323c57534df52f1491e7969e01dd8dc925955e60645c5bee1f647f35b7880000

Sharing

Copy URL Twitter E-mail

General

Target

323c57534df52f1491e7969e01dd8dc925955e60645c5bee1f647f35b7880000
Size

194KB
MD5

bfaeaaf249d64b0a7fd4e7aba68b3fa4
SHA1

f97bb261ab5e40c7e3c6b3da34d52b810b9c07f1
SHA256

323c57534df52f1491e7969e01dd8dc925955e60645c5bee1f647f35b7880000
SHA512

29cc4818f8be53b38e8f751e16a67d52a8a6fe2e6174f01c25799bf1c81edd237beb1e923c78b82bd4a5280113ccdef2efa5ba33c558497180a235a23f9c2c00
SSDEEP

3072:FmFeE13wglKVJRfXyiR9SrCequWxJebGhWRK:FYoVJ91R9SmeBWx0K

Score

N/A

Malware Config

Signatures

Files

323c57534df52f1491e7969e01dd8dc925955e60645c5bee1f647f35b7880000
.dll windows x86

86cfc7b7f7ef8fdded1a7e22e98ff025

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsdup
free
_wfopen
fprintf
wcscpy
wcscat
wcsncmp
wcschr
wcslen
wcsncpy
wcsstr
_except_handler3
wcsncat
wcstol
wcscmp
iswctype
sprintf
swprintf
wcstok
wcsspn
_wcsnicmp
_initterm
_adjust_fdiv
fclose
wcstoul
malloc

ntdll

RtlGUIDFromString
RtlNtStatusToDosError
NtCreateFile
RtlInitUnicodeString
NtDeviceIoControlFile
NtWaitForSingleObject

netcfgx

NetCfgDiagRepairRegistryBindings

netshell

HrRenameConnection

advapi32

RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryValueExW
RegSetValueExA

iphlpapi

GetAdaptersInfo
GetPerAdapterInfo
GetIgmpList
FlushIpNetTableFromStack
NhpAllocateAndGetInterfaceInfoFromStack

kernel32

GetLastError
GetProcAddress
HeapAlloc
ExpandEnvironmentStringsW
CompareStringW
WideCharToMultiByte
GetProcessHeap
CloseHandle
HeapFree
MultiByteToWideChar
GetConsoleOutputCP
DisableThreadLibraryCalls
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
GetSystemTimeAsFileTime
LoadLibraryExW
QueryPerformanceCounter
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
FreeLibrary

mprapi

MprAdminServerConnect
MprAdminIsServiceRunning
MprConfigServerConnect
MprAdminMIBServerDisconnect
MprAdminServerDisconnect
MprConfigServerDisconnect
MprAdminInterfaceCreate
MprConfigInterfaceCreate
MprConfigInterfaceDelete
MprAdminInterfaceDelete
MprAdminInterfaceGetHandle
MprConfigBufferFree
MprConfigInterfaceGetInfo
MprConfigInterfaceGetHandle
MprAdminBufferFree
MprConfigInterfaceEnum
MprAdminInterfaceEnum
MprAdminInterfaceGetInfo
MprConfigInterfaceSetInfo
MprAdminInterfaceSetInfo
MprAdminInterfaceGetCredentials
MprAdminInterfaceSetCredentials
MprAdminInterfaceDisconnect
MprAdminInterfaceConnect
MprAdminMIBBufferFree
MprAdminMIBServerConnect
MprAdminMIBEntryGet

netsh.exe

RegisterHelper
NsGetIfNameFromFriendlyName
MatchEnumTag
MatchTagsInCmdLine
PreprocessCommand
PrintMessage
RegisterContext
FreeQuotedString
FreeString
MakeString
MakeQuotedString
PrintError
RefreshConsole
DisplayMessageToConsole
InitializeConsole
MatchToken
NsGetFriendlyNameFromIfName
PrintMessageFromModule

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoInitialize
CoTaskMemFree
CLSIDFromString
StringFromCLSID

user32

wsprintfW
LoadStringW

ws2_32

htons
closesocket
WSAIoctl
WSAGetLastError
socket
ntohs
inet_ntoa
inet_addr
htonl
WSCEnumProtocols
WSAEnumNameSpaceProvidersW
WSCGetProviderPath
WSAStartup

mswsock

MigrateWinsockConfiguration

Exports

Exports

GetResourceString
InitHelperDll

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86cfc7b7f7ef8fdded1a7e22e98ff025

Headers

File Characteristics

Imports

msvcrt

ntdll

netcfgx

netshell

advapi32

iphlpapi

kernel32

mprapi

netsh.exe

ole32

user32

ws2_32

mswsock

Exports

Exports

Sections

.text Size: 59KB - Virtual size: 58KB

.data Size: 61KB - Virtual size: 62KB

.rsrc Size: 69KB - Virtual size: 69KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 59KB - Virtual size: 58KB

.data
Size: 61KB - Virtual size: 62KB

.rsrc
Size: 69KB - Virtual size: 69KB

.reloc
Size: 3KB - Virtual size: 3KB