7011c3bb01e920e7e7c26093b929c7bb35ab991c882df8e46d582f6026e0febf

Sharing

Copy URL

Twitter E-mail

General

Target

7011c3bb01e920e7e7c26093b929c7bb35ab991c882df8e46d582f6026e0febf
Size

321KB
MD5

3768c3812011768501d868ff54f0d98d
SHA1

e45eabe510097a5cd36f24d5e8b1e69531b37fd8
SHA256

7011c3bb01e920e7e7c26093b929c7bb35ab991c882df8e46d582f6026e0febf
SHA512

174f9654a899f05c8c89c41d97a7ea6afe1e9cc15bd063253fc372c201cca93819adc4ab31917e115857fc1154be6547093bbea2a9e79a406301403dab823986
SSDEEP

6144:6jc6vrLhcAqxz4XzWGUQ4jbfwLATpa0CHUNxMp2/SqnWLI+hpe:6jc6JcAq54D6bCHUAQII+h

Score

N/A

Malware Config

Signatures

Files

7011c3bb01e920e7e7c26093b929c7bb35ab991c882df8e46d582f6026e0febf
.exe windows x64

8708d198ce7e83dc953ea2921dc9589f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_cexit
_exit
_XcptFilter
__C_specific_handler
_initterm
_amsg_exit
__setusermatherr
exit
_fmode
__set_app_type
?terminate@@YAXXZ
_commode
memset
memcpy
_ltow
wcscspn
__getmainargs
_ltow_s
wcschr
_wcslwr
_ultow_s
time
wcsrchr
_vsnwprintf
_wcsnicmp
wcstoul
wcsstr
_wcsicmp
_wtol
wcsncmp
_ultow

rpcrt4

UuidCreate
UuidCreateNil
UuidEqual
RpcServerUnsubscribeForNotification
RpcServerSubscribeForNotification
RpcBindingVectorFree
RpcServerRegisterAuthInfoW
RpcServerInqDefaultPrincNameW
RpcEpRegisterW
RpcStrifgFreeW
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerInqBindings
RpcServerUseProtseqW
RpcServerUseProtseqEpW
I_RpcMapWin32Status
RpcServerInqCallAttributesW
RpcAsyncCompleteCall
RpcRevertToSelf
RpcImpersonateClient
RpcServerInqBindingHandle
I_RpcBindingInqLocalClientPID
I_RpcSessionStrictContextHandle
I_RpcBindingIsClientLocal
NdrServerCall2
NdrAsyncServerCall
UuidFromStringW
RpcBindingFree
RpcServerInqCallAttributesA
RpcServerRegisterIfEx
RpcAsyncAbortCall

sspicli

LogonUserExExW

ntdll

RtlLengthSid
EtwTraceMessage
NtTraceControl
RtlSetLastWin32Error
EtwGetTraceLoggerHandle
RtlInitializeCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtOpenThread
NtQueueApcThread
RtlQueueApcWow64Thread
EvtIntReportEventAndSourceAsync
EtwEventWrite
EtwEventRegister
RtlUnhandledExceptionFilter
RtlFreeHeap
NtSetEvent
NtSetInformationProcess
NtOpenProcessToken
RtlSetProcessIsCritical
NtQueryInformationFile
NtSetInformationFile
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
NtWaitForSingleObject
NtQueryDirectoryFile
NtDeleteFile
RtlCopyUnicodeString
NtFilterToken
NtQueryInformationToken
NtSetInformationThread
NtAdjustPrivilegesToken
NtDuplicateToken
NtAccessCheckAndAuditAlarm
NtAccessCheck
NtPrivilegeObjectAuditAlarm
NtPrivilegeCheck
RtlMapGenericMask
RtlSetSecurityObject
NtOpefThreadToken
RtlValidRelativeSecurityDescriptor
RtlQuerySecurityObject
RtlSubAuthoritySid
WinSqmAddToStream
RtlSetControlSecurityDescriptor
NtDeleteKey
NtEnumerateKey
NtDeleteValueKey
NtSetValueKey
NtQueryValueKey
NtOpenKey
NtCreateKey
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
RtlSetEnvironmentVariable
RtlConvertExclusiveToShared
RtlConvertSharedToExclusive
RtlCreateServiceSid
RtlRegisterWait
RtlEqualUnicodeString
RtlGetNtProductType
RtlCopySid
NtUnloadDriver
RtlCompareUnicodeString
NtQueryDirectoryObject
NtOpenDirectoryObject
NtLoadDriver
DbgPrintEx
RtlAdjustPrivilege
RtlExpandEnvironmentStrings_U
RtlInitializeSRWLock
NtOpenFile
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlReleaseSRWLockShared
NtDeleteObjectAuditAlarm
RtlAcquireSRWLockShared
NtFlushKey
RtlAreAllAccessesGranted
NtCloseObjectAuditAlarm
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlDeregisterWait
RtlAcquireResourceShared
RtlInitializeResource
RtlQueueWorkItem
RtlDeleteSecurityObject
RtlReleaseResource
RtlAcquireResourceExclusive
RtlCopyLuid
NtQueryKey
NtShutdownSystem
NtInitializeRegistry
NtSetSystemEnvironmentValue
RtlInitUnicodeString
NtClose
RtlNtStatusToDosError
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
RtlLengthRequiredSid
RtlAddAce
RtlCreateAcl
RtlSetDaclSecurityDescriptor
RtlNewSecurityObject
RtlSetGroupSecurityDescriptor
RtlSetSaclSecurityDescriptor
RtlAllocateHeap
RtlInitializeSid
RtlSubAuthorityCountSid
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlUnicodeStringToAnsiString
EtwGetTraceEnableLevel
EtwGetTraceEnableFlags
EtwRegisterTraceGuidsW
RtlUnicodeStringToInteger

profapi

ord101
ord102
ord105
ord106

api-ms-win-security-lsalookup-l1-1-0

LsaLookupTranslateSids
LsaLookupFreeMemory
LsaLookupClose
LsaLookupManageSidNameMapping
LsaLookupGetDomainInfo
LsaLookupTranslateNames
LsaLookupOpenLocalPolicy

api-ms-win-security-sddl-l1-1-0

ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW

cryptbase

SystemFunction029
SystemFunction005

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
SetUnhandledExceptionFilter
SetErrorMode
UnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
CreateDirectoryW
FindFirstFileW
CreateFaleW
FindClose
FindNextFileW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

api-ms-win-core-heap-l1-1-0

HeapAlloc
HeapFree
HeapCreate
HeapSetInformation

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleW
GetProcAddress
LoadLibraryExW
FreeLibrary
LoadStringW

api-ms-win-core-localregistry-l1-1-0

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegNotifyChangeKeyValue
RegSetKeySecurity
RegGetKeySecurity
RegLoadMUIStringW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-misc-l1-1-0&dll

LocalAlloc
LocalFree
Sleep
IsWow64Process
lstrlenW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

CreateThread
CreateProcessW
TerminateProcess
GetCurrentThreadId
GetProcessId
OpenThreadToken
GetCurrentThread
GetCurrentProcess
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateProcessAsUserW
ResumeThread
OpenProcessToken
GetCurrentProcessId
SetProcessShutdownParameters
ExitThread
SetThreadPriority
GetProcessTimes

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

CompareStringW

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
WaitForMultipleObjectsEx
ResetEvent
OpenEventW
OpenProcess

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetComputerNameExW
GetVersionExW
GetSystemTime

api-ms-win-security-base-l1-1-0

GetSecurityDescriptorDacl
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
EqualSid
AdjustTokenPrivileges
RevertToSelf
ImpersonateLoggedOnUser
CopySid
GetLengthSid
CheckTokenMembership
GetTokenInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
AllocateLocallyUniqueId
AllocateAndInitializeSid
FreeSid
GetKernelObjectSecurity
SetKernelObjectSecurity
AddAccessAllowedAce
SetTokenInformation

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8708d198ce7e83dc953ea2921dc9589f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

sspicli

ntdll

profapi

api-ms-win-security-lsalookup-l1-1-0

api-ms-win-security-sddl-l1-1-0

cryptbase

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-localregistry-l1-1-0

api-ms-win-core-misc-l1-1-0&dll

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-security-base-l1-1-0

Sections

.text Size: 243KB - Virtual size: 242KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 6KB - Virtual size: 5KB

.pdata Size: 11KB - Virtual size: 10KB

.rsrc Size: 19KB - Virtual size: 18KB

.reloc Size: 1024B - Virtual size: 544B

.text
Size: 243KB - Virtual size: 242KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 5KB

.pdata
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 19KB - Virtual size: 18KB

.reloc
Size: 1024B - Virtual size: 544B