e26d011b5b7650dbe5d4ea968a76556bebef25a506a620da724eaaaff3b83864

Sharing

Copy URL Twitter E-mail

General

Target

e26d011b5b7650dbe5d4ea968a76556bebef25a506a620da724eaaaff3b83864
Size

228KB
MD5

cd2adadb8b81c53cb6897c2797e13e31
SHA1

84d0871884c66e7e0ce34bd0bcc3e564bb7af3da
SHA256

e26d011b5b7650dbe5d4ea968a76556bebef25a506a620da724eaaaff3b83864
SHA512

0ed561a2962ba82eb68670cd0eefd100cfdb65afdba0c4fbd335b99590b7e1b2bdf30eb0a0e57bfa35aefb9b2f8636f93a1e8c95e02b753a990ffd0f3fc4ace0
SSDEEP

6144:eHU2wMskthmaEK0L4QO6fIzQuQYGECotqlLK//++aOsUwNqfE/MvqBQ:eUn0L08Qf/uac/++aOQNqE/Mv

Score

N/A

Malware Config

Signatures

Files

e26d011b5b7650dbe5d4ea968a76556bebef25a506a620da724eaaaff3b83864
.exe windows x86

73482af13e9acd0836fd217a144ed784

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LsaClose
LsaFreeMemory
LsaLookupSids
LsaOpenPolicy
LsaLookupNames
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegEnumValueW
LsaQueryInformationPolicy
SetServiceStatus
I_ScSetServiceBitsW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW
CreatePrivateObjectSecurity
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
DestroyPrivateObjectSecurity
IsValidSecurityDescriptor
AccessCheckAndAuditAlarmW
LookupAccountNameW

kernel32

LocalAlloc
LocalFree
GetLastError
GetVolumeInformationW
Sleep
FindFirstFileW
FindClose
FindNextFileW
ReleaseMutex
WaitForSingleObject
LocalReAlloc
WriteFile
ReadFile
CloseHandle
SetLastError
SetEndOfFile
SetFilePointer
CreateFileW
DeleteFileW
SetFileAttributesW
CopyFileW
GetSystemDirectoryW
GetComputerNameW
CreateMutexW
CreateEventW
GetModuleHandleW
SetEvent
ExitProcess
GetCurrentProcess
GlobalFree
GlobalAlloc
CreateThread
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeA
GetStringTypeW
RtlUnwind
InterlockedExchange
VirtualQuery
LCMapStringA
LCMapStringW
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
VirtualProtect
GetSystemInfo
GetLocaleInfoA

secur32

LsaCallAuthenticationPackage
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaDeregisterLogonProcess

netapi32

NetUserGetInfo
DsGetDcNameW
NetApiBufferFree

ntdll

RtlAdjustPrivilege
NtLoadDriver
NtFsControlFile
RtlUnicodeStringToOemString
RtlFreeAnsiString
RtlAllocateAndInitializeSid
RtlFreeSid
RtlLengthSid
RtlEqualUnicodeString
RtlGetNtProductType
RtlSubAuthorityCountSid
RtlLengthRequiredSid
RtlCopySid
RtlSubAuthoritySid
RtlInitUnicodeString
NtOpenFile
NtQuerySecurityObject
NtClose
RtlSelfRelativeToAbsoluteSD2
NtQueryInformationFile
RtlNtStatusToDosError
RtlInitString
NtDeviceIoControlFile
RtlEqualSid
NtUnloadDriver

rpcrt4

I_RpcMapWin32Status
RpcRevertToSelf
RpcServerRegisterIfEx
RpcImpersonateClient
RpcServerUseProtseqEpW
RpcServerUnregisterIf
RpcMgmtStopServerListening
RpcServerListen
NdrServerCall2

samlib

SamChangePasswordUser2
SamQueryInformationDomain
SamOpenDomain
SamOpenUser
SamQueryInformationUser
SamCloseHandle
SamFreeMemory
SamLookupNamesInDomain
SamiChangePasswordUser2
SamiOemChangePasswordUser2
SamConnect

user32

LoadStringW

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 164KB - Virtual size: 428KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73482af13e9acd0836fd217a144ed784

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

secur32

netapi32

ntdll

rpcrt4

samlib

user32

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 1KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.vmp0 Size: 164KB - Virtual size: 428KB

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 1KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB

.vmp0
Size: 164KB - Virtual size: 428KB