a236912a7d70442e2b79685646a83c0ed7b58d91af2c857e6782c7dec5c70afd

Sharing

Copy URL Twitter E-mail

General

Target

a236912a7d70442e2b79685646a83c0ed7b58d91af2c857e6782c7dec5c70afd
Size

1.2MB
MD5

79c43fbe24e0fddabe7a7488054a9f49
SHA1

969042808ef0e99c2db5eaca2ce176bddbaa338a
SHA256

a236912a7d70442e2b79685646a83c0ed7b58d91af2c857e6782c7dec5c70afd
SHA512

d9a3d3c60c87eefc11c973beaf873fccf6641790fd63bb0f7c5f39c7029153069c76752acf7b68ff68aa9e1f6a42672122869437314d4225a089c5ad43da25c3
SSDEEP

24576:rSgTU8ZoiPkhSoyU6gmpTj6JjmBoOKllM4G0tD9OxLLvRYMMytQSdti3bU:rURi8Nx6gGTj2jmBTKv38LLZYMHtLgU

Score

N/A

Malware Config

Signatures

Files

a236912a7d70442e2b79685646a83c0ed7b58d91af2c857e6782c7dec5c70afd
.exe windows x86

8542032b7fe882430d9e1d3ee31dde56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileW
CompareStringW
GetComputerNameExW
GetConsoleOutputCP
ReadConsoleW
SetConsoleMode
GetConsoleMode
PeekConsoleInputW
GetModuleFileNameW
SetLastError
WriteFile
WriteConsoleW
GetTimeZoneInformation
LocalReAlloc
GetComputerNameA
GetFileType
SetLocalTime
GetProfileStringW
GetCommandLineW
GetStdHandle
SetThreadLocale
GetSystemDefaultLangID
GetCPInfo
GetTimeFormatW
GetSystemTime
WideCharToMultiByte
GetComputerNameW
GlobalAlloc
GlobalFree
Sleep
lstrlenW
GetFileAttributesW
SetConsoleCtrlHandler
OpenFile
ExpandEnvironmentStringsA
lstrlenA
LocalAlloc
CreateEventA
InterlockedIncrement
FreeLibrary
GetProcAddress
LoadLibraryW
InterlockedDecrement
CloseHandle
WaitForSingleObject
GetLastError
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
UnhandledExceptionFilter
SearchPathW
QueryPerformanceCounter
LocalFree
ResetEvent
CreateTimerQueueTimer
CreateTimerQueue
CreateThread
lstrcmpiW
QueueUserAPC
SleepEx
DeleteTimerQueueTimer
VerSetConditionMask
VerifyVersionInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetOEMCP
GetModuleHandleW
SetVolumeMountPointW
FindNextVolumeW
FindVolumeClose
lstrcatW
ExitThread
ResumeThread
DeleteVolumeMountPointW
IsBadCodePtr
lstrcpyA
IsBadWritePtr
LoadLibraryA
GetVolumeNameForVolumeMountPointW
SetEndOfFile
SetFilePointerEx
TerminateThread
FindFirstVolumeW
HeapAlloc
GetProcessHeap
HeapFree
QueryDosDeviceW
DeviceIoControl
CreateFileW
DefineDosDeviceW
GetDriveTypeW
lstrcmpiA
lstrcmpW
CreateEventW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
IsBadStringPtrW
IsBadReadPtr
lstrcpyW
MultiByteToWideChar

user32

RegisterDeviceNotificationW
UnregisterDeviceNotification
CharToOemW
wsprintfW
LoadStringW
LoadIconW
LoadCursorW
DestroyWindow
DefWindowProcW
ShowWindow
CreateWindowExW

advapi32

AllocateAndInitializeSid
GetAce
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
EqualSid
GetSidLengthRequired
CopySid
GetSidSubAuthority
RegOpenKeyW
IsTextUnicode
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegDeleteKeyW
RegOpenKeyExA
InitiateSystemShutdownExW
RegLoadKeyW
ReportEventW
RegOpenKeyA
RegQueryValueExA
LookupPrivilegeValueW
PrivilegeCheck
IsValidSid
FreeSid
OpenProcessToken
SetServiceStatus
StartServiceCtrlDispatcherW
RegDeleteValueW
GetServiceKeyNameW
QueryServiceStatus
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
OpenThreadToken
LookupAccountSidW
RegSetValueExW
RegCreateKeyExW
GetSecurityDescriptorDacl

ole32

CoSuspendClassObjects
CoRevertToSelf
CoTaskMemAlloc
CoSetProxyBlanket
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx

msvcrt

iswctype
putchar
fputs
wcscat
wcschr
exit
wcslen
getchar
wcscmp
memmove
malloc
calloc
wcsrchr
srand
rand
wcsncat
realloc
sprintf
setlocale
qsort
wcsspn
wcscpy
wcsncmp
wcsncpy
fread
wcstod
fwprintf
fprintf
wprintf
vswprintf
free
vfwprintf
swprintf
wcsstr
towupper
fclose
fopen
printf
strstr

secur32

GetUserNameExW

setupapi

SetupDiOpenDeviceInterfaceW
SetupDiGetClassDevsExW
SetupDiGetClassDevsW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiCreateDeviceInfoList
SetupDiOpenDevRegKey
SetupDiEnumDeviceInterfaces

rpcrt4

RpcStringFreeW
RpcServerUseProtseqEpW
UuidCreate
RpcImpersonateClient
RpcRevertToSelf
RpcServerRegisterAuthInfoW
RpcServerRegisterIf
RpcServerListen
RpcBindingInqAuthClientW
UuidEqual
RpcBindingFree
RpcStringBindingComposeW
RpcAsyncCompleteCall
UuidFromStringW
RpcMgmtStopServerListening
RpcServerUnregisterIf

rasapi32

RasHangUpA
RasFreeEapUserIdentityA
RasDialA
RasGetErrorStringA
RasGetConnectStatusA
RasEnumConnectionsA

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8542032b7fe882430d9e1d3ee31dde56

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

msvcrt

secur32

setupapi

rpcrt4

rasapi32

Sections

.text Size: 176KB - Virtual size: 174KB

.idata Size: 8KB - Virtual size: 7KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 104KB - Virtual size: 2.6MB

.rsrc Size: 28KB - Virtual size: 24KB

.text
Size: 176KB - Virtual size: 174KB

.idata
Size: 8KB - Virtual size: 7KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 104KB - Virtual size: 2.6MB

.rsrc
Size: 28KB - Virtual size: 24KB