap_compareW
LdapGetLastError
ldap_get_next_page
ldap_bindW
ldap_set_dbg_routine
ldap_get_optionA
ldap_ufn2dnA
ldap_escape_filter_element
ldap_check_filterA
ldap_modify_ext_sW
ldap_sasl_bindW
ldap_delete_extA
ldap_modify_ext_s
ldap_count_values_len
ldap_delete_ext_sA
ber_flatten
ldap_modify_ext_sA
ldap_sslinitW
ldap_compare
ldap_compare_ext_sW
ldap_controls_free
ldap_free_controlsW
ldap_simple_bindA
ldap_search_abandon_page
ldap_next_entry
LdapMapErrorToWin32
ldap_delete_ext
ldap_extended_operationA

ntdll

RtlUpcaseUnicodeString
RtlGetCompressionWorkSpaceSize
ZwSetUuidSeed
RtlGetSaclSecurityDescriptor
DbgUserBreakPoint
_wcsicmp
RtlAreBitsSet
RtlGetFrame
ZwOpenSemaphore
RtlAddAccessDeniedObjectAce
NtAreMappedFilesTheSame
RtlInitializeGenericTableAvl
RtlUnicodeStringToAnsiString
NtEnumerateKey
NtCreateSemaphore
RtlLockHeap
NtTerminateJobObject
ZwNotifyChangeKey
RtlGetVersion
RtlFindMessage
NtOpenEventPair
ZwAccessCheckByTypeResultListAndAuditAlarm
RtlUnicodeToOemN
RtlGUIDFromString
RtlStringFromGUID
_allmul
RtlAddAce
NtInitializeRegistry
ZwMakeTemporaryObject
NtLoadKey
NtQueryInformationThread
RtlCaptureStackBackTrace
NtSetLowEventPair
memcmp
NtUnloadKey
ZwUnmapViewOfSection

Sections

.text
Size: 377KB - Virtual size: 377KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78ee403124763f6a4db60bade126deda

Headers

DLL Characteristics

File Characteristics

Imports

duser

kernel32

advapi32

crtdll

wldap32

ntdll

Sections

.text Size: 377KB - Virtual size: 377KB

.rdata Size: 170KB - Virtual size: 170KB

.data Size: 313KB - Virtual size: 1.8MB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 1024B - Virtual size: 1024B

.text
Size: 377KB - Virtual size: 377KB

.rdata
Size: 170KB - Virtual size: 170KB

.data
Size: 313KB - Virtual size: 1.8MB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 1024B - Virtual size: 1024B