878ce0d564d05f2e37c0c648cb4f43af511a8ef795ebc6e7270154794ea5c20f

Sharing

Copy URL Twitter E-mail

General

Target

878ce0d564d05f2e37c0c648cb4f43af511a8ef795ebc6e7270154794ea5c20f
Size

994KB
MD5

e0f01923e866de53f7f69e4cf7a6ef4c
SHA1

055c9f47ed273faf0912dea5b34df05792fd94cd
SHA256

878ce0d564d05f2e37c0c648cb4f43af511a8ef795ebc6e7270154794ea5c20f
SHA512

51768e42722c8a54ec67c7cf0c21cbecd054037367a67095624b5173604d4fba0a5232e6ac76315d6598dfbfe413d2f745ec8980eeb96812e1a7e7d4f7e861c6
SSDEEP

24576:Rs13QWeagWM3BDT11IYM/DN+Zo5nJMtZzH:23QigF3BP11Ip/S

Score

N/A

Malware Config

Signatures

Files

878ce0d564d05f2e37c0c648cb4f43af511a8ef795ebc6e7270154794ea5c20f
.exe windows x86

a41e9827d1f938f317950109105f0796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

winsta

WinStationEnumerateProcesses
ServerLicensingSetPolicy
WinStationDisconnect
WinStationQueryInformationW
WinStationGetAllProcesses
WinStationFreeGAPMemory
ServerLicensingOpenW
WinStationOpenServerW
ServerLicensingGetPolicy
WinStationConnectW
WinStationReset
ServerLicensingGetAvailablePolicyIds
WinStationCloseServer
WinStationNameFromLogonIdW
WinStationFreeMemory
WinStationEnumerateW
LogonIdFromWinStationNameW
ServerLicensingClose

advapi32

LsaNtStatusToWinError
QueryServiceConfigW
RegEnumKeyExA
WmiSetSingleInstanceW
OpenTraceW
SystemFunction040
LsaStorePrivateData
SetKernelObjectSecurity
CreateProcessAsUserW
OpenServiceW
GetUserNameA
AllocateAndInitializeSid
RegisterTraceGuidsA
AddAccessDeniedAce
ReportEventW
InitializeSecurityDescriptor
GetSecurityInfo
GetKernelObjectSecurity
LsaOpenTrustedDomain
StartTraceW
WmiExecuteMethodW
IsValidAcl
SetSecurityInfo

crypt32

CryptDecodeMessage

msvcrt

strncmp
_mbclen
labs
_ultow
_wchdir
_getcwd
printf
_itow
strstr
_beginthread
_wfindnext
_ismbstrail
_endthread
_CIacos
rand
strtol
_beginthreadex
_dup
_getmbcp
_wsplitpath
_callnewh
isspace
srand
fputs

kernel32

GetOverlappedResult
GetLastError
ConvertThreadToFiber
CreateJobObjectW
GetNumberOfConsoleInputEvents
VirtualAlloc
DuplicateHandle
SetConsoleMaximumWindowSize
HeapCreate
GetShortPathNameW
GetCurrentThread
PurgeComm
FindNextFileW
SetProcessAffinityMask
SetErrorMode
FindResourceW
MapViewOfFile
GetCommMask

rpcrt4

RpcServerUseProtseqExW
NdrCStdStubBuffer_Release
RpcServerRegisterIf2
CStdStubBuffer_Invoke
I_RpcSessionStrictContextHandle
NdrAsyncServerCall
RpcServerRegisterIfEx
RpcStringFreeA
RpcBindingFromStringBindingW
UuidCreateNil
IUnknown_AddRef_Proxy
RpcStringBindingParseW
RpcAsyncCompleteCall
CStdStubBuffer_Connect
RpcAsyncGetCallStatus
RpcServerInqBindings
MesDecodeBufferHandleCreate
RpcBindingServerFromClient
IUnknown_QueryInterface_Proxy
RpcMgmtIsServerListening

secur32

AcquireCredentialsHandleW
ApplyControlToken
LsaConnectUntrusted
FreeContextBuffer
AcceptSecurityContext
LsaRegisterPolicyChangeNotification
DecryptMessage
LsaGetLogonSessionData
InitializeSecurityContextW
QueryContextAttributesW
EncryptMessage
QuerySecurityContextToken
LsaCallAuthenticationPackage
LsaLookupAuthenticationPackage
EnumerateSecurityPackagesW
LsaDeregisterLogonProcess
GetComputerObjectNameW
FreeCredentialsHandle
DeleteSecurityContext
LsaLogonUser
InitSecurityInterfaceW
LsaRegisterLogonProcess
LsaUnregisterPolicyChangeNotification
LsaFreeReturnBuffer

ole32

OleQueryCreateFromData
CoUnmarshalInterface
HPALETTE_UserUnmarshal
CreateFileMoniker
HMENU_UserFree
OleLockRunning
OleRegEnumVerbs
CoSwitchCallContext
HICON_UserFree
StgOpenStorage
OleDestroyMenuDescriptor
OleRun
CoMarshalInterThreadInterfaceInStream
CoLockObjectExternal
CoGetClassObject
CoTaskMemRealloc
CreateBindCtx
StringFromGUID2
CoFreeUnusedLibraries
OleCreateStaticFromData
CoReleaseMarshalData
HWND_UserUnmarshal
CoUninitialize
RevokeDragDrop
CoImpersonateClient
OleTranslateAccelerator
CreateOleAdviseHolder
DoDragDrop
CoAddRefServerProcess

Sections

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 527B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 33KB - Virtual size: 446KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 274KB - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 227KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CRT
Size: 241KB - Virtual size: 372KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a41e9827d1f938f317950109105f0796

Headers

DLL Characteristics

File Characteristics

Imports

winsta

advapi32

crypt32

msvcrt

kernel32

rpcrt4

secur32

ole32

Sections

.data Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 527B

.idata Size: 2KB - Virtual size: 1KB

.text Size: 33KB - Virtual size: 446KB

.idata Size: 274KB - Virtual size: 403KB

.idata Size: 227KB - Virtual size: 378KB

CRT Size: 241KB - Virtual size: 372KB

.rsrc Size: 212KB - Virtual size: 211KB

.reloc Size: 1024B - Virtual size: 304B

.data
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 527B

.idata
Size: 2KB - Virtual size: 1KB

.text
Size: 33KB - Virtual size: 446KB

.idata
Size: 274KB - Virtual size: 403KB

.idata
Size: 227KB - Virtual size: 378KB

CRT
Size: 241KB - Virtual size: 372KB

.rsrc
Size: 212KB - Virtual size: 211KB

.reloc
Size: 1024B - Virtual size: 304B