a16479202479dada2780574dca7d08c42f51599fee12df34a21bb3352d2ec5d7

Sharing

Copy URL Twitter E-mail

General

Target

a16479202479dada2780574dca7d08c42f51599fee12df34a21bb3352d2ec5d7
Size

97KB
MD5

c31c40ff7805126165edc5437d0d5a50
SHA1

c4d34700316ab90e325baa142ef31eae864985c7
SHA256

a16479202479dada2780574dca7d08c42f51599fee12df34a21bb3352d2ec5d7
SHA512

769a844ef88a3e568a3e96aa35fc03b5fde6069252528996396bbe2404d4a9e7955f156b05fa2080a4864eb9052b37395053cf25127e4a3a9fbef32b62cc84ee
SSDEEP

1536:yvPejsR9FApxTtXSvBdUEiTUFH6LmgkwIub4AkCiiCKSBlyRQZFeo:s3AFXSv+T2snbpii8B2no

Score

N/A

Malware Config

Signatures

Files

a16479202479dada2780574dca7d08c42f51599fee12df34a21bb3352d2ec5d7
.dll windows x86

74aaf7bb605ea6664ab53f5ba61e1042

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateNamedPipeW
InterlockedCompareExchange
FreeLibrary
HeapCreate
HeapFree
HeapAlloc
InitializeCriticalSection
ExpandEnvironmentStringsW
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
LocalFree
CancelIo
UnhandledExceptionFilter
SetErrorMode
SetConsoleCtrlHandler
SetProcessShutdownParameters
GetExitCodeThread
lstrcmpiW
ExitThread
ReleaseMutex
CreateMutexW
GetDriveTypeW
Sleep
GetCurrentDirectoryW
GetOverlappedResult
WaitForMultipleObjects
GetComputerNameW
ConnectNamedPipe
TransactNamedPipe
WriteFile
GetModuleHandleW
CreateEventW
SetEvent
ResetEvent
DeviceIoControl
CreateFileW
lstrlenA
lstrlenW
DisableThreadLibraryCalls
GetModuleHandleA
QueryPerformanceCounter
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetCurrentThread

user32

wsprintfW

advapi32

RevertToSelf
RegSetValueExW
RegDeleteKeyW
ConvertSidToStringSidW
LogonUserExW
RegNotifyChangeKeyValue
SetServiceStatus
RegGetKeySecurity
GetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
AddAce
SetSecurityDescriptorDacl
OpenThreadToken
GetTokenInformation
RegCloseKey
RegQueryValueExW
InitiateSystemShutdownExW
RegOpenKeyExW
RegCreateKeyW

msvcrt

wcscat
wcslen
time
memmove
free
wcscspn
wcscpy
wcsncpy
malloc
_itoa_s
wcschr

rpcrt4

RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
RpcEpResolveBinding
RpcBindingFromStringBindingW
RpcAsyncCompleteCall
RpcAsyncInitializeHandle
RpcServerListen
RpcMgmtStopServerListening
RpcServerUnregisterIf
RpcServerRegisterIf
RpcRevertToSelf
RpcImpersonateClient
RpcStringBindingParseW
RpcStringFreeW
RpcBindingFree
RpcServerUseProtseqEpW
RpcBindingToStringBindingW

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74aaf7bb605ea6664ab53f5ba61e1042

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

rpcrt4

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 11KB - Virtual size: 75KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 11KB - Virtual size: 75KB

.rsrc
Size: 17KB - Virtual size: 17KB